Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/C2osyYhnq3z2zk_RkKPzDC_JUFc.roa
File: C2osyYhnq3z2zk_RkKPzDC_JUFc.roa (raw, json)
Hash identifier: kwlWrSNDCfTv9IHSviMM/1dLyLWbh1BO86veU7QOefM=
Subject key identifier: 0B:6A:2C:C9:88:67:AB:7C:F6:CE:4F:D1:90:A3:F3:0C:2F:C9:50:57
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 71AA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/C2osyYhnq3z2zk_RkKPzDC_JUFc.roa
Signing time: Mon 30 Jun 2025 10:15:00 +0000
ROA not before: Mon 30 Jun 2025 10:15:00 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29098 (0x71aa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 30 10:15:00 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=0B6A2CC98867AB7CF6CE4FD190A3F30C2FC95057
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:58:d1:e3:df:9d:e0:2f:57:ec:6e:a7:f6:f2:
98:f4:c3:c1:3d:24:7e:2f:a7:cc:d1:b9:e9:6d:96:
3f:a4:d4:12:f9:bd:e2:c3:66:8f:c7:b2:2e:a6:6a:
a8:d8:5a:ea:f1:26:4b:98:ca:f2:de:15:ed:9d:69:
20:2a:c0:12:ae:54:94:d9:d1:ad:bc:49:fd:bc:0f:
29:dc:7c:11:08:00:47:ea:9d:40:27:91:ce:b2:9f:
68:70:d7:56:ba:33:20:46:0c:c9:de:63:e3:71:ae:
b3:2f:57:0b:e6:6e:94:57:5d:69:44:c3:ad:85:ff:
c7:73:81:5a:c4:5c:59:45:cb:0c:08:4f:e5:38:a7:
19:74:2e:79:99:53:c7:e8:d5:09:35:81:ac:7f:fc:
de:ee:2a:6b:ba:8d:63:59:19:97:79:6a:68:c5:dd:
4f:72:f2:45:90:b5:65:87:e6:26:7c:dc:9c:12:d6:
8d:25:12:0d:8a:7c:b4:a6:68:ab:93:35:c7:cc:b1:
cb:51:68:1a:f6:35:84:65:ae:03:be:b7:88:fe:9a:
21:01:19:94:7f:89:af:40:ee:7a:82:11:e1:f5:69:
58:1d:1e:96:96:cf:9f:f4:40:6e:f5:00:47:94:e7:
55:21:6b:6b:62:0a:d8:bb:10:31:f2:dd:57:c2:9a:
af:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0B:6A:2C:C9:88:67:AB:7C:F6:CE:4F:D1:90:A3:F3:0C:2F:C9:50:57
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/C2osyYhnq3z2zk_RkKPzDC_JUFc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
9f:78:61:36:fe:57:f0:ba:ad:00:80:69:1f:0a:b2:45:e6:ce:
da:16:64:d5:b1:47:d7:a3:38:79:30:32:08:cd:45:a6:79:03:
2b:57:1d:94:bf:54:f6:82:0d:27:5a:7f:f7:d2:71:c2:9f:df:
73:04:8a:77:24:8a:1c:e9:e7:d8:aa:5c:a0:33:55:dd:46:d6:
d2:3f:86:f7:7e:a2:37:20:f3:e3:72:bb:65:1b:b4:01:3e:98:
d7:20:2e:82:f5:14:2c:fe:b8:bd:fa:7f:af:59:7f:dc:7d:40:
7d:7d:80:b4:10:24:5a:fd:02:d9:18:47:d6:fc:b1:8a:ab:b9:
11:dd:e7:50:f3:c0:41:05:d0:dd:7d:1c:0c:82:3c:91:00:ae:
b2:f8:3a:25:cd:5f:5f:85:47:09:f3:7c:84:c4:3e:e6:71:00:
0c:58:ba:21:07:e7:f1:7a:67:db:37:de:87:71:a7:e8:38:af:
c8:0f:a7:3f:54:ba:00:43:25:6e:89:53:ac:57:55:ac:2f:3f:
e7:93:ce:e8:5b:65:28:14:b7:16:4c:ad:4e:de:f7:0e:88:ca:
d7:83:8e:46:de:df:9e:fb:91:19:a9:b0:ac:01:a2:b2:20:66:
9a:a7:8a:85:90:12:c4:f0:4a:6a:87:b4:bd:e8:66:e6:6b:90:
0c:68:57:3c
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcaowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MzAx
MDE1MDBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDBCNkEyQ0M5ODg2N0FC
N0NGNkNFNEZEMTkwQTNGMzBDMkZDOTUwNTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCfWNHj353gL1fsbqf28pj0w8E9JH4vp8zRueltlj+k1BL5veLD
Zo/Hsi6maqjYWurxJkuYyvLeFe2daSAqwBKuVJTZ0a28Sf28DyncfBEIAEfqnUAn
kc6yn2hw11a6MyBGDMneY+NxrrMvVwvmbpRXXWlEw62F/8dzgVrEXFlFywwIT+U4
pxl0LnmZU8fo1Qk1gax//N7uKmu6jWNZGZd5amjF3U9y8kWQtWWH5iZ83JwS1o0l
Eg2KfLSmaKuTNcfMsctRaBr2NYRlrgO+t4j+miEBGZR/ia9A7nqCEeH1aVgdHpaW
z5/0QG71AEeU51Uha2tiCti7EDHy3VfCmq99AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUC2osyYhnq3z2zk/RkKPzDC/JUFcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0Myb3N5WWhucTN6Mnpr
X1JrS1B6RENfSlVGYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCfeGE2
/lfwuq0AgGkfCrJF5s7aFmTVsUfXozh5MDIIzUWmeQMrVx2Uv1T2gg0nWn/30nHC
n99zBIp3JIoc6efYqlygM1XdRtbSP4b3fqI3IPPjcrtlG7QBPpjXIC6C9RQs/ri9
+n+vWX/cfUB9fYC0ECRa/QLZGEfW/LGKq7kR3edQ88BBBdDdfRwMgjyRAK6y+Dol
zV9fhUcJ83yExD7mcQAMWLohB+fxemfbN96HcafoOK/ID6c/VLoAQyVuiVOsV1Ws
Lz/nk87oW2UoFLcWTK1O3vcOiMrXg45G3t+e+5EZqbCsAaKyIGaap4qFkBLE8Epq
h7S96Gbma5AMaFc8
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:34:13 2025 by rpki-client