Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/kpH-EdgmqBDhlb5WKrIcYP7Lhyg.roa
File: kpH-EdgmqBDhlb5WKrIcYP7Lhyg.roa (raw, json)
Hash identifier: 23wfHaAHh4NYszMDY2VYr3wcKW2vyCxAQy+xlDs9xuM=
Subject key identifier: 92:91:FE:11:D8:26:A8:10:E1:95:BE:56:2A:B2:1C:60:FE:CB:87:28
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6D08
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/kpH-EdgmqBDhlb5WKrIcYP7Lhyg.roa
Signing time: Tue 17 Jun 2025 20:21:13 +0000
ROA not before: Tue 17 Jun 2025 20:21:13 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27912 (0x6d08)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 17 20:21:13 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=9291FE11D826A810E195BE562AB21C60FECB8728
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:27:3a:12:0a:98:e0:31:92:52:16:bb:05:12:
2f:d6:19:84:48:f6:ed:f4:f4:a9:ee:8d:25:3c:6a:
b1:b5:4e:b3:90:0a:fa:4b:3d:90:47:cd:3f:c0:da:
cc:72:e6:69:2e:03:d8:4c:23:f1:87:e6:38:f8:17:
8e:d6:96:82:db:d6:a7:37:60:6c:44:ae:fb:85:2a:
1a:f4:f9:a6:44:de:2d:63:36:73:e3:b9:da:29:87:
bb:1e:b7:5d:ea:2e:dc:74:fe:3f:b1:31:4b:33:82:
7e:de:ca:7f:23:7b:d6:02:a7:0c:92:88:2a:ad:e0:
4e:2a:1b:fe:04:e4:16:25:22:36:64:e2:7e:a1:3a:
6c:37:9e:bc:67:a6:d9:f4:7e:73:20:b6:ae:f5:86:
43:94:5d:40:1e:63:fa:d3:9d:44:f5:02:61:a6:c8:
2e:52:de:39:4b:35:ea:76:28:92:74:b6:9f:c1:b3:
93:30:0a:9e:dc:d5:37:f0:fc:e6:d0:6c:50:0c:73:
77:26:fb:cc:94:07:76:0e:07:26:e3:c7:90:ae:01:
19:4c:5a:94:be:42:83:5f:ec:1e:7d:66:99:51:1a:
13:51:25:65:97:23:61:44:f9:ef:21:44:fb:cf:fa:
32:61:aa:7b:21:bc:3f:71:fe:8c:ea:c2:7d:0c:c3:
a8:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:91:FE:11:D8:26:A8:10:E1:95:BE:56:2A:B2:1C:60:FE:CB:87:28
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/kpH-EdgmqBDhlb5WKrIcYP7Lhyg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
08:c1:1f:19:dc:1a:86:38:65:35:5e:02:61:ad:d2:13:29:9d:
9a:0a:7e:40:b4:eb:db:59:21:5c:9b:9e:17:8e:09:30:58:50:
47:bf:fc:47:e8:90:ac:99:1c:01:9d:6d:88:b7:fb:c4:9d:b2:
26:f7:97:64:d8:c9:fb:5a:54:95:8d:34:92:43:e0:51:94:97:
e1:98:30:d8:01:21:1c:d2:d6:72:0a:f8:87:12:03:04:6b:0e:
73:40:8d:fa:1c:5f:33:af:95:97:8e:05:6b:9b:e2:e9:15:ed:
ac:f4:d7:38:1f:2b:77:2a:dd:14:ec:3d:93:6b:f4:f0:0b:b6:
2a:20:46:da:5e:43:64:59:7e:7e:11:b3:5c:d7:5c:25:3b:df:
8e:b8:15:ac:3b:d8:d4:c2:0d:0c:73:c7:55:16:61:f2:f0:93:
fd:f6:34:c5:62:36:64:9e:f5:e7:4e:b8:a3:2c:df:16:18:7d:
5e:4e:14:90:3d:3e:95:3d:5c:9b:66:ec:1f:54:23:c1:0f:a4:
9a:89:e8:0f:25:90:6f:ce:ac:de:79:b9:7c:b9:4b:46:43:78:
33:be:bd:70:95:f9:79:78:ff:9e:20:ba:c6:ee:71:23:c3:fc:
bd:14:c6:8d:a4:cc:0f:83:9a:81:84:2b:32:88:49:f5:eb:62:
03:5f:74:69
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbQgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTcy
MDIxMTNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDkyOTFGRTExRDgyNkE4
MTBFMTk1QkU1NjJBQjIxQzYwRkVDQjg3MjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCxJzoSCpjgMZJSFrsFEi/WGYRI9u309KnujSU8arG1TrOQCvpL
PZBHzT/A2sxy5mkuA9hMI/GH5jj4F47WloLb1qc3YGxErvuFKhr0+aZE3i1jNnPj
udoph7set13qLtx0/j+xMUszgn7eyn8je9YCpwySiCqt4E4qG/4E5BYlIjZk4n6h
Omw3nrxnptn0fnMgtq71hkOUXUAeY/rTnUT1AmGmyC5S3jlLNep2KJJ0tp/Bs5Mw
Cp7c1Tfw/ObQbFAMc3cm+8yUB3YOBybjx5CuARlMWpS+QoNf7B59ZplRGhNRJWWX
I2FE+e8hRPvP+jJhqnshvD9x/ozqwn0Mw6gFAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUkpH+EdgmqBDhlb5WKrIcYP7LhygwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2twSC1FZGdtcUJEaGxi
NVdLckljWVA3TGh5Zy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAIwR8Z
3BqGOGU1XgJhrdITKZ2aCn5AtOvbWSFcm54XjgkwWFBHv/xH6JCsmRwBnW2It/vE
nbIm95dk2Mn7WlSVjTSSQ+BRlJfhmDDYASEc0tZyCviHEgMEaw5zQI36HF8zr5WX
jgVrm+LpFe2s9Nc4Hyt3Kt0U7D2Ta/TwC7YqIEbaXkNkWX5+EbNc11wlO9+OuBWs
O9jUwg0Mc8dVFmHy8JP99jTFYjZknvXnTrijLN8WGH1eThSQPT6VPVybZuwfVCPB
D6SaiegPJZBvzqzeebl8uUtGQ3gzvr1wlfl5eP+eILrG7nEjw/y9FMaNpMwPg5qB
hCsyiEn162IDX3Rp
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:46:38 2025 by rpki-client