Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/APa2eaG7RHqouiuU13VUn91ML84.roa
File: APa2eaG7RHqouiuU13VUn91ML84.roa (raw, json)
Hash identifier: Ii2lPMqCYZa49TZxJQpPqkJnTOkwOz8PP4ISPsvg3Fg=
Subject key identifier: 00:F6:B6:79:A1:BB:44:7A:A8:BA:2B:94:D7:75:54:9F:DD:4C:2F:CE
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6C8E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/APa2eaG7RHqouiuU13VUn91ML84.roa
Signing time: Mon 16 Jun 2025 13:42:22 +0000
ROA not before: Mon 16 Jun 2025 13:42:22 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27790 (0x6c8e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 16 13:42:22 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=00F6B679A1BB447AA8BA2B94D775549FDD4C2FCE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:b5:e1:08:30:3d:7a:41:90:33:67:6c:88:d0:
a1:5c:42:39:2d:45:ee:90:e6:d4:15:35:b3:98:dc:
86:3d:8a:f0:85:ae:ce:ff:0a:4d:7a:8d:10:fd:ab:
be:bc:9f:43:75:02:11:85:da:91:fc:bb:79:6b:bc:
5f:66:4c:d3:01:8a:0f:07:5c:3e:21:8a:8c:4b:5a:
bb:c0:5e:e3:a6:66:c2:0a:f1:f2:e8:ba:19:13:94:
de:6d:e9:ab:d8:1a:0f:15:cf:65:0a:66:9b:21:b1:
88:de:cc:6a:d0:c1:7a:d3:06:b7:e6:2c:52:64:b8:
a3:05:0c:ee:5f:da:11:9c:f5:bf:88:8e:9d:9e:22:
f4:c4:f8:a1:7d:43:3c:b0:e9:56:b8:30:48:84:a3:
84:7f:0f:e7:79:b1:23:f0:08:d8:4a:7f:d1:60:4a:
0d:96:1c:f0:23:b6:d5:78:21:14:95:0c:3c:a7:47:
40:89:a1:47:2a:8e:c4:d4:38:70:bc:13:4b:1f:7d:
8a:70:2a:31:92:21:f5:f2:76:11:8e:cd:eb:46:0c:
d5:45:0d:df:bb:ef:4c:9e:db:9e:19:6a:1b:be:47:
d0:f8:9a:e2:7a:36:30:88:c8:a3:59:e8:a6:83:20:
a3:02:f8:8c:7f:72:5f:73:ee:9f:6b:3c:8f:ac:ea:
9a:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:F6:B6:79:A1:BB:44:7A:A8:BA:2B:94:D7:75:54:9F:DD:4C:2F:CE
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/APa2eaG7RHqouiuU13VUn91ML84.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
bc:52:2f:51:1c:e2:e2:3d:37:d0:e7:d3:d1:8c:3d:19:7c:c4:
ae:06:ae:7b:d3:47:a8:b9:dc:23:0a:1a:5e:78:d2:22:cd:a6:
f5:1b:3f:0c:f6:a2:e7:06:1b:c8:eb:35:45:22:9f:5b:7a:32:
8e:5a:c9:6a:0e:35:70:8b:da:aa:82:87:a4:59:eb:86:0d:24:
b0:ff:67:4f:63:c5:f5:bf:bc:31:ce:21:95:73:33:2a:84:82:
d6:29:47:a5:3b:b4:fe:f2:64:cf:ca:d9:1c:14:b8:2b:cc:90:
78:47:34:9e:81:0a:aa:7f:23:44:3c:93:98:bd:e3:1b:e5:8b:
cb:81:7e:0c:a4:c2:15:5b:aa:6d:51:63:94:08:df:fe:57:28:
e0:10:3f:2f:a9:55:60:5c:47:65:60:31:b5:81:a0:f4:9f:57:
0e:14:f9:2e:70:0a:f3:2c:dc:74:d9:51:73:c8:8b:fc:1f:20:
d8:fa:64:dc:41:12:02:72:dd:88:b1:4f:5e:fd:27:27:98:5d:
c3:b9:b6:00:5d:50:1f:77:16:62:b2:90:67:cc:7f:01:1f:6a:
f4:69:1f:40:3c:8d:8f:33:82:f4:42:87:47:9b:34:33:9b:eb:
a5:58:eb:a8:6e:bb:26:64:1a:50:5b:86:0e:70:d4:e1:8a:fb:
b9:da:96:9d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbI4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTYx
MzQyMjJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDAwRjZCNjc5QTFCQjQ0
N0FBOEJBMkI5NEQ3NzU1NDlGREQ0QzJGQ0UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDiteEIMD16QZAzZ2yI0KFcQjktRe6Q5tQVNbOY3IY9ivCFrs7/
Ck16jRD9q768n0N1AhGF2pH8u3lrvF9mTNMBig8HXD4hioxLWrvAXuOmZsIK8fLo
uhkTlN5t6avYGg8Vz2UKZpshsYjezGrQwXrTBrfmLFJkuKMFDO5f2hGc9b+Ijp2e
IvTE+KF9Qzyw6Va4MEiEo4R/D+d5sSPwCNhKf9FgSg2WHPAjttV4IRSVDDynR0CJ
oUcqjsTUOHC8E0sffYpwKjGSIfXydhGOzetGDNVFDd+770ye254Zahu+R9D4muJ6
NjCIyKNZ6KaDIKMC+Ix/cl9z7p9rPI+s6poZAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUAPa2eaG7RHqouiuU13VUn91ML84wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0FQYTJlYUc3Ukhxb3Vp
dVUxM1ZVbjkxTUw4NC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQC8Ui9R
HOLiPTfQ59PRjD0ZfMSuBq5700eoudwjChpeeNIizab1Gz8M9qLnBhvI6zVFIp9b
ejKOWslqDjVwi9qqgoekWeuGDSSw/2dPY8X1v7wxziGVczMqhILWKUelO7T+8mTP
ytkcFLgrzJB4RzSegQqqfyNEPJOYveMb5YvLgX4MpMIVW6ptUWOUCN/+VyjgED8v
qVVgXEdlYDG1gaD0n1cOFPkucArzLNx02VFzyIv8HyDY+mTcQRICct2IsU9e/Scn
mF3DubYAXVAfdxZispBnzH8BH2r0aR9API2PM4L0QodHmzQzm+ulWOuobrsmZBpQ
W4YOcNThivu52pad
-----END CERTIFICATE-----
Generated at Sun Jul 20 16:34:51 2025 by rpki-client