Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/CI4HkqFeJMxxKu0W5Y1qFsUktcc.roa
File: CI4HkqFeJMxxKu0W5Y1qFsUktcc.roa (raw, json)
Hash identifier: dIK+7+VOZ9y1kzTnS+1xxIG9sCgMkAr//79NE5nGz8U=
Subject key identifier: 08:8E:07:92:A1:5E:24:CC:71:2A:ED:16:E5:8D:6A:16:C5:24:B5:C7
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6DBA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/CI4HkqFeJMxxKu0W5Y1qFsUktcc.roa
Signing time: Fri 20 Jun 2025 03:39:45 +0000
ROA not before: Fri 20 Jun 2025 03:39:45 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28090 (0x6dba)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 20 03:39:45 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=088E0792A15E24CC712AED16E58D6A16C524B5C7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:b6:80:f9:66:c2:60:61:1e:72:ab:40:9c:e1:
2a:7f:48:2b:03:52:40:ed:73:e6:21:ff:50:68:f2:
b0:b3:70:59:f4:06:6f:f2:85:16:51:e5:58:89:7d:
86:b9:01:3e:a7:89:61:22:cc:51:44:b2:a9:5a:29:
85:da:e7:ec:12:3f:e8:a9:ca:43:9a:df:f5:92:f2:
e5:5c:9d:d9:5f:61:27:9e:a4:e3:18:30:9d:dd:72:
de:7c:ec:56:32:15:e7:40:15:75:92:72:0b:6f:02:
87:cd:07:47:ad:ff:bc:5e:f9:15:d8:5c:ee:73:22:
1a:31:6f:f6:c2:09:fa:39:8b:bb:8f:53:36:6d:76:
42:91:ff:7d:f6:c0:d0:85:e4:f8:b8:ba:39:98:1e:
6d:ce:36:fd:71:cb:e1:0c:31:9c:5a:02:0a:d2:28:
68:6e:66:2d:10:53:2c:72:cc:3e:9e:2e:9b:d0:b0:
eb:a1:1d:64:10:21:26:1b:94:5c:6d:cf:28:cc:cf:
27:25:47:5e:01:be:ad:73:33:16:37:16:6b:20:e6:
8a:f9:88:85:a4:08:7a:3a:75:ac:29:79:b6:eb:60:
88:37:3f:e9:17:1a:cb:41:06:7b:96:61:bc:c3:79:
2b:96:e0:88:a9:19:c0:02:7e:ac:51:11:f9:8a:be:
7e:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:8E:07:92:A1:5E:24:CC:71:2A:ED:16:E5:8D:6A:16:C5:24:B5:C7
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/CI4HkqFeJMxxKu0W5Y1qFsUktcc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
4e:68:60:1b:5b:c0:2f:60:c5:ef:06:4f:ad:ec:04:e4:23:f8:
ea:37:2d:1b:3c:02:65:2c:3b:16:24:ae:ec:b4:bf:f5:a3:25:
ca:c6:f5:6c:16:6e:c3:fa:45:67:2a:e0:01:f4:18:72:84:c8:
8c:1e:39:0d:ad:e8:ad:71:b8:b9:c4:69:82:43:9e:61:2e:7d:
31:93:62:35:ef:a5:73:9d:4e:a0:4c:4a:cf:81:7c:b6:bd:88:
4f:7b:ab:ce:f1:69:23:57:6e:e9:dd:bd:8a:47:76:57:00:00:
f9:88:be:ab:5f:28:de:9e:2a:f0:93:f4:c8:c1:05:e4:c3:46:
ee:b5:0e:8e:65:5a:30:b4:53:d3:c8:c9:14:02:9f:57:ba:f8:
68:71:ed:95:42:18:51:99:ac:7e:f5:44:5e:21:59:d3:8d:6f:
62:de:6d:96:d3:5b:a6:2b:02:4e:8d:1a:ea:a5:0d:a4:42:dd:
13:27:7c:e0:bc:fc:93:dc:18:63:ba:f4:78:77:42:95:8b:09:
ed:e0:92:bc:76:d9:6e:45:1f:08:94:8d:ab:45:e1:25:82:e5:
ad:68:65:93:cf:01:f4:c3:ba:33:c3:54:c9:b9:b5:6c:95:9f:
cc:7c:69:6e:85:51:00:9f:ba:42:19:e3:d4:a7:8b:53:85:ed:
4a:55:16:7e
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbbowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjAw
MzM5NDVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDA4OEUwNzkyQTE1RTI0
Q0M3MTJBRUQxNkU1OEQ2QTE2QzUyNEI1QzcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDAtoD5ZsJgYR5yq0Cc4Sp/SCsDUkDtc+Yh/1Bo8rCzcFn0Bm/y
hRZR5ViJfYa5AT6niWEizFFEsqlaKYXa5+wSP+ipykOa3/WS8uVcndlfYSeepOMY
MJ3dct587FYyFedAFXWScgtvAofNB0et/7xe+RXYXO5zIhoxb/bCCfo5i7uPUzZt
dkKR/332wNCF5Pi4ujmYHm3ONv1xy+EMMZxaAgrSKGhuZi0QUyxyzD6eLpvQsOuh
HWQQISYblFxtzyjMzyclR14Bvq1zMxY3Fmsg5or5iIWkCHo6dawpebbrYIg3P+kX
GstBBnuWYbzDeSuW4IipGcACfqxREfmKvn5PAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUCI4HkqFeJMxxKu0W5Y1qFsUktccwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0NJNEhrcUZlSk14eEt1
MFc1WTFxRnNVa3RjYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBOaGAb
W8AvYMXvBk+t7ATkI/jqNy0bPAJlLDsWJK7stL/1oyXKxvVsFm7D+kVnKuAB9Bhy
hMiMHjkNreitcbi5xGmCQ55hLn0xk2I176VznU6gTErPgXy2vYhPe6vO8WkjV27p
3b2KR3ZXAAD5iL6rXyjenirwk/TIwQXkw0butQ6OZVowtFPTyMkUAp9Xuvhoce2V
QhhRmax+9UReIVnTjW9i3m2W01umKwJOjRrqpQ2kQt0TJ3zgvPyT3BhjuvR4d0KV
iwnt4JK8dtluRR8IlI2rReElguWtaGWTzwH0w7ozw1TJubVslZ/MfGluhVEAn7pC
GePUp4tThe1KVRZ+
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:38:44 2025 by rpki-client