Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/koAxwuMAKkYJ5aWBzIl5snA7RM8.roa
File: koAxwuMAKkYJ5aWBzIl5snA7RM8.roa (raw, json)
Hash identifier: hPY2BKgsEuSGHHbiP0yKQWpeYC5+Il9SzwnW2IY45vM=
Subject key identifier: 92:80:31:C2:E3:00:2A:46:09:E5:A5:81:CC:89:79:B2:70:3B:44:CF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 75F4
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/koAxwuMAKkYJ5aWBzIl5snA7RM8.roa
Signing time: Fri 11 Jul 2025 21:11:38 +0000
ROA not before: Fri 11 Jul 2025 21:11:38 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30196 (0x75f4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 11 21:11:38 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=928031C2E3002A4609E5A581CC8979B2703B44CF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:b7:d8:c3:53:c8:ab:e3:35:09:39:42:c1:9d:
0e:c3:bb:ae:a4:ed:76:45:1d:06:5c:31:dd:eb:d5:
c5:54:1d:5f:b5:a1:d5:14:d1:56:cc:d2:f1:ab:0b:
f3:65:6c:81:78:e7:e9:d9:30:86:01:19:38:b9:5a:
9c:45:0b:bb:05:f4:da:99:5b:f0:00:03:88:f0:3a:
b9:ca:3c:09:7a:a4:6d:07:25:fb:e4:7b:c9:89:92:
ba:9a:56:09:ab:0c:97:0f:63:06:55:c9:3d:74:bf:
f6:e8:a0:90:a9:3e:b5:e0:fb:06:4a:08:51:3b:8a:
fe:9e:ab:2b:7b:90:65:4f:a9:e9:19:11:bb:1c:b6:
91:bb:49:f5:ff:31:86:e7:7e:c1:86:b5:02:28:ca:
0e:07:29:65:0e:5b:6c:a5:85:a0:bf:d5:e6:aa:53:
0d:bf:fc:3f:ac:16:a1:94:76:42:52:54:01:af:0e:
77:2c:38:d5:25:2a:ac:42:d2:18:f6:19:85:33:01:
b1:ee:1f:ec:e5:a1:98:b3:0b:4c:67:49:f5:52:12:
65:b6:5a:dd:c5:fe:6d:ff:8e:0e:ed:0e:28:d4:4d:
a5:e3:49:cf:d7:2d:4c:ed:30:1e:a4:4a:5b:9c:50:
d7:6f:27:6e:0f:20:30:54:fc:9c:1b:3a:d5:38:d8:
ee:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:80:31:C2:E3:00:2A:46:09:E5:A5:81:CC:89:79:B2:70:3B:44:CF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/koAxwuMAKkYJ5aWBzIl5snA7RM8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
56:b7:55:12:b1:f4:69:a9:8f:09:62:88:ef:40:14:2e:ee:0e:
7c:bf:12:b7:15:4d:bf:ec:78:4f:51:38:13:89:77:20:a6:c3:
05:d2:01:b0:84:0a:d4:4a:97:9e:c5:40:da:48:b6:31:37:d1:
50:68:51:89:83:c0:28:56:77:de:f0:d7:ed:0c:d0:b7:67:2b:
4d:e6:7a:8c:90:d6:fe:cb:e3:d5:59:1d:7d:59:8b:2c:0c:c4:
b1:8b:24:14:d2:5a:fb:e0:66:33:54:c8:56:45:cf:06:3d:d1:
99:0c:ea:5f:2c:6c:fa:70:a1:0a:6c:2f:3a:8d:9f:57:31:f1:
da:a0:72:a9:9d:f5:4c:3b:81:1a:39:df:e4:20:84:ad:29:40:
e2:a4:f9:d0:66:23:c4:a7:69:59:17:fc:ae:49:b3:db:cc:f5:
90:f0:0b:e7:33:e8:fe:74:cf:ea:8a:9f:83:93:87:70:30:61:
c8:3f:61:fd:de:b9:e0:48:92:16:29:bc:61:3e:4a:1a:d0:5c:
25:59:20:fc:3c:72:52:7d:e9:43:b4:7f:4f:97:b0:47:ca:fc:
ea:44:04:cb:8d:ec:01:d8:5d:c4:41:46:71:17:96:34:18:26:
1b:f7:70:1d:1d:ab:81:c3:59:39:fd:83:f2:ab:a8:09:2d:08:
0b:66:5b:3c
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdfQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTEy
MTExMzhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDkyODAzMUMyRTMwMDJB
NDYwOUU1QTU4MUNDODk3OUIyNzAzQjQ0Q0YwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/t9jDU8ir4zUJOULBnQ7Du66k7XZFHQZcMd3r1cVUHV+1odUU
0VbM0vGrC/NlbIF45+nZMIYBGTi5WpxFC7sF9NqZW/AAA4jwOrnKPAl6pG0HJfvk
e8mJkrqaVgmrDJcPYwZVyT10v/booJCpPrXg+wZKCFE7iv6eqyt7kGVPqekZEbsc
tpG7SfX/MYbnfsGGtQIoyg4HKWUOW2ylhaC/1eaqUw2//D+sFqGUdkJSVAGvDncs
ONUlKqxC0hj2GYUzAbHuH+zloZizC0xnSfVSEmW2Wt3F/m3/jg7tDijUTaXjSc/X
LUztMB6kSlucUNdvJ24PIDBU/JwbOtU42O67AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUkoAxwuMAKkYJ5aWBzIl5snA7RM8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2tvQXh3dU1BS2tZSjVh
V0J6SWw1c25BN1JNOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBWt1US
sfRpqY8JYojvQBQu7g58vxK3FU2/7HhPUTgTiXcgpsMF0gGwhArUSpeexUDaSLYx
N9FQaFGJg8AoVnfe8NftDNC3ZytN5nqMkNb+y+PVWR19WYssDMSxiyQU0lr74GYz
VMhWRc8GPdGZDOpfLGz6cKEKbC86jZ9XMfHaoHKpnfVMO4EaOd/kIIStKUDipPnQ
ZiPEp2lZF/yuSbPbzPWQ8AvnM+j+dM/qip+Dk4dwMGHIP2H93rngSJIWKbxhPkoa
0FwlWSD8PHJSfelDtH9Pl7BHyvzqRATLjewB2F3EQUZxF5Y0GCYb93AdHauBw1k5
/YPyq6gJLQgLZls8
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:49:32 2025 by rpki-client