Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/AjeQINs2apqYvV7jiijQPKin_oo.roa
File: AjeQINs2apqYvV7jiijQPKin_oo.roa (raw, json)
Hash identifier: kYMQsGENmh3vLCsV0CzysoyXe6FpZ/NAF/g4Wsbafxg=
Subject key identifier: 02:37:90:20:DB:36:6A:9A:98:BD:5E:E3:8A:28:D0:3C:A8:A7:FE:8A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6CB4
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/AjeQINs2apqYvV7jiijQPKin_oo.roa
Signing time: Mon 16 Jun 2025 23:26:16 +0000
ROA not before: Mon 16 Jun 2025 23:26:16 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27828 (0x6cb4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 16 23:26:16 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=02379020DB366A9A98BD5EE38A28D03CA8A7FE8A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:a7:dd:d4:d4:dc:87:60:18:8b:a3:08:99:60:
c0:23:47:c0:4a:c9:b5:09:f0:5a:83:67:4d:06:a9:
b8:8e:de:02:b5:e3:f4:ca:a6:42:31:ea:2b:82:b1:
70:b4:25:29:37:7a:9e:1b:40:83:90:a1:e4:52:de:
34:f0:ff:ee:c7:35:cc:8b:ab:25:88:0d:5e:80:65:
09:3a:37:fc:e2:87:17:b5:1a:01:ca:80:8c:6f:52:
6e:12:f9:63:2b:0f:c9:d0:7b:f6:57:12:23:40:4b:
b2:ab:29:37:dc:2a:1b:24:3b:7d:4c:f0:da:10:e7:
73:7e:3b:f2:94:ef:1d:71:ac:cc:fc:fd:ba:8e:7b:
be:2f:b4:82:20:ff:56:d1:d1:de:2b:28:fe:50:72:
ef:4c:4d:65:39:38:08:db:72:8a:76:01:bb:84:c4:
32:74:ea:cc:44:08:3f:36:f0:5e:e5:51:8a:86:65:
24:f2:27:ce:69:f0:c5:1c:6c:48:9f:42:16:39:7f:
79:d0:35:91:26:ca:c0:0c:ad:ff:d4:ff:95:f9:5b:
1a:22:2a:14:33:0f:ad:7d:bb:69:c6:8a:8a:23:9f:
07:5b:9d:4a:2f:08:4a:9c:09:32:3d:62:a8:d0:58:
ed:f4:c0:81:95:c7:51:aa:7b:ea:8e:a7:7f:ed:0e:
91:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:37:90:20:DB:36:6A:9A:98:BD:5E:E3:8A:28:D0:3C:A8:A7:FE:8A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/AjeQINs2apqYvV7jiijQPKin_oo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
6d:61:31:1d:ce:90:73:c6:f4:c8:01:ef:a6:98:15:10:e2:e5:
21:82:91:08:a8:97:73:6c:48:ce:e9:21:76:fe:51:ef:2b:f3:
7e:7f:83:46:b5:70:31:88:12:0b:b0:bc:ed:f0:3a:31:72:b0:
b1:32:ae:67:60:88:3b:5e:78:b9:8c:74:49:fa:7e:db:96:cd:
6d:72:97:98:1d:b8:9f:d0:af:c7:51:13:cc:6b:a8:bb:f9:6e:
28:04:32:0a:91:a6:50:5f:be:aa:7a:0c:7c:b2:78:96:3d:1a:
77:2c:49:8d:70:46:04:b4:a1:68:d9:83:d3:3f:57:3e:e3:f5:
34:ca:93:e3:bb:21:93:28:07:ad:62:f1:d0:0f:ac:e5:ba:a4:
66:95:44:07:8f:be:cf:08:23:96:b0:59:19:f4:ed:ca:0e:a9:
44:06:13:06:92:39:38:fd:50:4f:85:d1:6e:1e:a4:ba:39:bb:
4e:88:60:0a:ae:8b:fe:d8:60:db:18:90:d1:cc:7b:dc:b7:9a:
f9:7d:97:14:ec:67:61:5d:cb:b5:19:77:e7:36:76:90:98:00:
24:3e:f9:4f:bf:f2:bc:4d:72:52:85:6b:2d:af:80:b5:5e:ff:
a1:30:e7:1c:1a:0c:bf:f4:a0:29:4d:cb:d9:35:19:3d:e5:64:
95:ae:b8:06
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbLQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTYy
MzI2MTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDAyMzc5MDIwREIzNjZB
OUE5OEJENUVFMzhBMjhEMDNDQThBN0ZFOEEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDGp93U1NyHYBiLowiZYMAjR8BKybUJ8FqDZ00GqbiO3gK14/TK
pkIx6iuCsXC0JSk3ep4bQIOQoeRS3jTw/+7HNcyLqyWIDV6AZQk6N/zihxe1GgHK
gIxvUm4S+WMrD8nQe/ZXEiNAS7KrKTfcKhskO31M8NoQ53N+O/KU7x1xrMz8/bqO
e74vtIIg/1bR0d4rKP5Qcu9MTWU5OAjbcop2AbuExDJ06sxECD828F7lUYqGZSTy
J85p8MUcbEifQhY5f3nQNZEmysAMrf/U/5X5WxoiKhQzD619u2nGioojnwdbnUov
CEqcCTI9YqjQWO30wIGVx1Gqe+qOp3/tDpGHAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUAjeQINs2apqYvV7jiijQPKin/oowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0FqZVFJTnMyYXBxWXZW
N2ppaWpRUEtpbl9vby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBtYTEd
zpBzxvTIAe+mmBUQ4uUhgpEIqJdzbEjO6SF2/lHvK/N+f4NGtXAxiBILsLzt8Dox
crCxMq5nYIg7Xni5jHRJ+n7bls1tcpeYHbif0K/HURPMa6i7+W4oBDIKkaZQX76q
egx8sniWPRp3LEmNcEYEtKFo2YPTP1c+4/U0ypPjuyGTKAetYvHQD6zluqRmlUQH
j77PCCOWsFkZ9O3KDqlEBhMGkjk4/VBPhdFuHqS6ObtOiGAKrov+2GDbGJDRzHvc
t5r5fZcU7GdhXcu1GXfnNnaQmAAkPvlPv/K8TXJShWstr4C1Xv+hMOccGgy/9KAp
TcvZNRk95WSVrrgG
-----END CERTIFICATE-----
Generated at Sun Jul 20 19:09:32 2025 by rpki-client