Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/hx8l7f3Il8lpoCrmF9aR1x2ZYf4.roa
File: hx8l7f3Il8lpoCrmF9aR1x2ZYf4.roa (raw, json)
Hash identifier: KSnxHb3prTnJCUQnXvY71M/Gos1yzNpdD2jDb/fp3Os=
Subject key identifier: 87:1F:25:ED:FD:C8:97:C9:69:A0:2A:E6:17:D6:91:D7:1D:99:61:FE
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 633E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hx8l7f3Il8lpoCrmF9aR1x2ZYf4.roa
Signing time: Thu 22 May 2025 17:40:51 +0000
ROA not before: Thu 22 May 2025 17:40:51 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25406 (0x633e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 22 17:40:51 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=871F25EDFDC897C969A02AE617D691D71D9961FE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:d9:9c:aa:0c:f6:d8:5a:d8:d5:30:09:dd:ac:
fc:f4:f5:4f:b9:4c:57:64:59:ca:fd:09:e3:66:ff:
8b:85:11:20:4b:12:87:a3:0a:d1:7c:e5:db:ec:e5:
41:a4:48:4f:70:d0:12:92:a2:ff:f4:12:7d:5d:42:
61:28:dd:4e:f3:fa:01:2e:05:52:a6:5b:4e:2d:46:
2d:56:4b:9a:6e:ae:34:aa:c2:f8:ec:a0:28:93:56:
28:b5:b6:7e:5a:01:26:fc:cf:8a:5e:47:63:d1:e1:
58:2d:29:32:3a:d5:ba:0c:04:07:d2:c9:25:38:46:
22:57:24:4a:4e:d7:93:c3:80:f5:c9:e9:d0:c5:68:
93:23:25:af:a0:7e:40:3c:a8:c6:3a:48:c8:2e:42:
19:5b:7c:72:35:b3:38:0c:7d:e3:c4:bd:a3:4c:34:
53:e8:16:c8:9d:4c:f7:48:29:bc:76:43:7a:78:b4:
66:f2:e0:8c:dc:ff:58:4b:9c:00:fc:69:84:9c:f3:
ee:10:1b:62:c1:4c:e7:c8:39:74:40:12:aa:ff:8f:
60:88:f1:3d:89:94:90:6f:ec:4f:fe:28:79:c5:ec:
18:89:ed:9d:f2:98:6d:55:6a:93:1d:14:c8:09:7b:
30:cc:45:88:f3:e2:cb:cb:16:22:38:87:1c:25:0d:
4e:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:1F:25:ED:FD:C8:97:C9:69:A0:2A:E6:17:D6:91:D7:1D:99:61:FE
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hx8l7f3Il8lpoCrmF9aR1x2ZYf4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
87:32:d2:80:9a:f2:e5:82:d0:50:27:52:ec:f0:d2:b9:40:df:
18:4f:82:bf:5c:5b:9d:5f:cf:9e:c8:15:17:59:ac:ed:b5:65:
82:7a:49:e0:66:04:25:36:dd:79:29:27:0b:0b:1e:71:2c:a2:
d5:18:8e:a0:b8:e1:64:fc:80:59:cb:63:60:47:d9:02:6e:25:
e2:8c:b8:b2:20:e2:c0:da:9c:f4:b2:13:40:83:87:39:df:9c:
e9:77:7c:7d:f8:e3:68:64:a1:d6:db:43:48:3a:7e:9d:f7:12:
8a:11:e8:d4:3e:ff:82:0e:38:47:12:44:a5:06:75:56:1c:c7:
5c:4d:22:80:7c:76:b5:8d:70:ec:86:1f:35:50:fb:7f:a3:b8:
e7:39:92:38:5a:59:26:b9:6b:99:a5:d4:9b:0b:67:46:b0:88:
37:a0:38:1a:dc:56:bf:ab:7a:61:94:36:3b:30:b4:ac:33:00:
7b:d4:0d:ff:21:bc:2e:f5:f9:04:15:8a:4e:27:d8:8a:6c:92:
d8:27:d9:ea:58:84:83:68:7b:eb:91:a2:c7:df:68:2f:3e:89:
d3:1d:84:89:8d:e1:fc:ed:a3:89:48:60:49:34:f9:6c:ae:e5:
ea:f5:95:2c:e2:94:98:6e:2c:1f:9d:ba:4c:ef:0c:cb:dc:62:
c7:e3:ec:78
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYz4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjIx
NzQwNTFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDg3MUYyNUVERkRDODk3
Qzk2OUEwMkFFNjE3RDY5MUQ3MUQ5OTYxRkUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDZ2ZyqDPbYWtjVMAndrPz09U+5TFdkWcr9CeNm/4uFESBLEoej
CtF85dvs5UGkSE9w0BKSov/0En1dQmEo3U7z+gEuBVKmW04tRi1WS5purjSqwvjs
oCiTVii1tn5aASb8z4peR2PR4VgtKTI61boMBAfSySU4RiJXJEpO15PDgPXJ6dDF
aJMjJa+gfkA8qMY6SMguQhlbfHI1szgMfePEvaNMNFPoFsidTPdIKbx2Q3p4tGby
4Izc/1hLnAD8aYSc8+4QG2LBTOfIOXRAEqr/j2CI8T2JlJBv7E/+KHnF7BiJ7Z3y
mG1VapMdFMgJezDMRYjz4svLFiI4hxwlDU63AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUhx8l7f3Il8lpoCrmF9aR1x2ZYf4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2h4OGw3ZjNJbDhscG9D
cm1GOWFSMXgyWllmNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCHMtKA
mvLlgtBQJ1Ls8NK5QN8YT4K/XFudX8+eyBUXWazttWWCekngZgQlNt15KScLCx5x
LKLVGI6guOFk/IBZy2NgR9kCbiXijLiyIOLA2pz0shNAg4c535zpd3x9+ONoZKHW
20NIOn6d9xKKEejUPv+CDjhHEkSlBnVWHMdcTSKAfHa1jXDshh81UPt/o7jnOZI4
WlkmuWuZpdSbC2dGsIg3oDga3Fa/q3phlDY7MLSsMwB71A3/Ibwu9fkEFYpOJ9iK
bJLYJ9nqWISDaHvrkaLH32gvPonTHYSJjeH87aOJSGBJNPlsruXq9ZUs4pSYbiwf
nbpM7wzL3GLH4+x4
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:43:11 2025 by rpki-client