Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/kOnyQQZDHo5J1eNoO1XeSsoQB8w.roa
File: kOnyQQZDHo5J1eNoO1XeSsoQB8w.roa (raw, json)
Hash identifier: gFCC29bbd9WjOo7pleo13ZiF/oqZpSOBuUMlYbh5Zgs=
Subject key identifier: 90:E9:F2:41:06:43:1E:8E:49:D5:E3:68:3B:55:DE:4A:CA:10:07:CC
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 660C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/kOnyQQZDHo5J1eNoO1XeSsoQB8w.roa
Signing time: Fri 30 May 2025 05:13:52 +0000
ROA not before: Fri 30 May 2025 05:13:52 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26124 (0x660c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 30 05:13:52 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=90E9F24106431E8E49D5E3683B55DE4ACA1007CC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:c5:9a:9e:46:7f:a5:a8:0a:23:35:92:01:7d:
3e:7f:6d:79:49:c8:31:c1:73:4c:4d:49:27:a2:4b:
d7:a3:ed:65:0c:f1:45:78:c2:73:f6:39:c1:a5:bc:
32:77:e7:2f:94:ad:60:20:56:a7:19:57:ab:2e:56:
a2:27:35:52:9d:1d:50:b9:5b:d9:c3:97:dc:48:70:
42:b3:8c:48:68:f1:c5:cc:89:2e:8c:8b:52:55:a0:
7e:d7:aa:74:0d:c1:5d:b4:8c:24:cc:06:5a:6b:d2:
17:13:8f:c3:3f:a9:24:85:14:c5:dc:54:de:b8:a3:
fe:ef:7c:d1:7e:15:92:e1:96:5b:60:9c:8b:a1:0e:
9f:5a:73:41:63:f6:ab:bf:22:92:7c:6c:87:35:8d:
63:83:91:90:2f:a8:14:12:a2:0a:f4:20:64:1c:6c:
b3:9d:01:3e:ea:34:38:ed:6e:22:9b:52:97:07:da:
22:13:5e:59:1f:37:b7:83:d9:4c:f9:9e:18:f6:9f:
46:29:e3:df:7f:a7:c2:d0:a1:df:59:6b:ca:c1:86:
08:5e:de:de:51:00:d9:48:86:7c:92:3b:db:1a:2a:
6e:80:d6:96:8d:73:bf:cb:79:87:b4:c1:1e:32:89:
95:50:c7:2b:5e:f9:c1:52:96:1f:3f:6a:6f:7b:a0:
8f:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:E9:F2:41:06:43:1E:8E:49:D5:E3:68:3B:55:DE:4A:CA:10:07:CC
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/kOnyQQZDHo5J1eNoO1XeSsoQB8w.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
a5:29:96:a1:f5:24:54:6e:6c:b7:ab:f0:28:00:5d:fb:8a:33:
3c:8a:3b:42:b9:e1:14:4d:6e:f6:65:5d:ae:33:43:70:57:c5:
d8:b7:6b:82:f5:5d:db:91:5d:84:eb:14:69:3a:79:f7:da:e4:
e3:6a:d0:a1:33:bc:28:14:42:83:3e:bd:78:64:07:d2:42:26:
35:5d:6d:00:96:a2:86:2c:cc:66:fd:f8:83:e1:1b:af:4d:8e:
9a:98:28:fa:a6:3a:6c:77:f0:fd:8a:03:20:f0:62:e6:75:39:
8c:da:38:73:bb:dd:25:a0:33:4d:e1:0c:f2:96:29:64:75:65:
ea:9e:00:f8:f4:13:6a:50:9d:c3:3c:a5:5a:51:ce:55:b2:fa:
6b:ee:cb:cc:64:69:13:a2:76:96:38:9f:20:98:5e:91:b9:48:
04:f9:d1:68:bf:27:35:89:fe:e8:aa:bd:e6:72:f8:7d:51:06:
0d:cf:2e:2a:e1:a1:a0:85:ff:d2:6b:ec:fb:12:1f:87:32:d5:
46:2e:2a:fc:ad:cf:11:55:41:23:d6:4d:ba:58:fc:c0:e1:c6:
3a:28:4d:fc:0b:16:cc:a8:71:d2:18:2c:00:0b:51:62:f6:8e:
ef:60:70:dc:c0:e2:82:1a:38:1b:a7:9e:88:fb:a7:16:57:78:
65:84:05:92
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZgwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MzAw
NTEzNTJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDkwRTlGMjQxMDY0MzFF
OEU0OUQ1RTM2ODNCNTVERTRBQ0ExMDA3Q0MwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDOxZqeRn+lqAojNZIBfT5/bXlJyDHBc0xNSSeiS9ej7WUM8UV4
wnP2OcGlvDJ35y+UrWAgVqcZV6suVqInNVKdHVC5W9nDl9xIcEKzjEho8cXMiS6M
i1JVoH7XqnQNwV20jCTMBlpr0hcTj8M/qSSFFMXcVN64o/7vfNF+FZLhlltgnIuh
Dp9ac0Fj9qu/IpJ8bIc1jWODkZAvqBQSogr0IGQcbLOdAT7qNDjtbiKbUpcH2iIT
XlkfN7eD2Uz5nhj2n0Yp499/p8LQod9Za8rBhghe3t5RANlIhnySO9saKm6A1paN
c7/LeYe0wR4yiZVQxyte+cFSlh8/am97oI83AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUkOnyQQZDHo5J1eNoO1XeSsoQB8wwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2tPbnlRUVpESG81SjFl
Tm9PMVhlU3NvUUI4dy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQClKZah
9SRUbmy3q/AoAF37ijM8ijtCueEUTW72ZV2uM0NwV8XYt2uC9V3bkV2E6xRpOnn3
2uTjatChM7woFEKDPr14ZAfSQiY1XW0AlqKGLMxm/fiD4RuvTY6amCj6pjpsd/D9
igMg8GLmdTmM2jhzu90loDNN4QzylilkdWXqngD49BNqUJ3DPKVaUc5Vsvpr7svM
ZGkTonaWOJ8gmF6RuUgE+dFovyc1if7oqr3mcvh9UQYNzy4q4aGghf/Sa+z7Eh+H
MtVGLir8rc8RVUEj1k26WPzA4cY6KE38CxbMqHHSGCwAC1Fi9o7vYHDcwOKCGjgb
p56I+6cWV3hlhAWS
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:02:05 2025 by rpki-client