Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/B2_OoBNhNpLkrkKC8XF-5TSk_Rs.roa
File: B2_OoBNhNpLkrkKC8XF-5TSk_Rs.roa (raw, json)
Hash identifier: BcL5R0sdVyNwYGA68tP/ugvkjyP8MvElPdMs7wfAU4Y=
Subject key identifier: 07:6F:CE:A0:13:61:36:92:E4:AE:42:82:F1:71:7E:E5:34:A4:FD:1B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 76F0
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/B2_OoBNhNpLkrkKC8XF-5TSk_Rs.roa
Signing time: Mon 14 Jul 2025 12:11:47 +0000
ROA not before: Mon 14 Jul 2025 12:11:47 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30448 (0x76f0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 14 12:11:47 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=076FCEA013613692E4AE4282F1717EE534A4FD1B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:6e:3b:bd:b5:ea:86:c0:48:2e:1e:5c:90:fb:
09:6a:53:d1:01:0b:48:0a:f9:a2:73:47:25:d8:7f:
61:74:99:79:4b:9d:91:c4:e4:2a:90:77:26:47:71:
e9:bc:15:88:92:17:ee:e1:50:75:37:bc:f7:29:a9:
48:e1:bc:fb:e7:75:f9:f8:89:54:33:00:e9:ff:31:
29:29:96:af:0c:3e:93:96:6d:97:95:1e:08:8f:21:
83:b8:4e:f8:69:00:ed:ea:35:b8:d7:65:53:4f:f7:
23:6e:a8:21:a0:93:e0:a1:71:85:ce:dc:6f:8c:64:
fc:3b:f0:02:11:a6:d4:21:ed:3b:10:be:88:dc:47:
36:70:3b:21:98:49:e5:07:2c:4c:45:05:66:08:c7:
ec:5e:84:36:ba:64:5d:f8:51:c7:0d:28:08:ca:e7:
92:92:6b:3a:94:a3:07:ff:2b:cd:73:e5:c7:ca:81:
22:fc:93:80:f4:b7:c7:22:4e:02:ca:0e:5e:9c:ca:
69:e5:b8:02:bf:8f:74:f9:c9:1e:a9:7e:f3:d7:e7:
53:da:21:ac:82:74:b0:4a:5d:60:47:ba:39:65:a6:
04:1a:c0:58:f1:45:a1:5f:36:d3:65:00:e3:05:a0:
e0:b8:cf:e5:a2:a1:2c:f6:cf:a3:36:18:cb:45:dc:
56:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
07:6F:CE:A0:13:61:36:92:E4:AE:42:82:F1:71:7E:E5:34:A4:FD:1B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/B2_OoBNhNpLkrkKC8XF-5TSk_Rs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
3a:68:08:0a:2f:71:79:60:10:c4:08:02:06:ef:b4:4a:3c:0f:
23:ee:4a:0e:e9:14:e4:83:10:64:9d:ec:40:bc:5a:c4:35:2c:
16:86:f2:2b:59:f1:f5:e5:75:4e:6f:de:ce:a2:78:96:55:26:
fc:33:c7:67:8e:70:98:94:8a:a0:e3:08:67:39:12:fe:8c:39:
b1:70:88:6e:31:96:a2:5d:9a:04:b6:9d:ac:98:9b:d8:cb:bb:
82:61:85:29:cb:ff:a1:f0:1d:bc:52:8b:c9:e2:6c:07:eb:b2:
e5:c3:6c:ae:b1:8c:23:60:74:89:30:fc:c3:b9:48:1b:76:42:
c5:da:dd:a7:61:47:d3:e8:4f:4d:45:70:e1:46:7f:73:24:c3:
b3:0c:57:86:a6:3b:48:8a:aa:be:ec:94:0c:23:72:fb:c2:48:
2e:09:b0:e7:dd:ac:b8:69:dd:0e:eb:9d:b1:7a:21:38:3f:23:
ae:72:18:cd:11:26:73:b9:d3:fc:bb:33:ab:11:26:05:6c:e6:
be:a3:fd:fa:11:d2:ca:a9:f2:1e:2f:82:56:e9:4c:90:dd:3b:
8a:fe:21:34:9f:01:4c:6d:23:36:97:1e:40:d8:41:e5:a6:1a:
73:1a:7d:09:b1:d4:61:ac:8e:83:fd:c2:9b:bd:1c:c3:a6:a1:
14:38:a9:45
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdvAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTQx
MjExNDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDA3NkZDRUEwMTM2MTM2
OTJFNEFFNDI4MkYxNzE3RUU1MzRBNEZEMUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDRbju9teqGwEguHlyQ+wlqU9EBC0gK+aJzRyXYf2F0mXlLnZHE
5CqQdyZHcem8FYiSF+7hUHU3vPcpqUjhvPvndfn4iVQzAOn/MSkplq8MPpOWbZeV
HgiPIYO4TvhpAO3qNbjXZVNP9yNuqCGgk+ChcYXO3G+MZPw78AIRptQh7TsQvojc
RzZwOyGYSeUHLExFBWYIx+xehDa6ZF34UccNKAjK55KSazqUowf/K81z5cfKgSL8
k4D0t8ciTgLKDl6cymnluAK/j3T5yR6pfvPX51PaIayCdLBKXWBHujllpgQawFjx
RaFfNtNlAOMFoOC4z+WioSz2z6M2GMtF3FabAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUB2/OoBNhNpLkrkKC8XF+5TSk/RswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0IyX09vQk5oTnBMa3Jr
S0M4WEYtNVRTa19Scy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA6aAgK
L3F5YBDECAIG77RKPA8j7koO6RTkgxBknexAvFrENSwWhvIrWfH15XVOb97OoniW
VSb8M8dnjnCYlIqg4whnORL+jDmxcIhuMZaiXZoEtp2smJvYy7uCYYUpy/+h8B28
UovJ4mwH67Llw2yusYwjYHSJMPzDuUgbdkLF2t2nYUfT6E9NRXDhRn9zJMOzDFeG
pjtIiqq+7JQMI3L7wkguCbDn3ay4ad0O652xeiE4PyOuchjNESZzudP8uzOrESYF
bOa+o/36EdLKqfIeL4JW6UyQ3TuK/iE0nwFMbSM2lx5A2EHlphpzGn0JsdRhrI6D
/cKbvRzDpqEUOKlF
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:32:54 2025 by rpki-client