Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/HSjwhDFpRJCIEAtVqMg2Hzj7MxE.roa
File: HSjwhDFpRJCIEAtVqMg2Hzj7MxE.roa (raw, json)
Hash identifier: R5czTnqIaig7i8I0gQcRWIQzwQKn6iRB+Jy/4qPKuxY=
Subject key identifier: 1D:28:F0:84:31:69:44:90:88:10:0B:55:A8:C8:36:1F:38:FB:33:11
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6DC8
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/HSjwhDFpRJCIEAtVqMg2Hzj7MxE.roa
Signing time: Fri 20 Jun 2025 07:16:23 +0000
ROA not before: Fri 20 Jun 2025 07:16:23 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28104 (0x6dc8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 20 07:16:23 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=1D28F0843169449088100B55A8C8361F38FB3311
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:7d:6c:29:03:e2:fa:40:72:b4:47:71:cb:44:
f4:39:6a:a8:21:4e:3e:14:c4:bf:55:7c:e3:14:6f:
4d:2e:ea:cb:d7:79:c7:ec:9b:72:27:8e:45:59:dc:
bd:b0:11:e7:9d:84:70:1d:ee:3e:d3:f1:a3:1f:04:
ca:28:f9:64:f8:ad:1e:d1:8c:39:ae:8c:35:fc:aa:
e8:85:5c:9a:60:03:0a:21:ef:24:67:b5:0b:d9:4c:
7a:ae:1b:62:1a:de:48:ef:88:06:78:84:7b:0e:8b:
9b:ee:f7:f8:02:c6:60:ce:fa:4d:11:20:cf:cf:73:
f7:d7:ea:89:09:20:ac:5c:e8:69:02:87:24:84:1e:
6b:c6:41:b5:99:72:1a:bc:22:71:49:8d:13:4a:f8:
23:f6:e8:ca:4c:9a:3b:4d:e5:6e:3c:f0:f8:e5:42:
5c:ce:66:a9:b0:c8:ed:71:35:3a:60:fd:29:03:a4:
9a:c3:65:e9:66:9e:c2:50:ee:15:1a:d4:6e:d8:60:
66:8e:1a:ac:13:c9:00:f0:b5:77:1a:06:d2:1d:da:
4c:39:e4:82:ff:79:95:c4:64:e5:35:10:c3:83:65:
42:41:90:4c:65:71:f2:1a:b1:f7:3f:e3:e1:61:b4:
ad:1c:9c:d3:0d:a8:c5:c8:ea:11:1c:80:1d:3f:e1:
32:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:28:F0:84:31:69:44:90:88:10:0B:55:A8:C8:36:1F:38:FB:33:11
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/HSjwhDFpRJCIEAtVqMg2Hzj7MxE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
0c:27:5e:29:6c:cd:a9:02:66:96:f9:e5:3f:8a:81:5e:ea:ee:
e5:77:7f:49:14:11:d0:71:3d:7d:43:da:11:34:03:f6:e4:ca:
97:7b:aa:55:04:e8:be:70:ab:65:76:fa:fc:4e:ad:f2:fd:64:
38:74:9f:af:1e:48:2d:5b:6b:ac:8b:aa:ac:53:7e:8c:59:a1:
02:ce:db:27:29:03:7c:83:18:cd:a0:1d:51:ec:3a:5b:0c:3e:
55:d1:92:75:7b:fc:b4:87:ae:63:b2:35:4e:cf:d5:1d:2d:34:
a7:b1:ba:e8:31:71:a9:15:6d:f2:35:36:f4:f0:77:f0:1e:01:
2b:2c:3a:d5:77:46:01:e2:4c:20:36:44:43:15:32:47:57:10:
ea:28:d0:08:b3:90:b7:cf:6e:22:e0:51:43:44:ea:60:57:9a:
5d:60:51:8c:f8:e7:87:f7:9c:a1:9a:d9:ca:a3:41:14:ca:99:
86:5b:64:ea:26:8a:e7:dc:a9:10:31:4e:30:59:f9:5d:82:be:
14:24:61:6a:63:f9:8a:32:8e:46:93:e0:52:8e:b2:77:f5:e1:
48:e7:d0:08:ed:99:8c:6a:2b:af:8a:5c:b7:82:0e:83:40:35:
e0:e2:a5:d9:42:fe:b5:86:be:7c:3f:32:53:6c:69:97:0a:ca:
a8:2b:72:3a
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbcgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjAw
NzE2MjNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDFEMjhGMDg0MzE2OTQ0
OTA4ODEwMEI1NUE4QzgzNjFGMzhGQjMzMTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCufWwpA+L6QHK0R3HLRPQ5aqghTj4UxL9VfOMUb00u6svXecfs
m3InjkVZ3L2wEeedhHAd7j7T8aMfBMoo+WT4rR7RjDmujDX8quiFXJpgAwoh7yRn
tQvZTHquG2Ia3kjviAZ4hHsOi5vu9/gCxmDO+k0RIM/Pc/fX6okJIKxc6GkChySE
HmvGQbWZchq8InFJjRNK+CP26MpMmjtN5W488PjlQlzOZqmwyO1xNTpg/SkDpJrD
ZelmnsJQ7hUa1G7YYGaOGqwTyQDwtXcaBtId2kw55IL/eZXEZOU1EMODZUJBkExl
cfIasfc/4+FhtK0cnNMNqMXI6hEcgB0/4TJPAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUHSjwhDFpRJCIEAtVqMg2Hzj7MxEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0hTandoREZwUkpDSUVB
dFZxTWcySHpqN014RS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAMJ14p
bM2pAmaW+eU/ioFe6u7ld39JFBHQcT19Q9oRNAP25MqXe6pVBOi+cKtldvr8Tq3y
/WQ4dJ+vHkgtW2usi6qsU36MWaECztsnKQN8gxjNoB1R7DpbDD5V0ZJ1e/y0h65j
sjVOz9UdLTSnsbroMXGpFW3yNTb08HfwHgErLDrVd0YB4kwgNkRDFTJHVxDqKNAI
s5C3z24i4FFDROpgV5pdYFGM+OeH95yhmtnKo0EUypmGW2TqJorn3KkQMU4wWfld
gr4UJGFqY/mKMo5Gk+BSjrJ39eFI59AI7ZmMaiuvily3gg6DQDXg4qXZQv61hr58
PzJTbGmXCsqoK3I6
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:45:02 2025 by rpki-client