Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/OKqlcAzMSs-Y-MPI9Ladq0h2ML8.roa
File: OKqlcAzMSs-Y-MPI9Ladq0h2ML8.roa (raw, json)
Hash identifier: fubskmSpGN0XFJAXnwTyZcmj3dwcqu4PRyFa4NEwxYQ=
Subject key identifier: 38:AA:A5:70:0C:CC:4A:CF:98:F8:C3:C8:F4:B6:9D:AB:48:76:30:BF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 760A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/OKqlcAzMSs-Y-MPI9Ladq0h2ML8.roa
Signing time: Sat 12 Jul 2025 02:41:39 +0000
ROA not before: Sat 12 Jul 2025 02:41:39 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30218 (0x760a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 12 02:41:39 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=38AAA5700CCC4ACF98F8C3C8F4B69DAB487630BF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:8d:fd:6e:aa:29:e7:ec:cb:01:a1:ce:c6:6d:
d3:1e:f4:6b:e7:83:3d:10:36:45:cd:ab:7c:af:09:
a6:48:92:ce:d4:a2:82:53:b3:1f:6b:df:01:62:f4:
0e:bc:03:a9:5e:f0:58:70:56:5e:b5:49:d9:46:a5:
0a:7c:c4:af:ef:d2:cc:40:b1:4f:81:37:b9:c0:0e:
6b:70:12:63:74:d0:8e:49:e9:db:6c:1a:50:86:0d:
cd:22:2a:54:de:cf:ef:46:a8:27:03:b0:7c:39:64:
74:b7:6a:91:9b:ff:0d:a6:d0:e5:7f:36:32:42:71:
3e:ee:75:79:b8:2c:65:2f:2a:ce:3f:0b:f2:66:d5:
03:4b:a2:86:7a:f0:72:6e:cb:3b:3b:0e:c0:28:da:
26:2d:50:bd:5a:d3:09:f0:cb:d9:21:be:92:9e:6b:
89:fd:39:af:a1:0e:38:98:10:a0:17:48:ad:69:20:
ac:67:e1:70:c4:b8:9f:f9:3c:99:c7:68:21:28:87:
24:9f:0b:27:c3:61:fa:02:ee:20:29:1f:0a:be:65:
3c:26:09:bc:bd:40:e4:41:da:ea:12:93:49:f6:10:
c5:14:cc:85:29:72:de:a0:af:d1:58:10:92:ba:34:
3a:34:64:59:1e:ce:ac:1a:7e:f0:ca:d4:91:2e:25:
15:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:AA:A5:70:0C:CC:4A:CF:98:F8:C3:C8:F4:B6:9D:AB:48:76:30:BF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/OKqlcAzMSs-Y-MPI9Ladq0h2ML8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
27:db:30:66:f1:4e:71:bb:a4:3b:6a:c9:09:ff:cd:7e:e5:a5:
5a:bc:f8:9e:bb:cd:ae:6e:69:c2:e2:39:16:47:34:47:96:d1:
55:9a:30:4a:95:0d:45:e3:76:c2:f9:82:e0:e7:30:07:40:f2:
ba:11:95:47:36:a2:8b:bb:56:b4:ea:ca:7d:e2:23:07:22:9b:
53:b5:30:8e:86:b3:e2:c1:7f:92:73:3c:d4:93:f3:6d:60:27:
9f:6d:ac:24:ea:b0:a2:63:1f:40:77:e2:38:d5:e5:29:1a:00:
dc:ad:fe:98:5e:2c:d9:47:b3:72:eb:45:40:37:e5:05:b3:b0:
d8:72:98:43:9d:94:de:99:44:89:58:cd:36:c5:52:f2:f0:f5:
02:99:de:f5:9f:4d:bb:ea:d3:bd:1f:69:fe:74:1a:80:19:6d:
2e:99:87:ce:1e:05:98:9b:3b:ba:2b:fa:bc:39:04:9d:75:6d:
f2:c0:a4:d7:3f:84:b4:16:f0:f8:3f:65:36:7d:25:e7:a7:f8:
62:8f:a6:29:25:4a:38:a9:5f:98:19:fd:3a:ab:62:ad:ee:d7:
d2:bf:c0:3e:d8:bd:85:0b:2e:87:64:23:cd:7f:e7:52:e8:df:
f8:7c:ea:3b:97:29:01:f9:48:48:f9:74:c6:8f:6d:ad:33:b3:
ec:c4:8e:3e
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdgowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTIw
MjQxMzlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM4QUFBNTcwMENDQzRB
Q0Y5OEY4QzNDOEY0QjY5REFCNDg3NjMwQkYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDZjf1uqinn7MsBoc7GbdMe9Gvngz0QNkXNq3yvCaZIks7UooJT
sx9r3wFi9A68A6le8FhwVl61SdlGpQp8xK/v0sxAsU+BN7nADmtwEmN00I5J6dts
GlCGDc0iKlTez+9GqCcDsHw5ZHS3apGb/w2m0OV/NjJCcT7udXm4LGUvKs4/C/Jm
1QNLooZ68HJuyzs7DsAo2iYtUL1a0wnwy9khvpKea4n9Oa+hDjiYEKAXSK1pIKxn
4XDEuJ/5PJnHaCEohySfCyfDYfoC7iApHwq+ZTwmCby9QORB2uoSk0n2EMUUzIUp
ct6gr9FYEJK6NDo0ZFkezqwafvDK1JEuJRVhAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUOKqlcAzMSs+Y+MPI9Ladq0h2ML8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L09LcWxjQXpNU3MtWS1N
UEk5TGFkcTBoMk1MOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAn2zBm
8U5xu6Q7askJ/81+5aVavPieu82ubmnC4jkWRzRHltFVmjBKlQ1F43bC+YLg5zAH
QPK6EZVHNqKLu1a06sp94iMHIptTtTCOhrPiwX+SczzUk/NtYCefbawk6rCiYx9A
d+I41eUpGgDcrf6YXizZR7Ny60VAN+UFs7DYcphDnZTemUSJWM02xVLy8PUCmd71
n0276tO9H2n+dBqAGW0umYfOHgWYmzu6K/q8OQSddW3ywKTXP4S0FvD4P2U2fSXn
p/hij6YpJUo4qV+YGf06q2Kt7tfSv8A+2L2FCy6HZCPNf+dS6N/4fOo7lykB+UhI
+XTGj22tM7PsxI4+
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:37:52 2025 by rpki-client