Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/hBiIMSXg_JzI3arr8IbO5R6_xAM.roa
File: hBiIMSXg_JzI3arr8IbO5R6_xAM.roa (raw, json)
Hash identifier: mKcbnnoYmW4SO54stw+DzxOxcUMckQ8VGbXYj5HWTek=
Subject key identifier: 84:18:88:31:25:E0:FC:9C:C8:DD:AA:EB:F0:86:CE:E5:1E:BF:C4:03
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7126
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hBiIMSXg_JzI3arr8IbO5R6_xAM.roa
Signing time: Sun 29 Jun 2025 01:14:42 +0000
ROA not before: Sun 29 Jun 2025 01:14:42 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28966 (0x7126)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 29 01:14:42 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=8418883125E0FC9CC8DDAAEBF086CEE51EBFC403
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:8a:17:af:24:4a:75:5d:87:e1:cd:94:fb:d7:
78:7d:b1:7d:0d:2d:b0:32:7e:5d:85:cb:cc:f7:b1:
4b:c4:1e:04:44:8d:6a:cf:f2:28:6f:b8:2a:50:89:
ac:3b:e2:3f:61:9c:77:b5:2c:6a:cd:6a:38:13:59:
f0:09:5b:5d:e2:0b:e3:2a:35:7d:0d:5b:00:42:84:
ab:4e:19:69:d0:fb:c0:da:60:68:5e:01:d6:40:d5:
bc:b4:cc:03:07:9b:62:06:30:b5:d3:be:45:f7:ec:
69:d1:dd:fb:5d:0d:fe:6e:70:57:0f:e1:e1:81:7f:
46:91:02:79:5f:7b:08:51:be:2d:c6:93:37:b5:d7:
31:ce:cc:7c:4e:12:e7:99:20:45:32:93:fb:5d:52:
1d:b0:54:3d:a0:e1:ad:a0:49:cd:e2:b9:05:90:0c:
57:cb:59:9e:a7:1b:02:7a:ea:b5:91:66:fa:65:ee:
43:fd:9e:91:cf:ae:16:9a:2a:92:2c:36:95:c2:25:
1a:fe:c8:8b:f8:dd:92:65:8a:1d:1f:f7:1c:c2:8b:
bb:f8:64:64:83:cc:be:9f:4b:11:a9:f7:76:5a:29:
12:e2:d0:77:29:25:2a:43:37:43:95:8d:39:5f:1e:
94:85:17:8c:aa:af:c7:ca:36:f7:61:93:40:7a:96:
26:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:18:88:31:25:E0:FC:9C:C8:DD:AA:EB:F0:86:CE:E5:1E:BF:C4:03
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hBiIMSXg_JzI3arr8IbO5R6_xAM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
bb:73:06:e9:30:5e:5f:d2:b9:52:a7:5f:d8:d6:71:21:5f:fd:
3e:49:c0:53:22:5d:0c:ca:54:c6:f4:2b:03:0b:ef:63:f4:58:
fe:a5:1a:1a:5f:fc:50:53:f9:de:3e:09:4f:e0:b4:ec:b1:0c:
14:33:f9:38:88:10:0e:32:bf:f5:df:af:a9:dd:8a:b3:bb:14:
fe:37:e4:97:5c:82:7a:55:fd:90:6b:67:e9:96:3c:ce:25:3f:
3a:02:ff:6a:76:e9:59:55:62:5f:7b:51:c1:cc:97:91:99:b6:
83:c1:32:7b:1f:d3:7b:ca:eb:14:be:37:e6:f3:51:e2:75:8c:
87:08:57:ac:79:44:97:e2:30:fa:86:c4:12:9d:8f:ce:79:bf:
3f:65:01:b5:46:ea:9b:2a:f1:f3:b3:64:de:23:b2:b4:4e:91:
6c:e2:88:c3:66:e8:e7:0e:e6:59:37:71:b8:f2:71:b4:f8:2a:
2d:58:8f:ee:35:6d:11:f9:04:f6:20:f2:41:c5:3c:ca:46:87:
53:5b:c8:14:20:bc:c2:f0:7a:06:3e:c9:61:c6:77:08:09:18:
82:16:dc:a5:d6:6d:fb:e4:57:6c:61:17:e3:ca:e3:cd:e2:90:
05:58:b6:46:4a:59:14:f2:0d:6b:41:da:6f:4a:0e:aa:cd:9a:
f0:21:f4:63
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcSYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2Mjkw
MTE0NDJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDg0MTg4ODMxMjVFMEZD
OUNDOEREQUFFQkYwODZDRUU1MUVCRkM0MDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKihevJEp1XYfhzZT713h9sX0NLbAyfl2Fy8z3sUvEHgREjWrP
8ihvuCpQiaw74j9hnHe1LGrNajgTWfAJW13iC+MqNX0NWwBChKtOGWnQ+8DaYGhe
AdZA1by0zAMHm2IGMLXTvkX37GnR3ftdDf5ucFcP4eGBf0aRAnlfewhRvi3Gkze1
1zHOzHxOEueZIEUyk/tdUh2wVD2g4a2gSc3iuQWQDFfLWZ6nGwJ66rWRZvpl7kP9
npHPrhaaKpIsNpXCJRr+yIv43ZJlih0f9xzCi7v4ZGSDzL6fSxGp93ZaKRLi0Hcp
JSpDN0OVjTlfHpSFF4yqr8fKNvdhk0B6liZrAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUhBiIMSXg/JzI3arr8IbO5R6/xAMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2hCaUlNU1hnX0p6STNh
cnI4SWJPNVI2X3hBTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQC7cwbp
MF5f0rlSp1/Y1nEhX/0+ScBTIl0MylTG9CsDC+9j9Fj+pRoaX/xQU/nePglP4LTs
sQwUM/k4iBAOMr/136+p3YqzuxT+N+SXXIJ6Vf2Qa2fpljzOJT86Av9qdulZVWJf
e1HBzJeRmbaDwTJ7H9N7yusUvjfm81HidYyHCFeseUSX4jD6hsQSnY/Oeb8/ZQG1
RuqbKvHzs2TeI7K0TpFs4ojDZujnDuZZN3G48nG0+CotWI/uNW0R+QT2IPJBxTzK
RodTW8gUILzC8HoGPslhxncICRiCFtyl1m375FdsYRfjyuPN4pAFWLZGSlkU8g1r
QdpvSg6qzZrwIfRj
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:39:08 2025 by rpki-client