Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/O0zFM6IpAJhlHD5NByPJrNwT6aU.roa
File: O0zFM6IpAJhlHD5NByPJrNwT6aU.roa (raw, json)
Hash identifier: AhoJYin1quw7BH+E5c5e0p2gLbi+tPYAiZpfoGqflTo=
Subject key identifier: 3B:4C:C5:33:A2:29:00:98:65:1C:3E:4D:07:23:C9:AC:DC:13:E9:A5
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6D46
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/O0zFM6IpAJhlHD5NByPJrNwT6aU.roa
Signing time: Wed 18 Jun 2025 11:42:31 +0000
ROA not before: Wed 18 Jun 2025 11:42:31 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27974 (0x6d46)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 18 11:42:31 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=3B4CC533A2290098651C3E4D0723C9ACDC13E9A5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:ed:be:cf:a0:0b:38:7c:93:77:56:0a:e3:bd:
1b:6a:7e:1d:a4:34:b2:83:0c:c2:c0:96:a5:0c:c2:
60:0b:2d:b6:d0:df:f4:eb:6d:bb:9e:20:bc:4a:b4:
0f:ca:eb:3e:07:66:4a:12:22:16:f1:b6:a6:5c:e4:
49:25:f6:c0:2b:c5:12:5d:11:a1:97:f0:d1:92:b8:
fb:4a:52:e1:e4:3a:ff:10:a1:3e:3e:b2:f3:fc:31:
d7:75:26:98:a7:af:ef:1d:7e:2d:fa:f2:34:8e:97:
85:97:21:24:14:a7:f2:0e:2c:08:77:e5:5d:e2:7d:
fc:5e:2b:40:de:d4:72:b0:45:73:4d:5d:ec:28:2c:
4c:33:09:11:0d:f9:51:49:be:7e:85:eb:b3:62:b1:
fd:d9:db:0c:c3:08:7e:80:ae:bd:37:2f:de:0f:7d:
18:84:42:d7:59:f8:f5:f3:81:d7:ba:70:4e:19:ab:
2d:53:16:89:4b:b5:e3:0b:80:60:78:c7:c9:2f:8b:
8e:8a:16:a8:32:75:cd:e5:b5:34:04:9e:8b:da:7c:
13:21:23:0c:14:40:6c:81:e7:e2:b7:d4:7a:16:13:
e5:95:c9:75:75:24:2a:74:68:c7:e3:44:7d:94:97:
c3:9f:23:f5:b9:cc:8b:00:4d:e4:8c:7d:a9:5b:45:
64:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:4C:C5:33:A2:29:00:98:65:1C:3E:4D:07:23:C9:AC:DC:13:E9:A5
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/O0zFM6IpAJhlHD5NByPJrNwT6aU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
35:4d:bc:97:a9:68:d0:47:13:46:0c:11:d8:e6:75:dd:27:bb:
48:cb:20:1e:e2:df:54:9a:c1:7d:dc:20:0b:ca:95:8d:78:5c:
d8:d4:49:da:cd:71:89:3e:8d:18:39:3d:1d:36:23:0b:2b:f1:
1c:06:d4:ac:ca:a5:98:bb:a7:9b:f3:f9:ac:c3:40:71:4f:a4:
d6:5f:4e:68:ed:64:9d:10:35:d7:16:a2:2d:43:73:65:ee:24:
1a:81:f9:a9:3d:cb:01:4a:11:91:6c:7c:78:1d:7b:db:c0:42:
78:8b:16:b0:d4:22:d0:e2:6a:11:cd:61:50:4b:52:ae:93:da:
6c:be:40:85:28:42:4f:de:58:09:c2:5f:47:1b:b7:9d:e6:6d:
f0:ad:ea:57:6f:be:af:8a:82:d5:31:bb:6f:f1:cf:9b:00:5d:
8e:0c:79:93:94:be:a4:19:eb:5d:d1:fd:d5:80:92:c4:e0:6b:
20:9b:a6:2c:d2:ff:17:dd:95:86:b9:ff:88:51:45:e3:56:f6:
3b:1c:4e:bd:91:6f:89:4a:d6:f3:15:59:33:a3:45:2b:3d:08:
07:16:f3:e7:74:e7:93:c9:e0:cf:b9:f4:d3:71:8b:27:d7:85:
dd:4c:be:72:70:19:cb:31:5a:28:b1:88:5d:e9:75:bb:02:40:
b7:3d:32:2e
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbUYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTgx
MTQyMzFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDNCNENDNTMzQTIyOTAw
OTg2NTFDM0U0RDA3MjNDOUFDREMxM0U5QTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDn7b7PoAs4fJN3VgrjvRtqfh2kNLKDDMLAlqUMwmALLbbQ3/Tr
bbueILxKtA/K6z4HZkoSIhbxtqZc5Ekl9sArxRJdEaGX8NGSuPtKUuHkOv8QoT4+
svP8Mdd1Jpinr+8dfi368jSOl4WXISQUp/IOLAh35V3iffxeK0De1HKwRXNNXewo
LEwzCREN+VFJvn6F67Nisf3Z2wzDCH6Arr03L94PfRiEQtdZ+PXzgde6cE4Zqy1T
FolLteMLgGB4x8kvi46KFqgydc3ltTQEnovafBMhIwwUQGyB5+K31HoWE+WVyXV1
JCp0aMfjRH2Ul8OfI/W5zIsATeSMfalbRWRbAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUO0zFM6IpAJhlHD5NByPJrNwT6aUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L08wekZNNklwQUpobEhE
NU5CeVBKck53VDZhVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA1TbyX
qWjQRxNGDBHY5nXdJ7tIyyAe4t9UmsF93CALypWNeFzY1EnazXGJPo0YOT0dNiML
K/EcBtSsyqWYu6eb8/msw0BxT6TWX05o7WSdEDXXFqItQ3Nl7iQagfmpPcsBShGR
bHx4HXvbwEJ4ixaw1CLQ4moRzWFQS1Kuk9psvkCFKEJP3lgJwl9HG7ed5m3wrepX
b76vioLVMbtv8c+bAF2ODHmTlL6kGetd0f3VgJLE4Gsgm6Ys0v8X3ZWGuf+IUUXj
VvY7HE69kW+JStbzFVkzo0UrPQgHFvPndOeTyeDPufTTcYsn14XdTL5ycBnLMVoo
sYhd6XW7AkC3PTIu
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:36:07 2025 by rpki-client