Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/a8pISj7ID3bRQnzQyTisBUNuvnc.roa
File: a8pISj7ID3bRQnzQyTisBUNuvnc.roa (raw, json)
Hash identifier: m94MdJq8kriejkE/nG4UJiSdAHSYk2NzjGkRP7pxPiA=
Subject key identifier: 6B:CA:48:4A:3E:C8:0F:76:D1:42:7C:D0:C9:38:AC:05:43:6E:BE:77
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 710A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/a8pISj7ID3bRQnzQyTisBUNuvnc.roa
Signing time: Sat 28 Jun 2025 18:14:36 +0000
ROA not before: Sat 28 Jun 2025 18:14:36 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28938 (0x710a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 28 18:14:36 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=6BCA484A3EC80F76D1427CD0C938AC05436EBE77
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f8:e2:9e:9b:3b:2b:75:13:8f:38:64:3d:d2:b7:
33:3e:66:64:cb:a6:92:eb:db:fa:3b:e4:82:e5:1b:
fb:b8:4c:f3:88:20:5a:26:b3:0c:d6:47:6f:24:4f:
0a:68:5c:a2:08:0c:d8:bd:3c:7e:8c:25:c9:be:8d:
56:b8:b7:fe:1f:88:73:37:9d:ec:3c:ca:1d:e5:56:
d4:d5:b8:72:71:13:db:4b:b5:2c:17:dc:19:39:02:
8a:53:b7:8a:bc:86:6a:83:79:b8:42:98:20:fc:f0:
d5:72:f9:d2:3c:2d:cb:fe:7f:aa:bc:17:5e:4a:ae:
29:a0:63:86:0c:5d:05:fd:cb:3f:03:4f:38:38:b4:
f4:99:01:63:a5:5a:61:0b:ea:98:33:ed:63:a4:3a:
12:05:1c:0b:32:b8:3d:bd:36:48:6e:ab:00:32:d6:
29:e1:bd:01:e2:e1:2c:ac:25:63:6d:2e:cc:ff:ae:
52:4e:54:38:f4:5b:c3:05:7a:0f:67:f4:b5:d6:2b:
7d:28:55:15:a3:24:82:df:9f:29:9a:7f:e7:a0:0a:
35:f2:d5:34:b6:9e:0a:c1:56:45:c9:cf:df:d4:f8:
85:46:72:2e:b2:d4:34:43:7f:df:ef:88:f4:85:22:
f5:1d:c5:49:dc:b8:4a:c6:82:55:84:83:39:44:72:
ba:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:CA:48:4A:3E:C8:0F:76:D1:42:7C:D0:C9:38:AC:05:43:6E:BE:77
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/a8pISj7ID3bRQnzQyTisBUNuvnc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
71:61:9a:b1:be:f4:0f:5a:1f:2a:1d:59:15:6a:f1:22:e7:33:
1d:ce:31:cf:7f:88:94:07:38:fa:7d:03:27:08:86:9e:4b:0a:
9f:a3:26:27:81:3e:78:f7:79:95:79:76:49:ac:8b:3c:d4:f0:
61:c0:48:0d:6d:2b:88:e4:5c:05:4f:a7:e3:0d:a1:10:f5:af:
8b:92:99:5a:95:eb:dc:03:cb:7f:5f:61:a6:76:0d:c1:0b:59:
8b:95:35:1e:5f:72:a6:b0:e6:c3:0d:31:4a:83:53:f3:aa:5e:
4d:56:2a:c5:47:fc:78:af:0e:74:92:c1:2b:d8:ac:9f:d4:4d:
e7:3d:ce:1d:cd:6f:69:19:02:86:d7:91:8b:27:7f:01:46:e9:
2d:84:af:a2:45:eb:a1:b9:af:9c:13:c9:63:19:93:c6:30:f4:
14:b0:1b:04:d3:ee:e7:c3:9c:e8:89:83:02:a9:2c:e6:37:61:
dc:98:57:12:79:58:4b:a1:8e:c9:66:03:89:cc:e4:63:c5:2b:
fe:c4:41:3f:1a:25:c6:5f:7e:a2:04:95:59:fe:14:ca:58:41:
84:c3:f0:64:ec:82:a5:eb:5b:e7:27:8b:f9:78:1e:3c:2b:54:
39:1f:50:3c:d4:f0:e4:12:b6:82:fd:fd:f4:d2:8f:3f:ac:ce:
2f:54:e8:7f
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcQowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2Mjgx
ODE0MzZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDZCQ0E0ODRBM0VDODBG
NzZEMTQyN0NEMEM5MzhBQzA1NDM2RUJFNzcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD44p6bOyt1E484ZD3StzM+ZmTLppLr2/o75ILlG/u4TPOIIFom
swzWR28kTwpoXKIIDNi9PH6MJcm+jVa4t/4fiHM3new8yh3lVtTVuHJxE9tLtSwX
3Bk5AopTt4q8hmqDebhCmCD88NVy+dI8Lcv+f6q8F15KrimgY4YMXQX9yz8DTzg4
tPSZAWOlWmEL6pgz7WOkOhIFHAsyuD29NkhuqwAy1inhvQHi4SysJWNtLsz/rlJO
VDj0W8MFeg9n9LXWK30oVRWjJILfnymaf+egCjXy1TS2ngrBVkXJz9/U+IVGci6y
1DRDf9/viPSFIvUdxUncuErGglWEgzlEcroNAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUa8pISj7ID3bRQnzQyTisBUNuvncwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2E4cElTajdJRDNiUlFu
elF5VGlzQlVOdXZuYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBxYZqx
vvQPWh8qHVkVavEi5zMdzjHPf4iUBzj6fQMnCIaeSwqfoyYngT5493mVeXZJrIs8
1PBhwEgNbSuI5FwFT6fjDaEQ9a+LkplalevcA8t/X2Gmdg3BC1mLlTUeX3KmsObD
DTFKg1Pzql5NVirFR/x4rw50ksEr2Kyf1E3nPc4dzW9pGQKG15GLJ38BRukthK+i
Reuhua+cE8ljGZPGMPQUsBsE0+7nw5zoiYMCqSzmN2HcmFcSeVhLoY7JZgOJzORj
xSv+xEE/GiXGX36iBJVZ/hTKWEGEw/Bk7IKl61vnJ4v5eB48K1Q5H1A81PDkEraC
/f300o8/rM4vVOh/
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:40:16 2025 by rpki-client