Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/hZMj3e_O-7wpgsjfzE8idgjoiak.roa
File: hZMj3e_O-7wpgsjfzE8idgjoiak.roa (raw, json)
Hash identifier: bMaPf5cUKNBrd4qlmv9lP5OS7xDwH21+In4EzjVSZ20=
Subject key identifier: 85:93:23:DD:EF:CE:FB:BC:29:82:C8:DF:CC:4F:22:76:08:E8:89:A9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7568
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hZMj3e_O-7wpgsjfzE8idgjoiak.roa
Signing time: Thu 10 Jul 2025 09:46:06 +0000
ROA not before: Thu 10 Jul 2025 09:46:06 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30056 (0x7568)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 10 09:46:06 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=859323DDEFCEFBBC2982C8DFCC4F227608E889A9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:b8:df:cb:82:83:01:bd:b2:91:69:64:3a:fe:
73:98:ad:91:c3:de:b5:08:96:cd:22:6b:a4:96:03:
b6:50:31:a9:eb:c5:05:57:b5:77:19:fd:d5:b0:91:
b4:1e:86:d2:b1:c7:45:6f:8f:61:0d:03:d6:cb:ed:
09:84:1b:af:47:49:ca:04:3a:96:9f:c0:03:42:eb:
44:cd:ad:06:3b:86:d6:6a:ee:63:c5:e3:37:78:2c:
d9:69:43:dd:c7:22:39:65:c3:a3:5a:92:0a:ed:04:
f3:54:97:c7:4d:5e:bb:aa:bc:89:16:0a:3e:e5:b2:
35:9a:1f:da:4a:7d:f4:67:a6:c3:0f:e4:8b:bb:e4:
75:c2:e9:c1:77:56:8a:f6:77:42:60:52:80:b3:14:
0b:f4:1d:9c:54:89:37:18:98:23:f7:e0:d5:e5:c7:
65:0b:c7:5d:17:a6:50:31:d3:d5:5c:13:e4:9f:57:
30:47:59:47:ec:56:23:04:44:13:83:1b:0d:5b:31:
ae:3e:09:49:88:e4:89:bd:41:56:51:da:df:48:30:
40:b5:65:86:fd:ff:3d:8d:28:e1:ba:a6:58:d7:53:
41:94:b8:07:aa:68:75:65:bd:5b:c4:c5:ac:7c:db:
49:78:17:6a:44:09:e3:64:86:78:24:ea:f5:71:bd:
20:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:93:23:DD:EF:CE:FB:BC:29:82:C8:DF:CC:4F:22:76:08:E8:89:A9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hZMj3e_O-7wpgsjfzE8idgjoiak.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
3e:50:f4:7d:5e:44:b5:fa:92:62:63:09:ed:0c:36:5e:b8:1b:
a2:11:7a:fa:6a:c8:11:b6:32:71:70:06:87:93:36:cb:e5:28:
c7:b8:1d:cb:78:b3:ad:00:a0:51:f4:ef:d2:ab:90:4c:94:2f:
1f:5f:5d:7e:4e:a7:d6:5f:ee:a4:d1:b5:b0:06:f5:23:b6:cf:
d6:e9:2b:95:e1:d5:99:9a:b9:77:db:3a:1d:88:6b:6b:e6:fa:
a3:46:00:a8:03:f6:b9:9a:dc:69:ec:d3:bf:f4:e1:cf:f3:49:
39:d6:77:c3:64:b8:37:35:24:54:85:f1:75:0b:55:4a:ff:eb:
e6:93:38:78:5d:d4:dc:f9:73:ef:d1:15:7b:c3:27:52:38:02:
62:c1:86:a3:3a:37:0a:c5:d9:3a:c1:60:7d:2b:47:78:02:85:
b3:8b:20:fb:97:af:2e:78:0f:d3:a9:69:1e:28:75:6b:90:15:
9c:45:0f:e5:42:61:ae:fb:17:87:e7:20:31:bc:2a:bf:7a:f5:
16:a3:04:ed:76:8a:bf:20:5f:01:5e:9e:19:d5:88:21:98:56:
92:1f:49:d3:e3:0e:23:4f:47:3c:33:ab:cc:0c:88:37:91:d6:
0a:7c:eb:60:2a:b3:9d:d2:c2:54:2f:01:21:85:24:6b:42:3c:
7d:c6:00:51
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdWgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTAw
OTQ2MDZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDg1OTMyM0RERUZDRUZC
QkMyOTgyQzhERkNDNEYyMjc2MDhFODg5QTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDPuN/LgoMBvbKRaWQ6/nOYrZHD3rUIls0ia6SWA7ZQManrxQVX
tXcZ/dWwkbQehtKxx0Vvj2ENA9bL7QmEG69HScoEOpafwANC60TNrQY7htZq7mPF
4zd4LNlpQ93HIjllw6NakgrtBPNUl8dNXruqvIkWCj7lsjWaH9pKffRnpsMP5Iu7
5HXC6cF3Vor2d0JgUoCzFAv0HZxUiTcYmCP34NXlx2ULx10XplAx09VcE+SfVzBH
WUfsViMERBODGw1bMa4+CUmI5Im9QVZR2t9IMEC1ZYb9/z2NKOG6pljXU0GUuAeq
aHVlvVvExax820l4F2pECeNkhngk6vVxvSAHAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUhZMj3e/O+7wpgsjfzE8idgjoiakwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2haTWozZV9PLTd3cGdz
amZ6RThpZGdqb2lhay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA+UPR9
XkS1+pJiYwntDDZeuBuiEXr6asgRtjJxcAaHkzbL5SjHuB3LeLOtAKBR9O/Sq5BM
lC8fX11+TqfWX+6k0bWwBvUjts/W6SuV4dWZmrl32zodiGtr5vqjRgCoA/a5mtxp
7NO/9OHP80k51nfDZLg3NSRUhfF1C1VK/+vmkzh4XdTc+XPv0RV7wydSOAJiwYaj
OjcKxdk6wWB9K0d4AoWziyD7l68ueA/TqWkeKHVrkBWcRQ/lQmGu+xeH5yAxvCq/
evUWowTtdoq/IF8BXp4Z1YghmFaSH0nT4w4jT0c8M6vMDIg3kdYKfOtgKrOd0sJU
LwEhhSRrQjx9xgBR
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:45:50 2025 by rpki-client