Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/hrSyaPvPHl7LqqBUA2Gu5KkwbD0.roa
File: hrSyaPvPHl7LqqBUA2Gu5KkwbD0.roa (raw, json)
Hash identifier: 6J+UkqM/DrG/h24DIw9x/Eym5nTlUDsgaoGNeQuG8lc=
Subject key identifier: 86:B4:B2:68:FB:CF:1E:5E:CB:AA:A0:54:03:61:AE:E4:A9:30:6C:3D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6E20
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hrSyaPvPHl7LqqBUA2Gu5KkwbD0.roa
Signing time: Sat 21 Jun 2025 05:44:04 +0000
ROA not before: Sat 21 Jun 2025 05:44:04 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28192 (0x6e20)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 21 05:44:04 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=86B4B268FBCF1E5ECBAAA0540361AEE4A9306C3D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:8b:0c:6c:15:ba:02:f1:ca:6b:49:a6:2d:45:
b2:f1:a7:ca:56:cb:56:a7:3a:59:93:ec:7b:21:28:
2c:31:2d:3a:2c:24:65:f1:44:ed:63:87:d1:af:da:
db:03:35:6a:81:fc:01:4f:30:4e:55:2d:b2:11:3b:
67:17:28:64:e3:45:dc:4b:43:1f:d3:6c:d8:7a:d0:
46:bc:28:30:b8:1a:25:33:df:d2:a6:36:02:11:df:
73:31:94:b3:bf:8b:4f:cb:14:95:8a:ed:75:0e:7d:
27:cf:03:e3:f8:e4:f2:6b:53:8d:43:28:39:39:51:
a2:d3:28:7b:54:7f:5c:59:c2:f9:d8:0a:46:79:28:
fe:75:43:ea:ec:3c:60:f5:54:4a:da:ef:aa:45:c3:
de:cf:d0:ec:03:84:d4:3c:96:c3:f0:f3:1b:0a:b4:
0e:5f:cd:eb:9e:1f:2a:f0:5e:b0:6e:d9:68:b0:0b:
8c:10:70:36:26:3e:a1:e1:45:8b:64:42:a3:26:b2:
50:bf:cf:ca:8c:e0:fb:49:0d:9c:45:b8:ac:a2:5d:
0a:a6:e4:9f:90:83:db:c8:65:49:a3:cc:dd:04:3a:
fd:f5:42:e3:cd:15:ea:15:34:6c:1a:8e:e3:77:90:
0c:58:3f:73:32:5b:23:68:b5:57:05:5d:2c:e4:d7:
f1:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:B4:B2:68:FB:CF:1E:5E:CB:AA:A0:54:03:61:AE:E4:A9:30:6C:3D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hrSyaPvPHl7LqqBUA2Gu5KkwbD0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
79:dd:d2:18:07:f5:57:bd:34:a3:19:f0:60:e2:cf:56:93:ff:
c5:bb:55:57:21:75:54:8a:4c:c1:de:66:13:e5:5d:9e:01:2d:
c7:ba:f3:c0:96:06:d6:0d:a0:e3:9e:b0:8b:df:1f:38:4e:ca:
5c:28:4d:fb:80:fa:e8:12:15:50:ff:33:00:4f:18:be:a4:6f:
df:5f:ca:5b:13:bc:dc:a1:72:ba:8c:5c:04:d5:65:dd:44:f4:
d6:e9:89:14:15:ac:4e:49:b8:31:6f:b4:e9:64:19:c3:68:bf:
77:37:9b:82:1c:d6:46:6c:82:96:90:62:d2:d1:9b:80:87:bd:
d7:d4:64:c8:73:8d:71:5a:2c:30:c3:d8:36:90:63:b9:37:e9:
3a:9a:79:fa:e7:b7:9d:68:bf:ae:9c:7f:77:0b:a1:ad:20:dd:
06:35:4c:e8:34:22:05:57:a5:fe:68:06:d4:c2:40:dc:2d:19:
84:cc:02:46:e2:40:0f:23:8e:a8:53:f9:a1:94:71:bc:6c:8d:
08:b9:e8:67:9e:fc:67:af:af:5a:a6:46:5a:ec:11:52:94:43:
e3:d5:05:dd:e5:6f:6e:8a:c7:9b:4e:7f:ff:b5:36:11:05:7f:
5c:03:1e:52:88:bd:8c:20:9a:98:4a:21:b4:87:db:ce:6d:7d:
3f:e0:65:68
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbiAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjEw
NTQ0MDRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDg2QjRCMjY4RkJDRjFF
NUVDQkFBQTA1NDAzNjFBRUU0QTkzMDZDM0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC0iwxsFboC8cprSaYtRbLxp8pWy1anOlmT7HshKCwxLTosJGXx
RO1jh9Gv2tsDNWqB/AFPME5VLbIRO2cXKGTjRdxLQx/TbNh60Ea8KDC4GiUz39Km
NgIR33MxlLO/i0/LFJWK7XUOfSfPA+P45PJrU41DKDk5UaLTKHtUf1xZwvnYCkZ5
KP51Q+rsPGD1VEra76pFw97P0OwDhNQ8lsPw8xsKtA5fzeueHyrwXrBu2WiwC4wQ
cDYmPqHhRYtkQqMmslC/z8qM4PtJDZxFuKyiXQqm5J+Qg9vIZUmjzN0EOv31QuPN
FeoVNGwajuN3kAxYP3MyWyNotVcFXSzk1/F5AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUhrSyaPvPHl7LqqBUA2Gu5KkwbD0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2hyU3lhUHZQSGw3THFx
QlVBMkd1NUtrd2JEMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB53dIY
B/VXvTSjGfBg4s9Wk//Fu1VXIXVUikzB3mYT5V2eAS3HuvPAlgbWDaDjnrCL3x84
TspcKE37gProEhVQ/zMATxi+pG/fX8pbE7zcoXK6jFwE1WXdRPTW6YkUFaxOSbgx
b7TpZBnDaL93N5uCHNZGbIKWkGLS0ZuAh73X1GTIc41xWiwww9g2kGO5N+k6mnn6
57edaL+unH93C6GtIN0GNUzoNCIFV6X+aAbUwkDcLRmEzAJG4kAPI46oU/mhlHG8
bI0Iuehnnvxnr69apkZa7BFSlEPj1QXd5W9uisebTn//tTYRBX9cAx5SiL2MIJqY
SiG0h9vObX0/4GVo
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:34:20 2025 by rpki-client