Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/hBnITgLy-Z21VWIbyBwTzWibhbU.roa
File: hBnITgLy-Z21VWIbyBwTzWibhbU.roa (raw, json)
Hash identifier: s4ODZAW9S+3ZP0uP+hlQlMz4Tq/SBt1c5mHAeonxhRM=
Subject key identifier: 84:19:C8:4E:02:F2:F9:9D:B5:55:62:1B:C8:1C:13:CD:68:9B:85:B5
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6670
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hBnITgLy-Z21VWIbyBwTzWibhbU.roa
Signing time: Sat 31 May 2025 06:11:29 +0000
ROA not before: Sat 31 May 2025 06:11:29 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26224 (0x6670)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 31 06:11:29 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=8419C84E02F2F99DB555621BC81C13CD689B85B5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:a7:cc:de:c1:ad:9c:a6:6d:3e:e7:2a:9f:36:
e3:33:d0:51:74:ba:7c:ee:d8:64:d5:97:0f:7d:cb:
d3:25:44:ce:a7:4f:91:38:72:8f:21:b9:df:be:bf:
b2:a9:0c:78:38:fb:60:1d:ce:69:41:b3:c7:7d:cf:
f2:00:4f:c7:f1:65:9b:32:1b:a9:8c:3d:2e:f2:4f:
64:ef:41:dc:bb:f3:91:9e:92:11:f4:fa:3d:f5:13:
6a:73:9d:9c:16:10:f3:d5:e9:86:3e:90:06:a5:28:
c3:40:e0:cb:11:83:c0:ca:0d:a0:b3:d4:2e:4d:69:
f1:b9:74:75:ce:8a:d9:97:13:4d:cb:b5:93:78:7b:
a3:7e:7b:ff:2a:27:82:4e:73:47:e6:54:40:f6:1c:
c0:35:27:20:6b:36:65:d3:87:73:b9:11:70:21:9d:
f9:05:59:b3:89:c7:d4:5f:d2:7c:f3:fb:7c:df:2f:
75:1e:a6:f2:d9:ab:d5:b4:8b:5d:73:58:09:a3:ea:
7f:ba:d2:21:c3:66:5b:b1:78:ec:8f:78:12:a0:fa:
1c:04:4f:93:0b:fb:43:62:32:80:3a:74:dd:25:8f:
34:e9:ea:79:df:70:ea:e5:1d:a6:88:98:b9:72:36:
72:ab:44:47:67:0c:fb:88:4b:ef:31:b4:8a:c3:ed:
c4:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:19:C8:4E:02:F2:F9:9D:B5:55:62:1B:C8:1C:13:CD:68:9B:85:B5
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hBnITgLy-Z21VWIbyBwTzWibhbU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
99:5a:26:ac:36:f4:1b:84:3d:c0:b0:73:1c:f5:b3:bb:13:c6:
a8:d7:c5:70:8f:62:6a:5d:3b:20:d9:f9:1e:84:35:b3:73:c0:
3b:60:f2:d3:2e:f8:b4:8a:df:f2:69:ce:31:f4:cc:5f:4e:08:
ea:69:c5:95:18:d2:73:82:f9:bd:92:b3:b8:ba:3c:eb:04:c5:
f7:ba:2d:55:9f:ef:31:3c:e4:ba:c9:5c:7f:55:c4:03:7a:c8:
b2:02:89:f6:fd:79:ba:01:4b:23:dc:0d:e9:88:ac:ce:f4:e3:
e9:04:cf:6c:25:fa:9a:b8:26:95:ae:7c:a8:5f:4c:6e:1b:00:
bb:00:61:7e:4f:91:b8:7f:12:a7:00:6c:9e:44:ef:7c:cc:ec:
53:18:04:85:4d:ab:0e:c6:fb:34:43:c7:1f:b3:a7:d9:6a:c4:
74:49:23:cb:1d:70:00:dc:9b:dc:16:47:d9:d7:8f:1a:c3:4e:
82:65:a0:9f:64:f5:a6:ff:18:6b:d3:0f:c5:da:a7:ce:8f:44:
65:4b:a8:10:ee:ab:16:15:e7:9a:c5:f0:e4:56:56:19:e2:07:
76:52:f0:d6:9f:cd:12:0b:32:42:40:76:fc:62:35:c8:b5:8d:
b7:8a:08:06:82:75:1b:ed:eb:80:e9:2b:43:3b:24:ac:60:0b:
d9:0d:5d:05
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZnAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MzEw
NjExMjlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDg0MTlDODRFMDJGMkY5
OURCNTU1NjIxQkM4MUMxM0NENjg5Qjg1QjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDdp8zewa2cpm0+5yqfNuMz0FF0unzu2GTVlw99y9MlRM6nT5E4
co8hud++v7KpDHg4+2AdzmlBs8d9z/IAT8fxZZsyG6mMPS7yT2TvQdy785GekhH0
+j31E2pznZwWEPPV6YY+kAalKMNA4MsRg8DKDaCz1C5NafG5dHXOitmXE03LtZN4
e6N+e/8qJ4JOc0fmVED2HMA1JyBrNmXTh3O5EXAhnfkFWbOJx9Rf0nzz+3zfL3Ue
pvLZq9W0i11zWAmj6n+60iHDZluxeOyPeBKg+hwET5ML+0NiMoA6dN0ljzTp6nnf
cOrlHaaImLlyNnKrREdnDPuIS+8xtIrD7cSTAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUhBnITgLy+Z21VWIbyBwTzWibhbUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2hCbklUZ0x5LVoyMVZX
SWJ5QndUeldpYmhiVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCZWias
NvQbhD3AsHMc9bO7E8ao18Vwj2JqXTsg2fkehDWzc8A7YPLTLvi0it/yac4x9Mxf
TgjqacWVGNJzgvm9krO4ujzrBMX3ui1Vn+8xPOS6yVx/VcQDesiyAon2/Xm6AUsj
3A3piKzO9OPpBM9sJfqauCaVrnyoX0xuGwC7AGF+T5G4fxKnAGyeRO98zOxTGASF
TasOxvs0Q8cfs6fZasR0SSPLHXAA3JvcFkfZ148aw06CZaCfZPWm/xhr0w/F2qfO
j0RlS6gQ7qsWFeeaxfDkVlYZ4gd2UvDWn80SCzJCQHb8YjXItY23iggGgnUb7euA
6StDOySsYAvZDV0F
-----END CERTIFICATE-----
Generated at Wed Jun 4 02:05:33 2025 by rpki-client