Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/OMJIIqvHXCJq-j8CcbaHK-ZKxyY.roa
File: OMJIIqvHXCJq-j8CcbaHK-ZKxyY.roa (raw, json)
Hash identifier: eo+VGUHm0E9upm+atfRpsZazrXQY+GEilxIQUDNaoYg=
Subject key identifier: 38:C2:48:22:AB:C7:5C:22:6A:FA:3F:02:71:B6:87:2B:E6:4A:C7:26
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 743C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/OMJIIqvHXCJq-j8CcbaHK-ZKxyY.roa
Signing time: Mon 07 Jul 2025 06:44:54 +0000
ROA not before: Mon 07 Jul 2025 06:44:54 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29756 (0x743c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 7 06:44:54 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=38C24822ABC75C226AFA3F0271B6872BE64AC726
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:90:f6:ee:5a:da:22:30:92:4f:ae:a8:23:b6:
7f:cc:d6:6d:91:98:bd:24:7d:99:15:fd:4e:73:0a:
8f:1e:b6:32:ea:ec:b4:b2:8e:8f:7d:2d:9b:f0:6a:
dd:20:7b:44:8c:c1:8c:06:14:6e:e3:18:39:0d:c4:
6d:3c:c8:1b:45:34:5b:20:3b:96:d6:12:03:6a:48:
31:7e:86:22:de:55:3b:21:d4:b0:22:3a:a0:41:38:
29:c2:b8:4c:f1:4c:d6:a2:02:30:4d:8a:93:21:6d:
fb:cc:f2:41:2f:17:24:8e:32:12:3e:c1:7b:e7:18:
48:46:8e:a1:91:ed:a5:be:25:90:fe:74:3d:95:f5:
b1:60:d0:5f:b5:05:75:9a:a2:aa:37:c8:dc:e3:ff:
43:6f:33:94:9d:b7:a0:ff:c2:b5:ec:a7:64:df:e5:
e9:90:61:7d:04:95:fa:b0:08:50:f8:ed:7a:3c:53:
a1:ec:9c:54:10:2b:da:e9:47:1e:1d:14:85:75:79:
13:65:a2:53:5d:f9:f9:b1:3e:17:59:cb:1b:95:85:
b2:5f:8d:08:0c:c0:65:56:13:ee:56:ba:d2:d4:8b:
96:d7:b6:4b:6d:12:a8:70:b3:02:7f:fa:ee:fe:8b:
29:2c:f6:7b:6a:6c:0d:e6:9e:15:cd:15:b9:0c:84:
d0:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:C2:48:22:AB:C7:5C:22:6A:FA:3F:02:71:B6:87:2B:E6:4A:C7:26
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/OMJIIqvHXCJq-j8CcbaHK-ZKxyY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
39:2a:9e:3e:a4:1c:0b:ff:02:c6:e9:be:8c:5c:f8:a2:7d:7f:
f3:06:e1:ea:53:e4:8f:f0:e7:44:28:8c:f3:65:09:a5:86:72:
3f:9d:bb:8b:b6:8c:be:57:65:74:fa:74:4a:52:26:41:e4:ab:
32:30:38:fa:95:c3:56:67:ec:d3:5c:e2:8c:00:25:78:0e:c4:
46:68:11:c6:d9:bd:bc:c6:be:56:2d:f9:eb:93:74:2a:8c:91:
f7:cb:47:5b:5e:da:3d:25:05:36:91:71:65:08:48:8e:58:14:
d0:20:41:10:18:62:40:70:ac:85:dd:c2:c3:c2:23:55:3b:e5:
0f:59:fc:27:0f:ad:c9:49:3c:6e:d9:c3:71:7e:cb:e4:52:ed:
5b:83:87:ee:87:db:93:57:12:ef:9e:20:ee:70:59:17:7c:90:
8c:4e:df:f9:6a:54:be:a7:f9:48:f6:ff:9a:45:22:b3:16:ab:
0b:43:97:b0:5e:3f:29:21:a2:78:e3:ae:1e:5c:8e:50:10:1a:
a6:1b:28:bb:c5:1d:d1:53:e6:48:2c:e2:49:4b:9b:18:22:74:
9f:80:21:ac:18:4d:7d:96:de:64:5f:ca:bf:60:83:fd:fe:52:
d8:a9:02:45:2a:16:b3:39:3a:23:28:84:03:3b:10:1f:75:64:
ac:26:ef:fa
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdDwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDcw
NjQ0NTRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM4QzI0ODIyQUJDNzVD
MjI2QUZBM0YwMjcxQjY4NzJCRTY0QUM3MjYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDGkPbuWtoiMJJPrqgjtn/M1m2RmL0kfZkV/U5zCo8etjLq7LSy
jo99LZvwat0ge0SMwYwGFG7jGDkNxG08yBtFNFsgO5bWEgNqSDF+hiLeVTsh1LAi
OqBBOCnCuEzxTNaiAjBNipMhbfvM8kEvFySOMhI+wXvnGEhGjqGR7aW+JZD+dD2V
9bFg0F+1BXWaoqo3yNzj/0NvM5Sdt6D/wrXsp2Tf5emQYX0ElfqwCFD47Xo8U6Hs
nFQQK9rpRx4dFIV1eRNlolNd+fmxPhdZyxuVhbJfjQgMwGVWE+5WutLUi5bXtktt
EqhwswJ/+u7+iyks9ntqbA3mnhXNFbkMhNARAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUOMJIIqvHXCJq+j8CcbaHK+ZKxyYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L09NSklJcXZIWENKcS1q
OENjYmFISy1aS3h5WS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA5Kp4+
pBwL/wLG6b6MXPiifX/zBuHqU+SP8OdEKIzzZQmlhnI/nbuLtoy+V2V0+nRKUiZB
5KsyMDj6lcNWZ+zTXOKMACV4DsRGaBHG2b28xr5WLfnrk3QqjJH3y0dbXto9JQU2
kXFlCEiOWBTQIEEQGGJAcKyF3cLDwiNVO+UPWfwnD63JSTxu2cNxfsvkUu1bg4fu
h9uTVxLvniDucFkXfJCMTt/5alS+p/lI9v+aRSKzFqsLQ5ewXj8pIaJ4464eXI5Q
EBqmGyi7xR3RU+ZILOJJS5sYInSfgCGsGE19lt5kX8q/YIP9/lLYqQJFKhazOToj
KIQDOxAfdWSsJu/6
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:52:29 2025 by rpki-client