Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/hjYtViKJrgu4j8fl_VbEmpUCd5A.roa
File: hjYtViKJrgu4j8fl_VbEmpUCd5A.roa (raw, json)
Hash identifier: 2E9/9cfVNkuO5xgEW8ijxHD24bWeM4TNr2rpx4r09yM=
Subject key identifier: 86:36:2D:56:22:89:AE:0B:B8:8F:C7:E5:FD:56:C4:9A:95:02:77:90
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7030
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hjYtViKJrgu4j8fl_VbEmpUCd5A.roa
Signing time: Thu 26 Jun 2025 11:44:40 +0000
ROA not before: Thu 26 Jun 2025 11:44:40 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28720 (0x7030)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 26 11:44:40 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=86362D562289AE0BB88FC7E5FD56C49A95027790
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:42:60:71:2d:58:7a:5a:5c:c7:1c:81:4e:94:
40:b9:df:ec:a6:db:0c:eb:b6:39:c0:76:20:af:87:
07:d1:ec:c2:6c:3f:79:18:f3:91:73:06:32:4c:73:
07:84:15:57:39:a0:02:51:cc:4d:ff:25:59:36:38:
6c:8b:09:d3:53:43:a3:01:42:0e:9a:49:08:4a:b5:
dc:55:fa:b6:1b:15:25:e7:91:19:39:ff:b4:5d:f6:
ce:80:1f:b9:9d:10:30:2e:fb:96:c7:6d:c9:9b:e8:
24:6e:a8:18:6c:4a:ca:13:b9:d0:10:a3:b3:18:10:
1a:5e:3c:eb:47:87:be:ae:18:6f:e0:41:87:88:3d:
85:0c:ab:4c:dd:49:40:c0:11:c7:2a:9d:a5:c5:4a:
40:d4:37:89:cd:3c:b5:31:65:9c:ea:29:a7:c3:4b:
af:c7:a3:8c:96:e0:ca:62:b9:9b:f6:81:4c:bf:35:
6a:ac:1a:df:7b:cc:7d:6f:49:1b:93:03:70:4c:01:
ae:13:8f:d0:d6:46:7a:55:73:1d:0a:5d:b9:06:f5:
45:60:bd:eb:26:9f:d6:e6:4e:96:ec:1a:15:77:62:
a6:f4:89:f8:49:49:cb:c5:d8:ed:fe:50:d4:f1:2f:
6a:c9:46:c5:a0:a5:37:80:50:57:cc:95:50:69:f1:
be:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:36:2D:56:22:89:AE:0B:B8:8F:C7:E5:FD:56:C4:9A:95:02:77:90
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hjYtViKJrgu4j8fl_VbEmpUCd5A.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
af:ed:36:a9:09:cd:88:0f:8e:cc:44:a5:7b:af:7c:40:c3:64:
66:8a:28:14:3d:d2:3a:c4:77:17:a7:aa:72:6a:24:ef:b0:c1:
38:af:b9:c6:bf:c6:d1:cd:46:96:06:4e:58:b9:fc:e5:ad:90:
66:ba:7f:01:33:85:0a:cb:8a:62:32:72:1f:6b:0e:73:59:3a:
81:44:8d:23:07:d3:ff:4a:e0:ea:c2:30:f0:c9:39:61:a5:72:
c9:32:3c:85:ed:2d:35:6f:e0:e7:eb:99:70:20:d6:f6:45:45:
7f:99:47:f0:0c:f6:9a:28:b7:ad:49:db:6b:7e:0c:ec:32:72:
8d:11:fb:5d:fd:2a:79:99:73:a3:ef:b2:5f:1e:d1:c6:91:f4:
5b:b2:5f:d9:d3:35:a7:b6:d1:71:be:3c:04:69:89:92:25:4d:
48:48:5c:9e:52:b0:4a:cb:be:65:2c:21:0b:84:7b:39:ac:c0:
11:dd:92:06:fa:1a:21:51:ba:31:c1:0e:70:0c:ed:1a:63:47:
2a:7d:d3:9a:e5:1e:28:2a:ce:e9:a4:62:41:e9:60:18:0a:d0:
e7:9e:20:37:0e:7c:bf:28:35:c3:a8:e5:34:52:39:fc:ac:d9:
4c:fe:75:21:83:1b:c1:5b:9b:7b:89:9e:5b:43:2a:0b:18:66:
d4:57:61:06
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcDAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjYx
MTQ0NDBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDg2MzYyRDU2MjI4OUFF
MEJCODhGQzdFNUZENTZDNDlBOTUwMjc3OTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCoQmBxLVh6WlzHHIFOlEC53+ym2wzrtjnAdiCvhwfR7MJsP3kY
85FzBjJMcweEFVc5oAJRzE3/JVk2OGyLCdNTQ6MBQg6aSQhKtdxV+rYbFSXnkRk5
/7Rd9s6AH7mdEDAu+5bHbcmb6CRuqBhsSsoTudAQo7MYEBpePOtHh76uGG/gQYeI
PYUMq0zdSUDAEccqnaXFSkDUN4nNPLUxZZzqKafDS6/Ho4yW4MpiuZv2gUy/NWqs
Gt97zH1vSRuTA3BMAa4Tj9DWRnpVcx0KXbkG9UVgvesmn9bmTpbsGhV3Yqb0ifhJ
ScvF2O3+UNTxL2rJRsWgpTeAUFfMlVBp8b57AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUhjYtViKJrgu4j8fl/VbEmpUCd5AwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2hqWXRWaUtKcmd1NGo4
ZmxfVmJFbXBVQ2Q1QS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCv7Tap
Cc2ID47MRKV7r3xAw2RmiigUPdI6xHcXp6pyaiTvsME4r7nGv8bRzUaWBk5Yufzl
rZBmun8BM4UKy4piMnIfaw5zWTqBRI0jB9P/SuDqwjDwyTlhpXLJMjyF7S01b+Dn
65lwINb2RUV/mUfwDPaaKLetSdtrfgzsMnKNEftd/Sp5mXOj77JfHtHGkfRbsl/Z
0zWnttFxvjwEaYmSJU1ISFyeUrBKy75lLCELhHs5rMAR3ZIG+hohUboxwQ5wDO0a
Y0cqfdOa5R4oKs7ppGJB6WAYCtDnniA3Dny/KDXDqOU0Ujn8rNlM/nUhgxvBW5t7
iZ5bQyoLGGbUV2EG
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:34:01 2025 by rpki-client