Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/OTiQhIdvze-QdpBkVuL7isO4OvU.roa
File: OTiQhIdvze-QdpBkVuL7isO4OvU.roa (raw, json)
Hash identifier: /g0juBGunB+yLnTBMCby1ISeQK9SJ1dW8rE4u+9dpMI=
Subject key identifier: 39:38:90:84:87:6F:CD:EF:90:76:90:64:56:E2:FB:8A:C3:B8:3A:F5
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 702A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/OTiQhIdvze-QdpBkVuL7isO4OvU.roa
Signing time: Thu 26 Jun 2025 10:14:33 +0000
ROA not before: Thu 26 Jun 2025 10:14:33 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28714 (0x702a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 26 10:14:33 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=39389084876FCDEF9076906456E2FB8AC3B83AF5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:cb:1e:5f:68:9b:f6:c8:34:7c:e2:c6:8f:28:
87:cb:bb:2d:2c:4d:45:52:26:53:ed:9f:0c:35:36:
3e:c0:7e:60:1a:a4:d4:85:6b:91:65:6e:3e:f8:6d:
97:b2:26:96:2a:da:2d:49:b7:99:87:d8:bb:bf:2d:
6d:1b:50:7d:9e:2a:0b:e3:87:8b:9c:77:c8:6b:07:
0a:11:cc:2f:89:eb:a4:a8:ce:61:79:3f:9b:7a:51:
18:86:99:40:a7:09:19:eb:97:9b:fa:e2:10:f6:aa:
95:9d:41:39:9f:d2:e2:95:ab:48:58:db:5f:e8:17:
ba:08:5d:8e:dc:33:ea:f9:a8:c0:79:c1:e2:5e:c3:
b6:f6:cc:fc:06:99:8c:c9:7c:97:b2:24:e6:9f:3b:
af:9b:41:17:98:80:98:20:9b:ff:96:9d:0c:e6:4f:
62:71:00:50:8f:18:93:39:d9:0e:41:5c:08:cb:74:
77:cc:57:51:40:80:fe:52:9a:76:c9:b6:2a:a2:5e:
23:3b:29:1d:50:e6:d9:8c:fa:50:f8:0c:48:8a:4f:
9d:68:22:56:ae:38:05:c3:79:8e:e9:06:80:52:5f:
99:d3:5e:0d:ab:bf:15:54:8e:8c:8f:2a:39:09:44:
3b:07:a2:89:47:01:ba:33:a6:e7:6e:6d:b8:d7:58:
c3:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:38:90:84:87:6F:CD:EF:90:76:90:64:56:E2:FB:8A:C3:B8:3A:F5
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/OTiQhIdvze-QdpBkVuL7isO4OvU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
5d:8b:11:2b:6e:c2:82:a4:5d:c8:61:1d:df:74:12:09:53:38:
3a:96:f2:70:d3:c3:43:2d:6c:13:ed:80:d7:9e:02:6f:c5:61:
90:e1:3a:12:a6:55:78:48:2e:0b:01:07:51:b0:e2:32:a4:b8:
aa:1e:aa:ba:6c:a9:c7:01:9b:ba:e4:81:dc:bc:20:c7:01:11:
f5:f0:38:24:c1:62:f2:99:dc:94:78:48:d9:0d:27:45:a9:4d:
6a:f0:45:d4:be:dc:96:2c:37:81:3a:3c:ce:57:3d:34:89:fd:
eb:8e:fd:62:9f:d3:49:02:09:5e:35:cf:d0:66:d0:fb:55:45:
0d:2a:33:bc:7c:8b:29:d4:dc:40:e2:29:bc:4b:e5:be:8e:aa:
62:6c:cf:5f:de:27:5a:43:cb:06:0b:da:30:23:72:18:64:3b:
d9:72:d1:87:49:31:c2:e0:96:92:a2:f1:2b:d5:1a:cc:6d:8b:
50:a7:8a:b5:83:65:4d:40:0f:1a:5b:49:84:d1:97:79:53:a4:
5b:d1:05:0a:be:00:c0:d4:5c:16:a8:a4:da:ef:3e:6d:15:2c:
40:82:7f:af:72:3c:c9:4c:69:4e:15:be:98:df:9a:2e:e5:71:
77:e4:b0:01:84:be:60:4c:e4:ad:42:3c:01:74:8f:77:a7:a4:
b2:77:fc:bc
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcCowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjYx
MDE0MzNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM5Mzg5MDg0ODc2RkNE
RUY5MDc2OTA2NDU2RTJGQjhBQzNCODNBRjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCYyx5faJv2yDR84saPKIfLuy0sTUVSJlPtnww1Nj7AfmAapNSF
a5Flbj74bZeyJpYq2i1Jt5mH2Lu/LW0bUH2eKgvjh4ucd8hrBwoRzC+J66SozmF5
P5t6URiGmUCnCRnrl5v64hD2qpWdQTmf0uKVq0hY21/oF7oIXY7cM+r5qMB5weJe
w7b2zPwGmYzJfJeyJOafO6+bQReYgJggm/+WnQzmT2JxAFCPGJM52Q5BXAjLdHfM
V1FAgP5SmnbJtiqiXiM7KR1Q5tmM+lD4DEiKT51oIlauOAXDeY7pBoBSX5nTXg2r
vxVUjoyPKjkJRDsHoolHAbozpudubbjXWMPJAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUOTiQhIdvze+QdpBkVuL7isO4OvUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L09UaVFoSWR2emUtUWRw
QmtWdUw3aXNPNE92VS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBdixEr
bsKCpF3IYR3fdBIJUzg6lvJw08NDLWwT7YDXngJvxWGQ4ToSplV4SC4LAQdRsOIy
pLiqHqq6bKnHAZu65IHcvCDHARH18DgkwWLymdyUeEjZDSdFqU1q8EXUvtyWLDeB
OjzOVz00if3rjv1in9NJAgleNc/QZtD7VUUNKjO8fIsp1NxA4im8S+W+jqpibM9f
3idaQ8sGC9owI3IYZDvZctGHSTHC4JaSovEr1RrMbYtQp4q1g2VNQA8aW0mE0Zd5
U6Rb0QUKvgDA1FwWqKTa7z5tFSxAgn+vcjzJTGlOFb6Y35ou5XF35LABhL5gTOSt
QjwBdI93p6Syd/y8
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:49:30 2025 by rpki-client