Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/hAsPTOC4EFBL6ar4ZL72eJDj5ek.roa
File: hAsPTOC4EFBL6ar4ZL72eJDj5ek.roa (raw, json)
Hash identifier: DKH4p10ZtaWBzJQ9gYE8Oxa8EVZeLENeRYxt99ANKwM=
Subject key identifier: 84:0B:0F:4C:E0:B8:10:50:4B:E9:AA:F8:64:BE:F6:78:90:E3:E5:E9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7224
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hAsPTOC4EFBL6ar4ZL72eJDj5ek.roa
Signing time: Tue 01 Jul 2025 16:44:45 +0000
ROA not before: Tue 01 Jul 2025 16:44:45 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29220 (0x7224)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 1 16:44:45 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=840B0F4CE0B810504BE9AAF864BEF67890E3E5E9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:11:8c:1d:5b:5e:69:ac:2f:94:16:b5:65:b1:
c5:95:5b:7c:3b:dc:55:47:34:9f:ad:d1:ba:1f:c8:
a4:09:23:c9:5d:80:e3:f1:6a:04:b2:37:c8:dc:c5:
3c:a9:70:d2:22:69:34:03:0a:a6:ee:3d:be:8b:c5:
e8:de:1b:86:5b:0a:39:35:6a:4b:d8:52:0e:23:01:
ac:ff:91:d8:56:1e:e9:28:95:21:cb:6f:d7:f7:34:
af:bd:10:c5:81:ac:3b:f1:36:59:ea:b3:e3:12:5d:
68:6b:8b:bd:de:f5:00:24:93:e9:e1:83:2f:dd:b9:
04:99:bd:12:25:84:96:65:af:d3:4d:d6:e0:1b:11:
2b:9d:5e:7c:b7:09:6a:b5:9f:86:3a:a2:a0:62:a5:
61:5b:65:06:ed:1a:0c:69:c2:62:8a:6a:d5:73:30:
a3:9a:bd:95:39:28:7b:1f:68:2a:48:08:83:80:60:
ab:c7:57:b4:58:e3:40:c5:43:10:32:d2:e1:60:5b:
b8:a2:d6:2a:b1:28:95:29:fd:72:3e:4c:75:43:d5:
6c:55:37:f7:5d:16:7a:cb:81:8b:c4:9a:ab:92:47:
45:e6:a9:49:b4:5a:42:aa:9e:f2:b2:99:2f:6b:bd:
b5:db:4e:bb:d3:89:46:59:9c:e3:91:49:28:39:26:
9e:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:0B:0F:4C:E0:B8:10:50:4B:E9:AA:F8:64:BE:F6:78:90:E3:E5:E9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hAsPTOC4EFBL6ar4ZL72eJDj5ek.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
aa:a7:25:90:62:23:ea:ed:08:8d:33:40:1d:9a:74:f4:3d:8e:
b1:8b:40:84:02:e3:d1:c3:98:fa:ba:88:9e:55:40:0d:cb:13:
72:4e:11:39:0b:b0:4c:ed:27:b9:3f:a6:c5:29:7b:e6:a0:3d:
eb:8a:52:8f:13:46:ef:09:f3:ab:21:44:27:57:50:bb:44:39:
68:ea:1c:41:6d:b7:6a:b5:d7:a9:2d:ad:68:a7:4e:ac:ab:9d:
fd:81:15:a1:31:09:d9:09:cc:da:cb:75:c7:06:97:0b:e2:b8:
24:3e:e5:ba:e2:60:5a:c8:55:07:ee:1a:a7:e8:a5:70:c5:c9:
34:8f:00:69:0c:86:66:19:12:6f:77:1f:f6:f6:19:89:d9:9b:
9e:48:80:f5:90:ec:a1:e3:87:e4:93:88:08:f8:47:cd:f2:35:
c6:dc:60:30:50:c7:2f:be:6c:95:61:37:df:68:18:61:ec:90:
b2:26:c9:32:10:a3:7c:ac:3f:c2:29:1d:f3:b1:7f:47:7b:d9:
a4:3d:f8:a5:0b:99:c5:2b:b2:df:72:1f:fe:d6:77:9f:e6:eb:
97:2d:f6:a7:0e:6e:4d:d1:15:37:c7:dc:97:37:d3:f5:67:18:
9b:24:3e:12:c1:cb:fb:ab:b7:b1:cb:1a:53:be:44:b0:55:e6:
f2:4d:c5:e1
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICciQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDEx
NjQ0NDVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDg0MEIwRjRDRTBCODEw
NTA0QkU5QUFGODY0QkVGNjc4OTBFM0U1RTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDfEYwdW15prC+UFrVlscWVW3w73FVHNJ+t0bofyKQJI8ldgOPx
agSyN8jcxTypcNIiaTQDCqbuPb6LxejeG4ZbCjk1akvYUg4jAaz/kdhWHukolSHL
b9f3NK+9EMWBrDvxNlnqs+MSXWhri73e9QAkk+nhgy/duQSZvRIlhJZlr9NN1uAb
ESudXny3CWq1n4Y6oqBipWFbZQbtGgxpwmKKatVzMKOavZU5KHsfaCpICIOAYKvH
V7RY40DFQxAy0uFgW7ii1iqxKJUp/XI+THVD1WxVN/ddFnrLgYvEmquSR0XmqUm0
WkKqnvKymS9rvbXbTrvTiUZZnOORSSg5Jp4xAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUhAsPTOC4EFBL6ar4ZL72eJDj5ekwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2hBc1BUT0M0RUZCTDZh
cjRaTDcyZUpEajVlay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCqpyWQ
YiPq7QiNM0AdmnT0PY6xi0CEAuPRw5j6uoieVUANyxNyThE5C7BM7Se5P6bFKXvm
oD3rilKPE0bvCfOrIUQnV1C7RDlo6hxBbbdqtdepLa1op06sq539gRWhMQnZCcza
y3XHBpcL4rgkPuW64mBayFUH7hqn6KVwxck0jwBpDIZmGRJvdx/29hmJ2ZueSID1
kOyh44fkk4gI+EfN8jXG3GAwUMcvvmyVYTffaBhh7JCyJskyEKN8rD/CKR3zsX9H
e9mkPfilC5nFK7Lfch/+1nef5uuXLfanDm5N0RU3x9yXN9P1ZxibJD4Swcv7q7ex
yxpTvkSwVebyTcXh
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:37:10 2025 by rpki-client