Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/hCKNN9kPe0sgowwfak97q1PT8PQ.roa
File: hCKNN9kPe0sgowwfak97q1PT8PQ.roa (raw, json)
Hash identifier: bwb/cy1DpUYd/0jqr3tilBr81bVP5DHp5kvh+JbffEQ=
Subject key identifier: 84:22:8D:37:D9:0F:7B:4B:20:A3:0C:1F:6A:4F:7B:AB:53:D3:F0:F4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 63FA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hCKNN9kPe0sgowwfak97q1PT8PQ.roa
Signing time: Sat 24 May 2025 16:40:52 +0000
ROA not before: Sat 24 May 2025 16:40:52 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25594 (0x63fa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 24 16:40:52 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=84228D37D90F7B4B20A30C1F6A4F7BAB53D3F0F4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:84:77:bd:45:51:e6:a4:0b:29:5f:5f:a1:23:
86:48:08:b0:99:76:8a:b1:aa:2f:02:ea:ce:67:a1:
87:9b:d3:dc:82:6d:18:14:c9:45:57:de:33:fa:fa:
96:ab:01:1e:78:2b:a8:77:aa:fa:7d:c8:ba:62:da:
53:6b:5d:e8:8b:82:bf:e9:28:80:74:9c:af:05:2a:
d3:a1:04:b2:12:5f:80:be:75:a6:5e:fa:35:43:f3:
eb:fd:9c:aa:89:ce:b9:6a:4e:63:7b:d3:ab:34:39:
a8:d5:c4:08:b7:f6:89:f8:ea:81:1f:f0:9d:2f:9b:
af:22:6b:83:9e:97:dc:21:00:fb:e7:57:96:86:3d:
28:00:f4:92:bb:7e:f4:4e:ba:e2:42:6d:85:8d:70:
e8:0f:fd:72:8f:76:b7:c9:e5:80:a2:7b:5a:ca:24:
88:ca:d1:bf:16:41:15:f1:0e:d3:3b:bf:cf:ff:c0:
42:e3:e8:8c:86:c3:8b:92:33:11:a6:7a:ce:07:32:
37:c6:d8:c4:31:6a:ce:50:f8:b6:48:8a:93:c5:ca:
87:f7:a4:85:60:17:a4:f4:9c:26:0d:43:7b:78:64:
1d:93:49:59:db:1d:60:3d:a5:78:c1:e6:18:f5:ee:
dd:c8:15:97:2a:0c:43:9a:d1:59:bf:17:86:f5:e3:
b6:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:22:8D:37:D9:0F:7B:4B:20:A3:0C:1F:6A:4F:7B:AB:53:D3:F0:F4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hCKNN9kPe0sgowwfak97q1PT8PQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
65:ee:51:48:2f:e3:8a:6e:03:0b:9a:80:bc:7f:42:18:ec:63:
75:f8:ce:bf:e7:00:bc:db:64:65:68:34:1b:d6:43:80:39:d6:
06:2f:50:93:20:5a:f7:1e:be:1f:11:39:2e:2d:a3:94:a3:62:
19:a7:10:3a:2e:1d:ac:ba:b4:fb:78:8f:d9:97:43:b6:9a:8a:
80:af:12:3c:8b:06:9b:6c:32:c3:df:79:d6:e7:b0:33:cd:f6:
df:1e:52:be:65:23:4d:d9:dd:40:74:6c:cc:5a:19:92:58:a2:
3f:45:23:8e:c0:c8:6f:f6:f7:55:83:59:a2:93:42:e9:65:5b:
2e:40:1f:33:1e:90:4f:a3:ca:53:0b:dd:bd:92:c6:b4:f4:05:
2d:cf:1f:bc:21:46:f4:46:a6:c8:91:d3:62:8d:ff:5e:eb:ad:
d4:1c:3b:08:17:85:22:93:f3:79:d2:e1:b7:ab:d3:cb:94:05:
88:ef:42:2f:24:d7:55:a2:03:f5:27:d0:b5:5f:e9:da:49:3b:
f2:0a:14:4c:e5:2a:97:e4:66:d6:16:91:49:6b:de:2b:1b:02:
c3:27:ef:45:14:78:b7:07:32:25:4c:ed:cf:cb:56:fa:48:a7:
11:bc:d1:8d:b7:d4:3d:e2:f2:c1:c3:31:a2:77:63:33:e5:be:
f5:21:21:d9
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICY/owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjQx
NjQwNTJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDg0MjI4RDM3RDkwRjdC
NEIyMEEzMEMxRjZBNEY3QkFCNTNEM0YwRjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCnhHe9RVHmpAspX1+hI4ZICLCZdoqxqi8C6s5noYeb09yCbRgU
yUVX3jP6+parAR54K6h3qvp9yLpi2lNrXeiLgr/pKIB0nK8FKtOhBLISX4C+daZe
+jVD8+v9nKqJzrlqTmN706s0OajVxAi39on46oEf8J0vm68ia4Oel9whAPvnV5aG
PSgA9JK7fvROuuJCbYWNcOgP/XKPdrfJ5YCie1rKJIjK0b8WQRXxDtM7v8//wELj
6IyGw4uSMxGmes4HMjfG2MQxas5Q+LZIipPFyof3pIVgF6T0nCYNQ3t4ZB2TSVnb
HWA9pXjB5hj17t3IFZcqDEOa0Vm/F4b147bHAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUhCKNN9kPe0sgowwfak97q1PT8PQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2hDS05OOWtQZTBzZ293
d2Zhazk3cTFQVDhQUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBl7lFI
L+OKbgMLmoC8f0IY7GN1+M6/5wC822RlaDQb1kOAOdYGL1CTIFr3Hr4fETkuLaOU
o2IZpxA6Lh2surT7eI/Zl0O2moqArxI8iwabbDLD33nW57AzzfbfHlK+ZSNN2d1A
dGzMWhmSWKI/RSOOwMhv9vdVg1mik0LpZVsuQB8zHpBPo8pTC929ksa09AUtzx+8
IUb0RqbIkdNijf9e663UHDsIF4Uik/N50uG3q9PLlAWI70IvJNdVogP1J9C1X+na
STvyChRM5SqX5GbWFpFJa94rGwLDJ+9FFHi3BzIlTO3Py1b6SKcRvNGNt9Q94vLB
wzGid2Mz5b71ISHZ
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:12:34 2025 by rpki-client