Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/oDwbxZwiHQUghlIbnNpmHnLhwvI.roa
File: oDwbxZwiHQUghlIbnNpmHnLhwvI.roa (raw, json)
Hash identifier: el/zWJRngFg57Zu5YzuiXZIMTAJ1iFO2zjZse8Hezjc=
Subject key identifier: A0:3C:1B:C5:9C:22:1D:05:20:86:52:1B:9C:DA:66:1E:72:E1:C2:F2
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 619E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/oDwbxZwiHQUghlIbnNpmHnLhwvI.roa
Signing time: Sun 18 May 2025 09:40:32 +0000
ROA not before: Sun 18 May 2025 09:40:32 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24990 (0x619e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 18 09:40:32 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=A03C1BC59C221D052086521B9CDA661E72E1C2F2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f1:56:b7:aa:66:4d:e7:86:68:4c:12:a9:02:e2:
8e:d4:1f:ba:26:9e:32:23:2d:4c:c0:69:aa:e5:81:
05:bf:ec:ea:bf:c8:10:f5:aa:04:ce:90:02:1a:31:
84:71:b1:c3:14:15:65:e8:7c:a6:10:52:9f:80:a2:
5a:b7:dc:02:e8:26:7d:f2:0a:26:99:fe:d0:55:bd:
d9:c7:6b:84:43:ca:6c:48:39:49:86:1e:61:78:5e:
fc:88:db:2c:c4:6d:97:1c:19:88:20:93:6f:dd:d2:
04:15:8e:38:f4:4e:95:cb:0d:7e:11:01:4a:bf:a2:
78:dd:e9:c7:d6:5c:5e:a7:ec:e8:4f:17:f2:70:78:
bc:3d:ec:5e:20:bf:f4:15:19:7d:49:58:62:a2:9c:
f6:a2:17:ba:5b:1d:d1:aa:88:f6:51:45:b2:9f:03:
0a:94:b8:be:31:33:bb:fc:ae:fe:0c:47:fc:5c:6d:
b8:14:f1:22:b7:ba:b6:ab:eb:cc:f1:11:7e:a5:e5:
6f:4c:cf:20:36:41:b2:43:22:6a:5a:f1:0e:a5:93:
f8:76:bf:2d:12:ca:73:bc:0d:5b:e7:9c:f2:1f:16:
7e:7a:9c:6d:26:98:08:f4:28:62:88:16:16:29:aa:
d3:74:dd:1e:76:4d:bf:d6:48:f8:b3:14:cc:71:51:
55:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:3C:1B:C5:9C:22:1D:05:20:86:52:1B:9C:DA:66:1E:72:E1:C2:F2
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/oDwbxZwiHQUghlIbnNpmHnLhwvI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
88:d0:34:a2:e1:42:55:19:91:8d:71:18:91:ef:53:d7:9b:3c:
1b:0a:36:9e:d7:cc:23:2d:52:8b:54:43:ca:c0:ea:09:f6:d5:
ff:b0:e6:c1:f3:a3:c2:0d:d7:7d:7d:80:78:11:a6:62:c6:49:
15:2b:8a:f8:1d:ec:3d:f3:57:70:ac:d9:c3:be:e0:a6:90:e4:
64:63:0f:22:f1:54:52:ab:dd:db:25:ba:2a:8f:a8:24:c6:e6:
e3:c8:2d:ef:8a:56:9e:2a:06:6d:57:d5:f6:c2:da:da:11:69:
08:c9:30:17:08:ec:8c:d0:b7:8b:8e:f9:8a:2a:fe:6b:c4:da:
9f:d9:6b:ab:b9:7a:84:79:1d:14:25:85:ae:c7:67:d2:a0:02:
3c:3b:6a:8b:c8:af:a2:fa:f7:30:26:5f:fa:2f:bf:72:3b:d1:
a2:2c:e5:d2:e6:50:4f:4c:9a:2e:dd:a5:ae:e1:de:7a:59:60:
af:7b:71:67:1f:0b:6c:d4:5e:ce:0f:c6:a8:35:a6:f0:f9:28:
fa:b9:ff:df:b6:05:35:66:58:68:fb:d1:4d:7d:39:3d:f2:a8:
45:b0:24:28:97:19:83:1c:0a:a5:b0:7a:86:79:49:2f:34:16:
0a:b3:ea:47:6c:04:30:50:c2:66:1c:e9:39:82:e4:c1:b1:b0:
40:b3:c3:01
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYZ4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTgw
OTQwMzJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEEwM0MxQkM1OUMyMjFE
MDUyMDg2NTIxQjlDREE2NjFFNzJFMUMyRjIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDxVreqZk3nhmhMEqkC4o7UH7omnjIjLUzAaarlgQW/7Oq/yBD1
qgTOkAIaMYRxscMUFWXofKYQUp+Aolq33ALoJn3yCiaZ/tBVvdnHa4RDymxIOUmG
HmF4XvyI2yzEbZccGYggk2/d0gQVjjj0TpXLDX4RAUq/onjd6cfWXF6n7OhPF/Jw
eLw97F4gv/QVGX1JWGKinPaiF7pbHdGqiPZRRbKfAwqUuL4xM7v8rv4MR/xcbbgU
8SK3urar68zxEX6l5W9MzyA2QbJDImpa8Q6lk/h2vy0SynO8DVvnnPIfFn56nG0m
mAj0KGKIFhYpqtN03R52Tb/WSPizFMxxUVUrAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUoDwbxZwiHQUghlIbnNpmHnLhwvIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L29Ed2J4WndpSFFVZ2hs
SWJuTnBtSG5MaHd2SS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCI0DSi
4UJVGZGNcRiR71PXmzwbCjae18wjLVKLVEPKwOoJ9tX/sObB86PCDdd9fYB4EaZi
xkkVK4r4Hew981dwrNnDvuCmkORkYw8i8VRSq93bJboqj6gkxubjyC3vilaeKgZt
V9X2wtraEWkIyTAXCOyM0LeLjvmKKv5rxNqf2WuruXqEeR0UJYWux2fSoAI8O2qL
yK+i+vcwJl/6L79yO9GiLOXS5lBPTJou3aWu4d56WWCve3FnHwts1F7OD8aoNabw
+Sj6uf/ftgU1Zlho+9FNfTk98qhFsCQolxmDHAqlsHqGeUkvNBYKs+pHbAQwUMJm
HOk5guTBsbBAs8MB
-----END CERTIFICATE-----
Generated at Wed Jun 4 02:59:30 2025 by rpki-client