Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Ogm-qxr8FI-UvFOYmIDfpjIsfv0.roa
File: Ogm-qxr8FI-UvFOYmIDfpjIsfv0.roa (raw, json)
Hash identifier: T0IjvgD4au4UB6L0Ir3OOMVR5axNvUByexxMgVJbmOQ=
Subject key identifier: 3A:09:BE:AB:1A:FC:14:8F:94:BC:53:98:98:80:DF:A6:32:2C:7E:FD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 61BC
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Ogm-qxr8FI-UvFOYmIDfpjIsfv0.roa
Signing time: Sun 18 May 2025 17:10:37 +0000
ROA not before: Sun 18 May 2025 17:10:37 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25020 (0x61bc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 18 17:10:37 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=3A09BEAB1AFC148F94BC53989880DFA6322C7EFD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:46:87:be:d3:38:a7:ab:1e:97:ed:43:8d:bb:
35:81:39:0b:de:c1:6b:1d:cd:89:6c:40:d0:79:ed:
04:f9:20:75:59:8c:6b:f4:72:b2:c7:ce:20:39:08:
76:a6:5c:bd:94:23:c1:82:a7:af:65:82:02:c1:cc:
0c:a4:9e:22:a3:cf:25:c4:b4:5c:5e:7e:c6:ea:0c:
dc:33:bf:1c:8f:8a:8f:9c:cb:c8:0c:13:31:b6:ae:
fe:20:e8:c9:0d:84:73:70:77:73:e1:62:6e:b0:b9:
ed:50:57:dc:d6:33:e3:33:e7:77:83:af:41:6a:10:
dc:fe:31:48:fd:2b:45:21:23:e6:32:12:6f:0e:1a:
2d:81:d3:cd:ad:65:8a:4e:5f:5f:c3:a0:c6:b2:45:
7b:31:b9:a3:26:8c:d4:a0:f4:e9:ea:44:04:4f:fc:
64:71:e4:9e:3a:c5:97:ac:f8:94:8d:5d:aa:27:d1:
ec:e9:69:4f:26:86:eb:af:90:6a:24:84:04:ef:ec:
9a:99:84:5b:bf:48:60:c1:45:ad:bc:89:c7:5b:35:
e3:4b:26:3f:b1:23:bf:eb:2c:20:a7:12:49:cf:f0:
c1:5d:f7:e0:a4:a4:b3:7b:7a:d2:bd:a0:ac:e8:57:
84:f6:25:80:fc:3d:1a:d4:87:5e:29:01:df:87:97:
4b:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:09:BE:AB:1A:FC:14:8F:94:BC:53:98:98:80:DF:A6:32:2C:7E:FD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Ogm-qxr8FI-UvFOYmIDfpjIsfv0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
93:a5:41:82:ed:cd:f6:1a:a4:b9:80:38:36:61:80:71:10:1d:
e7:ba:41:21:64:2d:b9:79:72:e2:34:de:ab:0d:c2:1a:1e:2f:
8f:8e:50:d1:79:ed:3e:49:12:3c:6d:ae:84:d7:6c:f9:0d:9e:
6d:4c:61:7b:0a:be:a9:16:36:bc:9f:71:45:bb:15:d9:a6:b3:
03:1a:e9:9c:47:cd:64:29:c5:5f:6d:de:e6:70:be:51:42:00:
dd:49:a4:9f:87:0d:b2:dc:f7:26:f1:59:50:8e:7b:ee:62:f2:
22:17:8f:4b:22:95:cb:07:22:ba:d1:2d:66:9c:ef:df:73:ea:
04:ed:2a:5b:2f:e6:3e:e0:cd:5c:7d:e3:bb:d4:c2:f3:14:92:
31:2b:67:08:08:95:03:72:4a:36:b1:47:63:69:8a:2f:d0:6e:
11:d3:05:9e:57:56:32:a7:de:f3:71:70:d0:84:9f:2b:95:76:
d2:24:c4:dd:49:17:c0:56:a2:2a:1e:c1:6e:45:6b:88:ea:d8:
76:ec:67:72:a9:d3:75:04:86:39:ab:7f:eb:6d:58:86:a7:a0:
91:42:cd:c6:cc:1f:7e:13:73:35:f9:d1:7d:15:f4:0f:67:f6:
c1:bf:3d:9e:31:18:1c:52:31:30:e9:ea:23:1d:2d:15:28:6d:
fb:28:e9:b2
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYbwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTgx
NzEwMzdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDNBMDlCRUFCMUFGQzE0
OEY5NEJDNTM5ODk4ODBERkE2MzIyQzdFRkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCoRoe+0zinqx6X7UONuzWBOQvewWsdzYlsQNB57QT5IHVZjGv0
crLHziA5CHamXL2UI8GCp69lggLBzAykniKjzyXEtFxefsbqDNwzvxyPio+cy8gM
EzG2rv4g6MkNhHNwd3PhYm6wue1QV9zWM+Mz53eDr0FqENz+MUj9K0UhI+YyEm8O
Gi2B082tZYpOX1/DoMayRXsxuaMmjNSg9OnqRARP/GRx5J46xZes+JSNXaon0ezp
aU8mhuuvkGokhATv7JqZhFu/SGDBRa28icdbNeNLJj+xI7/rLCCnEknP8MFd9+Ck
pLN7etK9oKzoV4T2JYD8PRrUh14pAd+Hl0uZAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUOgm+qxr8FI+UvFOYmIDfpjIsfv0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L09nbS1xeHI4RkktVXZG
T1ltSURmcGpJc2Z2MC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCTpUGC
7c32GqS5gDg2YYBxEB3nukEhZC25eXLiNN6rDcIaHi+PjlDRee0+SRI8ba6E12z5
DZ5tTGF7Cr6pFja8n3FFuxXZprMDGumcR81kKcVfbd7mcL5RQgDdSaSfhw2y3Pcm
8VlQjnvuYvIiF49LIpXLByK60S1mnO/fc+oE7SpbL+Y+4M1cfeO71MLzFJIxK2cI
CJUDcko2sUdjaYov0G4R0wWeV1Yyp97zcXDQhJ8rlXbSJMTdSRfAVqIqHsFuRWuI
6th27GdyqdN1BIY5q3/rbViGp6CRQs3GzB9+E3M1+dF9FfQPZ/bBvz2eMRgcUjEw
6eojHS0VKG37KOmy
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:39:56 2025 by rpki-client