Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/h2jUzFX_2UdWV38GpnlF4Uc_GKE.roa
File: h2jUzFX_2UdWV38GpnlF4Uc_GKE.roa (raw, json)
Hash identifier: 5Wny4tiNwQ11kGN4bIjmUiXOINwyQp6WlUtvXsrhodg=
Subject key identifier: 87:68:D4:CC:55:FF:D9:47:56:57:7F:06:A6:79:45:E1:47:3F:18:A1
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 648E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/h2jUzFX_2UdWV38GpnlF4Uc_GKE.roa
Signing time: Mon 26 May 2025 05:41:06 +0000
ROA not before: Mon 26 May 2025 05:41:06 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25742 (0x648e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 26 05:41:06 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=8768D4CC55FFD94756577F06A67945E1473F18A1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:6a:d4:eb:d6:ab:1b:e3:ac:da:9c:41:33:92:
51:20:1f:70:77:c1:ae:8b:2a:a7:3c:5b:b7:fd:55:
00:5a:61:95:f6:b4:5c:98:59:7b:38:74:f0:4b:fa:
c1:7a:77:74:ac:6f:8d:95:59:78:0e:e3:96:46:eb:
2d:02:0e:bc:cd:8a:98:85:b1:b1:c6:5a:5c:02:29:
d9:07:0a:9e:69:a6:2a:09:74:45:2f:8d:f8:00:ff:
48:1c:46:ca:00:e4:d0:3d:74:ef:37:6f:12:cf:e9:
3a:a1:1f:69:b5:db:b2:9e:cc:59:52:b5:16:23:9c:
79:c2:35:20:21:74:65:3a:ec:74:e1:6a:9c:0f:41:
77:5d:44:1a:0e:d7:cb:de:cf:a3:a6:89:da:26:48:
3c:31:4f:a9:eb:36:02:7e:1b:db:23:df:ea:8e:54:
ec:4c:47:99:e0:ed:e9:2b:4d:11:16:6f:2a:78:60:
61:b3:4d:c3:ce:c3:5c:40:39:09:3a:bc:71:a3:26:
a8:14:c0:19:12:07:df:c9:cc:ca:f5:1b:b6:07:52:
0b:b9:10:5f:a1:87:f3:88:e1:fd:9a:77:79:d7:0c:
d2:73:0b:2b:f4:97:1e:b2:fd:8c:6a:db:57:6a:00:
3a:af:c1:f4:eb:49:b5:4f:c2:39:9d:d3:73:fe:e3:
2d:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:68:D4:CC:55:FF:D9:47:56:57:7F:06:A6:79:45:E1:47:3F:18:A1
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/h2jUzFX_2UdWV38GpnlF4Uc_GKE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
6a:00:e7:e9:69:71:61:7a:65:2b:bd:2c:8c:ef:4b:24:14:df:
ef:3e:c1:a3:3c:f8:7f:5f:73:6e:be:f1:63:4c:0f:2f:02:d0:
17:68:21:46:ff:5a:35:71:1c:2b:9f:29:3f:de:a6:7b:d0:65:
52:da:96:28:4c:d4:7d:fc:3f:4e:9f:a5:35:5f:b4:d6:ee:ec:
36:5c:ea:51:d7:3b:62:a0:b1:bb:0a:b6:28:db:db:32:42:3d:
c2:e4:dd:d4:f8:d8:11:1c:22:bb:33:fa:c2:35:45:73:b4:e9:
51:ef:40:48:16:42:78:9d:2d:e0:5a:d7:2e:70:45:4f:71:2d:
20:db:71:9e:eb:33:e7:cc:24:3e:ba:06:6f:f1:93:90:b4:77:
22:6b:5b:eb:10:f7:98:02:43:68:7b:48:a6:99:65:84:6f:31:
a3:3c:67:c4:e5:01:2d:42:27:ea:5e:93:9d:f3:32:0a:25:48:
f1:c3:95:f1:f5:8d:72:b0:00:5a:6c:db:57:19:79:27:5f:a0:
a7:08:e3:b2:b8:18:26:74:18:7a:44:8f:4a:04:e4:b0:29:4e:
26:88:7a:9d:dc:04:ce:57:4d:a9:3d:6d:73:0d:af:fb:6e:46:
3e:8c:4b:7c:ae:70:ba:02:ac:76:b4:96:00:bd:95:b2:04:22:
3d:26:5e:4d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZI4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjYw
NTQxMDZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDg3NjhENENDNTVGRkQ5
NDc1NjU3N0YwNkE2Nzk0NUUxNDczRjE4QTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCWatTr1qsb46zanEEzklEgH3B3wa6LKqc8W7f9VQBaYZX2tFyY
WXs4dPBL+sF6d3Ssb42VWXgO45ZG6y0CDrzNipiFsbHGWlwCKdkHCp5ppioJdEUv
jfgA/0gcRsoA5NA9dO83bxLP6TqhH2m127KezFlStRYjnHnCNSAhdGU67HThapwP
QXddRBoO18vez6OmidomSDwxT6nrNgJ+G9sj3+qOVOxMR5ng7ekrTREWbyp4YGGz
TcPOw1xAOQk6vHGjJqgUwBkSB9/JzMr1G7YHUgu5EF+hh/OI4f2ad3nXDNJzCyv0
lx6y/Yxq21dqADqvwfTrSbVPwjmd03P+4y2DAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUh2jUzFX/2UdWV38GpnlF4Uc/GKEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2gyalV6RlhfMlVkV1Yz
OEdwbmxGNFVjX0dLRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBqAOfp
aXFhemUrvSyM70skFN/vPsGjPPh/X3NuvvFjTA8vAtAXaCFG/1o1cRwrnyk/3qZ7
0GVS2pYoTNR9/D9On6U1X7TW7uw2XOpR1ztioLG7CrYo29syQj3C5N3U+NgRHCK7
M/rCNUVztOlR70BIFkJ4nS3gWtcucEVPcS0g23Ge6zPnzCQ+ugZv8ZOQtHcia1vr
EPeYAkNoe0immWWEbzGjPGfE5QEtQifqXpOd8zIKJUjxw5Xx9Y1ysABabNtXGXkn
X6CnCOOyuBgmdBh6RI9KBOSwKU4miHqd3ATOV02pPW1zDa/7bkY+jEt8rnC6Aqx2
tJYAvZWyBCI9Jl5N
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:27:41 2025 by rpki-client