Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/hBRbB_HcnVKYIReI_kSNt8ScXVc.roa
File: hBRbB_HcnVKYIReI_kSNt8ScXVc.roa (raw, json)
Hash identifier: ME04oAP6PzSJg8XbmuR6wLcqgH3CoEkdxqi3x+WPE4s=
Subject key identifier: 84:14:5B:07:F1:DC:9D:52:98:21:17:88:FE:44:8D:B7:C4:9C:5D:57
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 76AC
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hBRbB_HcnVKYIReI_kSNt8ScXVc.roa
Signing time: Sun 13 Jul 2025 19:11:46 +0000
ROA not before: Sun 13 Jul 2025 19:11:46 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30380 (0x76ac)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 13 19:11:46 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=84145B07F1DC9D5298211788FE448DB7C49C5D57
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:58:d3:67:e2:0c:d2:8d:fe:0e:5a:a0:b8:e9:
05:ab:d2:53:91:c5:61:a8:e1:0c:3e:63:e2:3c:42:
fa:e3:88:50:61:4f:bb:88:74:ec:dc:d0:fe:0b:2d:
ad:f0:b9:9a:67:db:21:9f:b4:6c:40:19:68:14:64:
a8:d1:52:df:c1:c4:33:98:f8:2f:20:23:1c:0a:2b:
db:47:16:30:4e:83:f2:20:f5:c9:16:6e:96:c4:04:
4b:a6:9c:b4:1f:75:2b:78:1a:64:cf:c6:65:b0:9d:
7c:2e:0a:39:b1:7b:7e:eb:b6:12:26:79:3b:ed:40:
9b:fb:59:b4:55:77:41:74:83:06:d5:05:c6:b2:ad:
a4:c2:be:84:6e:10:b0:bd:16:15:1f:e3:00:8e:26:
26:ef:5a:7c:54:d4:10:6d:46:54:81:c3:e5:7b:d7:
a2:23:ee:89:f8:71:68:6d:ab:4c:a1:3c:fe:91:38:
cb:db:ea:4f:0c:1c:bd:6b:3b:d4:a8:89:0e:77:a5:
4d:71:e9:ca:37:7c:a8:63:85:48:3b:a3:f3:3e:d3:
c3:6c:50:64:77:54:59:a2:8a:47:6c:c0:bc:32:14:
1d:b3:e0:a1:9b:23:c9:bf:aa:7b:9d:18:5e:73:7c:
ba:d4:b3:23:43:b5:4c:a0:d9:a6:84:ea:36:ff:33:
38:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:14:5B:07:F1:DC:9D:52:98:21:17:88:FE:44:8D:B7:C4:9C:5D:57
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hBRbB_HcnVKYIReI_kSNt8ScXVc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
a6:5b:7a:47:23:a7:13:e6:4a:2b:a0:b8:e0:77:1b:e4:d4:16:
f9:b1:73:fb:1b:71:39:bd:03:4b:c7:f8:98:56:3f:fc:03:3f:
98:0c:07:56:91:25:72:c5:f6:81:48:ad:92:cd:27:a7:90:a6:
b2:a3:24:8b:d1:39:36:62:cb:9f:e8:a3:5e:5d:25:28:e9:dd:
89:0b:7c:7b:3d:7f:6b:b0:2f:06:e9:13:fa:e4:33:f7:e1:49:
85:fe:c4:3c:a5:87:27:2b:d2:b6:af:0b:c2:6a:77:e8:07:5e:
10:cc:21:cf:43:3c:66:4e:43:dc:49:1f:c8:77:a4:71:37:05:
15:47:7a:15:ca:a8:b3:98:47:2e:dd:81:36:eb:85:f6:9a:70:
ec:aa:8a:ad:05:0d:ee:64:a5:02:c5:2c:7c:b3:2e:b2:4e:5c:
93:f2:83:69:35:97:e8:1b:3b:a6:02:4d:3d:7d:9a:45:72:a7:
3a:1d:49:4e:34:13:f7:60:07:c0:8a:0c:29:37:7a:bb:2c:66:
b0:a7:0f:58:ec:bd:72:73:57:4b:d3:0b:ab:52:55:e9:ca:41:
69:71:d1:28:bb:ce:81:cb:99:89:b3:4f:39:69:f8:9c:ef:0e:
36:c7:2e:7b:11:34:4e:b8:f8:9e:8c:04:40:20:3b:eb:e5:4f:
27:0e:23:36
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdqwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTMx
OTExNDZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDg0MTQ1QjA3RjFEQzlE
NTI5ODIxMTc4OEZFNDQ4REI3QzQ5QzVENTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCdWNNn4gzSjf4OWqC46QWr0lORxWGo4Qw+Y+I8QvrjiFBhT7uI
dOzc0P4LLa3wuZpn2yGftGxAGWgUZKjRUt/BxDOY+C8gIxwKK9tHFjBOg/Ig9ckW
bpbEBEumnLQfdSt4GmTPxmWwnXwuCjmxe37rthImeTvtQJv7WbRVd0F0gwbVBcay
raTCvoRuELC9FhUf4wCOJibvWnxU1BBtRlSBw+V716Ij7on4cWhtq0yhPP6ROMvb
6k8MHL1rO9SoiQ53pU1x6co3fKhjhUg7o/M+08NsUGR3VFmiikdswLwyFB2z4KGb
I8m/qnudGF5zfLrUsyNDtUyg2aaE6jb/MziJAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUhBRbB/HcnVKYIReI/kSNt8ScXVcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2hCUmJCX0hjblZLWUlS
ZUlfa1NOdDhTY1hWYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCmW3pH
I6cT5koroLjgdxvk1Bb5sXP7G3E5vQNLx/iYVj/8Az+YDAdWkSVyxfaBSK2SzSen
kKayoySL0Tk2Ysuf6KNeXSUo6d2JC3x7PX9rsC8G6RP65DP34UmF/sQ8pYcnK9K2
rwvCanfoB14QzCHPQzxmTkPcSR/Id6RxNwUVR3oVyqizmEcu3YE264X2mnDsqoqt
BQ3uZKUCxSx8sy6yTlyT8oNpNZfoGzumAk09fZpFcqc6HUlONBP3YAfAigwpN3q7
LGawpw9Y7L1yc1dL0wurUlXpykFpcdEou86By5mJs085afic7w42xy57ETROuPie
jARAIDvr5U8nDiM2
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:42:06 2025 by rpki-client