Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/HaS_1QupsO8UoJBjGEMq_0qZ_gI.roa
File: HaS_1QupsO8UoJBjGEMq_0qZ_gI.roa (raw, json)
Hash identifier: fLWAIZ3xwVhFGr70whqZOs/vW8xlxemQrU70zz2I02o=
Subject key identifier: 1D:A4:BF:D5:0B:A9:B0:EF:14:A0:90:63:18:43:2A:FF:4A:99:FE:02
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6DA0
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/HaS_1QupsO8UoJBjGEMq_0qZ_gI.roa
Signing time: Thu 19 Jun 2025 17:18:00 +0000
ROA not before: Thu 19 Jun 2025 17:18:00 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28064 (0x6da0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 19 17:18:00 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=1DA4BFD50BA9B0EF14A0906318432AFF4A99FE02
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:8d:93:2b:81:57:d4:64:4f:67:47:6c:ea:bc:
1a:d8:96:9d:1f:a0:e5:cb:ad:74:19:ba:87:37:f6:
63:4f:3f:0a:8d:d5:d8:9b:57:2c:ae:bc:9f:12:d0:
99:41:3b:ac:41:08:46:28:2c:8e:73:99:72:7d:e9:
a3:f3:4e:29:07:0b:ec:b5:72:e4:64:60:e0:9b:80:
6d:e2:b4:f7:ab:d8:e2:a9:39:21:8b:34:17:bb:f0:
f7:4a:fb:c0:cd:3a:99:20:7e:25:2a:39:f3:0e:7d:
c9:89:a4:3e:34:a2:e7:c1:d0:d8:af:d3:dc:40:75:
d4:53:6c:50:79:d7:45:2b:db:69:3d:49:4d:3d:8b:
b8:d7:c3:e5:b8:dc:4e:91:64:e9:ab:8d:6b:64:3e:
16:d5:24:d2:0a:a5:1f:76:94:3c:aa:e8:29:e1:13:
bf:11:e2:e0:f7:fe:25:d9:ac:9f:1b:df:bb:22:ff:
d0:40:e9:d6:a9:79:9d:9d:0e:76:a2:95:9a:d4:1f:
f5:62:e4:d2:a7:30:93:7a:b0:c0:88:61:70:b6:ac:
0d:2a:52:3e:4c:8c:87:1c:a3:0d:73:87:1e:00:f7:
63:49:cf:34:61:8e:3d:79:c9:af:e8:e4:d2:5f:65:
c2:57:2b:b2:b5:cb:b4:60:2c:d7:81:69:05:ff:e4:
d5:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:A4:BF:D5:0B:A9:B0:EF:14:A0:90:63:18:43:2A:FF:4A:99:FE:02
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/HaS_1QupsO8UoJBjGEMq_0qZ_gI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
40:bb:58:76:cb:15:9b:d1:5b:2b:4b:90:cc:e8:f0:9c:58:c1:
8b:ed:12:3f:44:50:0a:07:0f:3c:aa:a5:aa:d5:4c:67:7a:9c:
5a:bb:d5:6f:e7:e4:a7:b8:88:1e:34:3b:53:18:2c:26:d6:61:
52:06:d4:2d:3b:93:01:8b:34:21:e7:63:8b:b8:54:93:3e:e5:
89:7f:8d:06:86:4f:27:fb:88:1b:bd:6d:13:41:c2:f1:dc:e0:
04:7a:00:3f:59:20:e6:85:c9:fe:8e:b0:20:75:41:79:c3:b6:
57:10:21:3d:e9:1a:b1:ea:7e:30:90:3e:06:d9:e6:b6:f4:6f:
8f:9d:48:e0:45:4e:aa:a0:18:8f:7a:2d:4d:47:50:70:1d:b1:
94:32:ad:de:34:36:ff:aa:f4:d6:9b:65:b1:bd:25:90:b0:55:
63:0a:d9:73:9f:be:74:0b:88:d4:23:dc:f2:a1:09:e7:25:cc:
ab:85:2c:52:cb:7a:60:9a:49:8b:1d:07:3b:fb:4f:f1:32:8b:
4e:b0:74:79:0f:5b:45:76:bd:a3:f1:fa:6b:61:f7:63:d5:c5:
b3:63:8a:0c:16:76:c0:7b:ca:40:33:fc:a0:8d:35:2b:9b:40:
62:78:c2:a7:ba:9b:f9:c7:0f:ad:a4:28:fc:6d:dd:81:93:68:
21:97:c6:6d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbaAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTkx
NzE4MDBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDFEQTRCRkQ1MEJBOUIw
RUYxNEEwOTA2MzE4NDMyQUZGNEE5OUZFMDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCjZMrgVfUZE9nR2zqvBrYlp0foOXLrXQZuoc39mNPPwqN1dib
VyyuvJ8S0JlBO6xBCEYoLI5zmXJ96aPzTikHC+y1cuRkYOCbgG3itPer2OKpOSGL
NBe78PdK+8DNOpkgfiUqOfMOfcmJpD40oufB0Niv09xAddRTbFB510Ur22k9SU09
i7jXw+W43E6RZOmrjWtkPhbVJNIKpR92lDyq6CnhE78R4uD3/iXZrJ8b37si/9BA
6dapeZ2dDnailZrUH/Vi5NKnMJN6sMCIYXC2rA0qUj5MjIccow1zhx4A92NJzzRh
jj15ya/o5NJfZcJXK7K1y7RgLNeBaQX/5NU1AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUHaS/1QupsO8UoJBjGEMq/0qZ/gIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0hhU18xUXVwc084VW9K
QmpHRU1xXzBxWl9nSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBAu1h2
yxWb0VsrS5DM6PCcWMGL7RI/RFAKBw88qqWq1Uxnepxau9Vv5+SnuIgeNDtTGCwm
1mFSBtQtO5MBizQh52OLuFSTPuWJf40Ghk8n+4gbvW0TQcLx3OAEegA/WSDmhcn+
jrAgdUF5w7ZXECE96Rqx6n4wkD4G2ea29G+PnUjgRU6qoBiPei1NR1BwHbGUMq3e
NDb/qvTWm2WxvSWQsFVjCtlzn750C4jUI9zyoQnnJcyrhSxSy3pgmkmLHQc7+0/x
MotOsHR5D1tFdr2j8fprYfdj1cWzY4oMFnbAe8pAM/ygjTUrm0BieMKnupv5xw+t
pCj8bd2Bk2ghl8Zt
-----END CERTIFICATE-----
Generated at Sun Jul 20 16:34:50 2025 by rpki-client