
Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/hehPKX28SZT2GidvqcAN5bPfFUc.roa
File: hehPKX28SZT2GidvqcAN5bPfFUc.roa (raw, json)
Hash identifier: Rz6myKy8uRFq3pllkee0l+Oq3Nky3z6o2tb4IQiI6oE=
Subject key identifier: 85:E8:4F:29:7D:BC:49:94:F6:1A:27:6F:A9:C0:0D:E5:B3:DF:15:47
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 733E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hehPKX28SZT2GidvqcAN5bPfFUc.roa
Signing time: Fri 04 Jul 2025 15:18:15 +0000
ROA not before: Fri 04 Jul 2025 15:18:15 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29502 (0x733e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 4 15:18:15 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=85E84F297DBC4994F61A276FA9C00DE5B3DF1547
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:94:76:6f:b2:81:ad:8f:5d:d5:ff:a4:61:ef:
56:4c:89:53:29:28:6f:89:3e:7a:f7:28:d2:e4:14:
64:e4:ab:3c:a4:b6:96:ab:69:a9:90:6c:06:c8:9d:
e4:88:f7:c7:85:50:0f:eb:d8:16:25:f3:3e:e7:92:
d0:ac:48:a4:d3:4d:87:f3:28:bf:da:cf:7a:2f:b6:
77:b6:7d:42:88:88:0c:38:b7:e4:1d:ae:35:f1:5e:
14:f9:78:44:ce:8f:73:76:96:1a:56:a6:45:ad:41:
45:77:d5:74:db:0a:4e:07:3a:45:c5:fd:6b:ea:82:
b2:4f:1f:0e:db:80:35:95:81:7a:ad:85:cf:40:38:
2a:52:ae:fd:9f:e1:e6:a1:91:14:22:aa:1d:f4:a0:
ff:65:66:db:57:82:12:a5:e5:56:1c:49:2d:f7:2c:
28:27:a6:74:00:ae:01:1b:16:27:de:ac:46:56:df:
06:4b:7e:b3:18:1c:ec:ea:17:dd:2d:ea:5a:fd:af:
ae:11:2a:f6:39:4a:bc:f7:e3:0c:46:3a:9a:23:ee:
c9:6b:15:08:d6:41:2e:3a:c4:7c:8e:f1:70:9b:88:
c1:45:74:cd:21:cf:bf:8b:34:c1:f0:36:13:e2:76:
e2:80:e9:b2:a1:08:9c:e6:5e:cf:c8:c0:7d:a2:df:
80:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:E8:4F:29:7D:BC:49:94:F6:1A:27:6F:A9:C0:0D:E5:B3:DF:15:47
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hehPKX28SZT2GidvqcAN5bPfFUc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
77:be:e6:fe:06:8c:8f:cc:9e:40:0f:3b:c2:05:e8:fc:a3:42:
85:71:44:85:4a:02:dd:a2:52:d5:bd:9a:05:af:6d:2d:55:d1:
05:1a:10:9e:6d:3c:32:35:7d:4c:12:86:c9:40:ce:0e:3c:da:
bb:f3:cc:7c:e4:aa:4b:fc:af:20:3a:f5:c0:ad:3e:52:b8:62:
b3:12:05:21:88:77:df:67:99:a9:b2:1c:82:a3:fd:b2:02:48:
d0:45:59:34:e1:fd:ca:9b:4a:26:bc:23:f1:61:47:8f:0f:8f:
04:07:33:26:9a:0b:10:bc:ea:cf:db:2f:c3:55:17:9f:70:ef:
e1:f8:21:76:22:66:1d:b8:0c:ed:9e:bc:83:28:31:86:ab:1d:
da:bc:09:cb:07:2e:43:0f:20:78:1f:24:e5:f3:3d:75:a8:ec:
23:09:77:91:04:3f:24:bc:4f:74:60:19:c3:9a:b7:6d:d9:a8:
bc:0b:c8:fe:b5:70:c3:16:35:ec:a9:b4:95:f5:67:e6:50:5a:
ed:2f:32:78:31:61:bb:d9:46:6f:37:fa:13:5b:d5:65:71:c0:
87:ce:6c:d5:96:85:24:27:f4:a0:c7:97:5f:f4:a0:da:7b:20:
7e:a5:8f:dc:fb:e2:26:c1:cc:48:dc:88:3c:98:f3:5d:a2:f7:
41:b2:a1:6c
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcz4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDQx
NTE4MTVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDg1RTg0RjI5N0RCQzQ5
OTRGNjFBMjc2RkE5QzAwREU1QjNERjE1NDcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDLlHZvsoGtj13V/6Rh71ZMiVMpKG+JPnr3KNLkFGTkqzyktpar
aamQbAbIneSI98eFUA/r2BYl8z7nktCsSKTTTYfzKL/az3ovtne2fUKIiAw4t+Qd
rjXxXhT5eETOj3N2lhpWpkWtQUV31XTbCk4HOkXF/WvqgrJPHw7bgDWVgXqthc9A
OCpSrv2f4eahkRQiqh30oP9lZttXghKl5VYcSS33LCgnpnQArgEbFiferEZW3wZL
frMYHOzqF90t6lr9r64RKvY5Srz34wxGOpoj7slrFQjWQS46xHyO8XCbiMFFdM0h
z7+LNMHwNhPiduKA6bKhCJzmXs/IwH2i34CJAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUhehPKX28SZT2GidvqcAN5bPfFUcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2hlaFBLWDI4U1pUMkdp
ZHZxY0FONWJQZkZVYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB3vub+
BoyPzJ5ADzvCBej8o0KFcUSFSgLdolLVvZoFr20tVdEFGhCebTwyNX1MEobJQM4O
PNq788x85KpL/K8gOvXArT5SuGKzEgUhiHffZ5mpshyCo/2yAkjQRVk04f3Km0om
vCPxYUePD48EBzMmmgsQvOrP2y/DVRefcO/h+CF2ImYduAztnryDKDGGqx3avAnL
By5DDyB4HyTl8z11qOwjCXeRBD8kvE90YBnDmrdt2ai8C8j+tXDDFjXsqbSV9Wfm
UFrtLzJ4MWG72UZvN/oTW9VlccCHzmzVloUkJ/Sgx5df9KDaeyB+pY/c++ImwcxI
3Ig8mPNdovdBsqFs
-----END CERTIFICATE-----
Generated at Sun Jul 20 16:38:22 2025 by rpki-client