Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/9AhkLpJVAOBsgqzcLcW4FAa0_5s.roa
File: 9AhkLpJVAOBsgqzcLcW4FAa0_5s.roa (raw, json)
Hash identifier: tVHBau+6G25hiXVLIIo4laUsDbWFXIyq9VjgQksYmsc=
Subject key identifier: F4:08:64:2E:92:55:00:E0:6C:82:AC:DC:2D:C5:B8:14:06:B4:FF:9B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6312
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/9AhkLpJVAOBsgqzcLcW4FAa0_5s.roa
Signing time: Thu 22 May 2025 06:40:48 +0000
ROA not before: Thu 22 May 2025 06:40:48 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25362 (0x6312)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 22 06:40:48 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=F408642E925500E06C82ACDC2DC5B81406B4FF9B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:87:2d:af:dd:f0:a3:ec:e5:1c:3c:e1:d6:12:
93:0c:62:6e:c3:13:a8:8c:93:1f:e3:1a:28:24:dc:
bb:dd:10:1e:fe:ee:44:44:6c:d8:64:79:15:47:a1:
5a:76:30:60:5b:41:59:61:b4:60:a6:03:90:48:10:
3f:5b:0b:4e:2c:a4:26:a1:06:d0:98:ff:fd:16:25:
01:1a:65:7b:82:e7:d5:0e:83:79:01:a8:50:56:1b:
54:f4:9d:1e:19:23:d9:45:b8:c6:2b:1a:19:c6:d0:
8a:0b:55:4a:d2:b9:65:c6:77:f1:9c:5c:72:98:7f:
5e:a6:01:e6:f5:eb:28:1c:5f:0c:16:30:15:a2:ef:
15:6b:12:ec:e2:6b:41:9c:34:ae:56:7b:ba:3a:c4:
64:e6:82:15:1b:d9:45:ba:05:ad:4b:e6:22:70:77:
42:d8:41:5a:64:08:0c:86:8a:10:71:0a:37:fd:d0:
8f:55:c5:ee:0e:56:3b:70:3d:52:ff:21:ac:ff:a9:
b5:ca:8e:3d:82:f6:22:fd:e2:9b:7a:7d:26:11:66:
2f:69:08:4e:d7:f4:64:ce:90:8f:7a:4a:68:73:1b:
f2:d6:04:8d:50:fe:05:3b:e9:77:58:e5:2d:6d:17:
53:ab:fa:e2:77:b2:3d:ae:31:c0:34:01:12:1c:ff:
05:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:08:64:2E:92:55:00:E0:6C:82:AC:DC:2D:C5:B8:14:06:B4:FF:9B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/9AhkLpJVAOBsgqzcLcW4FAa0_5s.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
b9:6b:e3:bd:38:e1:cd:bf:f5:18:8f:0e:06:d1:56:eb:3f:be:
25:44:72:4f:7e:d4:9b:79:8b:ab:ca:0d:bd:2a:39:02:86:65:
cc:8d:f4:06:ae:0b:e8:a7:78:43:38:62:c3:58:1f:64:4a:4f:
6a:9c:b4:7f:0d:fb:ab:c9:bf:95:f9:c9:e1:76:e3:0c:56:4a:
f6:09:89:8c:ab:7e:d1:37:61:b1:c6:c3:2d:6e:8f:d9:04:b9:
ce:21:9e:1e:bd:36:83:d2:01:3a:b2:cc:8c:4a:cc:df:41:30:
39:7b:43:db:7d:d1:1c:b2:38:e6:88:3e:28:67:a6:a3:12:f6:
e1:14:e8:12:73:c7:e0:ee:aa:2a:84:e8:9c:cc:d3:a5:6a:21:
ae:a5:77:74:16:41:c1:56:df:e8:3f:f0:ad:eb:a3:c2:06:52:
63:75:e2:df:e1:c1:43:78:a3:2a:6d:f4:17:dc:af:c5:03:90:
88:9d:5c:9c:b4:d4:e2:8a:b8:37:7f:b6:7a:a0:00:8a:00:93:
c4:48:d5:f7:02:54:7c:53:f4:ae:fe:be:30:23:5d:32:57:99:
34:d9:56:c8:a2:aa:68:0e:69:ef:07:f4:53:bf:b0:d3:d8:bb:
dc:dd:1b:6a:e0:4a:a3:20:22:e3:0c:81:c3:23:bb:34:36:e1:
3e:74:65:cc
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYxIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjIw
NjQwNDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEY0MDg2NDJFOTI1NTAw
RTA2QzgyQUNEQzJEQzVCODE0MDZCNEZGOUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDhhy2v3fCj7OUcPOHWEpMMYm7DE6iMkx/jGigk3LvdEB7+7kRE
bNhkeRVHoVp2MGBbQVlhtGCmA5BIED9bC04spCahBtCY//0WJQEaZXuC59UOg3kB
qFBWG1T0nR4ZI9lFuMYrGhnG0IoLVUrSuWXGd/GcXHKYf16mAeb16ygcXwwWMBWi
7xVrEuzia0GcNK5We7o6xGTmghUb2UW6Ba1L5iJwd0LYQVpkCAyGihBxCjf90I9V
xe4OVjtwPVL/Iaz/qbXKjj2C9iL94pt6fSYRZi9pCE7X9GTOkI96SmhzG/LWBI1Q
/gU76XdY5S1tF1Or+uJ3sj2uMcA0ARIc/wUxAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU9AhkLpJVAOBsgqzcLcW4FAa0/5swHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzlBaGtMcEpWQU9Cc2dx
emNMY1c0RkFhMF81cy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQC5a+O9
OOHNv/UYjw4G0VbrP74lRHJPftSbeYuryg29KjkChmXMjfQGrgvop3hDOGLDWB9k
Sk9qnLR/Dfuryb+V+cnhduMMVkr2CYmMq37RN2GxxsMtbo/ZBLnOIZ4evTaD0gE6
ssyMSszfQTA5e0PbfdEcsjjmiD4oZ6ajEvbhFOgSc8fg7qoqhOiczNOlaiGupXd0
FkHBVt/oP/Ct66PCBlJjdeLf4cFDeKMqbfQX3K/FA5CInVyctNTiirg3f7Z6oACK
AJPESNX3AlR8U/Su/r4wI10yV5k02VbIoqpoDmnvB/RTv7DT2Lvc3Rtq4EqjICLj
DIHDI7s0NuE+dGXM
-----END CERTIFICATE-----
Generated at Thu Jun 5 20:27:53 2025 by rpki-client