Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/OJkiwA3hRjc318QvXDg-UdLzMso.roa
File: OJkiwA3hRjc318QvXDg-UdLzMso.roa (raw, json)
Hash identifier: 5CIZAsErQFpDY6wQBBBjC9Gu7imi5tg7mDOhA7TIZ8Y=
Subject key identifier: 38:99:22:C0:0D:E1:46:37:37:D7:C4:2F:5C:38:3E:51:D2:F3:32:CA
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6D60
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/OJkiwA3hRjc318QvXDg-UdLzMso.roa
Signing time: Wed 18 Jun 2025 19:50:03 +0000
ROA not before: Wed 18 Jun 2025 19:50:03 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28000 (0x6d60)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 18 19:50:03 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=389922C00DE1463737D7C42F5C383E51D2F332CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:7e:4d:70:cc:b2:41:f7:f5:e2:3c:9d:ac:5f:
44:6c:a4:3b:96:75:53:60:9f:2e:33:86:c5:53:91:
fc:ea:93:67:01:5f:44:2e:f1:c9:bd:c2:a7:37:51:
13:e5:5f:d8:57:20:ab:ef:28:e4:83:ab:69:2a:b6:
4a:c8:28:38:6c:b5:a4:db:cc:59:e5:3c:b0:69:dd:
d0:bd:6a:a2:56:cb:03:d4:bb:e4:71:87:00:ab:9d:
cb:90:69:dc:e5:7f:95:a4:9d:b7:fd:1f:7a:70:25:
82:30:62:9b:20:63:e5:04:92:05:0d:d6:7c:49:fe:
38:0b:fc:e2:f5:2e:07:bd:42:b9:18:28:a1:c2:8e:
b8:7b:b9:b1:51:bf:83:12:cb:7c:68:0c:e2:fe:a8:
d6:89:10:b6:69:88:4d:3f:e8:0b:02:5d:6a:20:2c:
80:96:0f:e1:42:8c:88:c9:6e:37:53:7a:95:96:45:
d2:45:9e:44:d5:16:47:a4:6c:d3:ff:0f:d5:ec:1c:
dc:38:76:79:3b:74:1a:da:f7:b5:6d:57:bf:97:86:
16:0c:0c:b5:c5:5c:4e:02:e3:41:54:8c:08:7e:4e:
d2:76:45:63:07:a3:e7:28:33:52:71:f8:1c:06:e5:
9b:64:72:21:cd:db:28:fa:73:07:39:20:f4:df:1b:
60:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:99:22:C0:0D:E1:46:37:37:D7:C4:2F:5C:38:3E:51:D2:F3:32:CA
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/OJkiwA3hRjc318QvXDg-UdLzMso.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
86:d5:6c:fc:d6:69:64:2e:b2:40:12:7c:96:a4:d8:15:97:5e:
8c:9f:de:a9:48:6b:10:2d:ff:fc:83:1c:20:b4:97:d3:a5:37:
40:e0:ac:d5:1f:f0:0b:85:6e:ce:25:85:f4:99:a1:a1:ae:f7:
d9:fa:a4:ca:51:31:13:38:55:c6:11:ff:30:54:22:1c:2c:a1:
bd:2b:5a:94:59:05:a3:bb:5c:a8:b9:ac:03:b3:ea:e1:17:60:
ea:65:a7:d7:bc:17:50:12:d5:d6:d7:a3:75:90:a0:7b:35:db:
47:60:d7:d5:2a:6f:91:46:06:ab:a7:b7:a5:d5:7a:2c:cc:22:
2f:e9:50:22:8b:74:da:85:d7:1f:6c:de:f3:6f:b8:73:5e:a5:
95:10:27:5f:f7:00:6b:d5:08:8e:6a:10:3b:be:72:c9:66:54:
56:a9:56:d1:32:c7:9f:eb:e0:3e:c7:c6:d8:42:ef:41:2d:c4:
f0:10:c8:70:12:d6:58:51:85:69:f3:d5:e2:5c:c0:39:e0:6c:
dd:b4:fa:9e:d6:82:81:64:e5:21:03:65:05:96:3f:14:23:2f:
00:45:2f:0f:08:00:83:e7:a1:f7:2d:ff:e1:33:13:9a:05:a4:
18:60:25:0f:2a:a4:d1:96:e9:3b:e2:73:bf:76:cc:a1:e6:96:
a5:29:d7:1d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbWAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTgx
OTUwMDNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM4OTkyMkMwMERFMTQ2
MzczN0Q3QzQyRjVDMzgzRTUxRDJGMzMyQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCufk1wzLJB9/XiPJ2sX0RspDuWdVNgny4zhsVTkfzqk2cBX0Qu
8cm9wqc3URPlX9hXIKvvKOSDq2kqtkrIKDhstaTbzFnlPLBp3dC9aqJWywPUu+Rx
hwCrncuQadzlf5Wknbf9H3pwJYIwYpsgY+UEkgUN1nxJ/jgL/OL1Lge9QrkYKKHC
jrh7ubFRv4MSy3xoDOL+qNaJELZpiE0/6AsCXWogLICWD+FCjIjJbjdTepWWRdJF
nkTVFkekbNP/D9XsHNw4dnk7dBra97VtV7+XhhYMDLXFXE4C40FUjAh+TtJ2RWMH
o+coM1Jx+BwG5ZtkciHN2yj6cwc5IPTfG2A3AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUOJkiwA3hRjc318QvXDg+UdLzMsowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L09Ka2l3QTNoUmpjMzE4
UXZYRGctVWRMek1zby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCG1Wz8
1mlkLrJAEnyWpNgVl16Mn96pSGsQLf/8gxwgtJfTpTdA4KzVH/ALhW7OJYX0maGh
rvfZ+qTKUTETOFXGEf8wVCIcLKG9K1qUWQWju1youawDs+rhF2DqZafXvBdQEtXW
16N1kKB7NdtHYNfVKm+RRgarp7el1XoszCIv6VAii3TahdcfbN7zb7hzXqWVECdf
9wBr1QiOahA7vnLJZlRWqVbRMsef6+A+x8bYQu9BLcTwEMhwEtZYUYVp89XiXMA5
4GzdtPqe1oKBZOUhA2UFlj8UIy8ARS8PCACD56H3Lf/hMxOaBaQYYCUPKqTRluk7
4nO/dsyh5palKdcd
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:54:38 2025 by rpki-client