Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/oX0ZDsABwD2I1RthziegmMfM-nc.roa
File: oX0ZDsABwD2I1RthziegmMfM-nc.roa (raw, json)
Hash identifier: It2h/RNtvtqCXd8m24mAZv8ZAX7Jc90ygjLNBf/aLMs=
Subject key identifier: A1:7D:19:0E:C0:01:C0:3D:88:D5:1B:61:CE:27:A0:98:C7:CC:FA:77
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7188
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/oX0ZDsABwD2I1RthziegmMfM-nc.roa
Signing time: Mon 30 Jun 2025 01:44:52 +0000
ROA not before: Mon 30 Jun 2025 01:44:52 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29064 (0x7188)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 30 01:44:52 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=A17D190EC001C03D88D51B61CE27A098C7CCFA77
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:52:d3:c0:da:f8:c7:f0:79:0c:57:e2:cc:8a:
2d:4c:81:cf:ab:e6:77:5a:ec:5a:36:64:d4:09:ec:
9d:17:50:43:fa:56:f1:e9:c8:da:04:e8:ed:36:77:
93:c6:b8:d0:cc:de:fe:5c:24:8e:6e:d9:ce:8f:e2:
5a:29:c8:87:60:42:ef:32:72:42:e0:a8:22:e4:2d:
9e:e6:49:ae:4f:97:95:35:98:72:4d:a2:3d:85:75:
99:bb:2c:64:cd:d9:c7:bf:48:9a:b3:d0:f8:26:76:
1b:30:d4:42:e5:39:ef:f4:41:80:09:e8:97:4b:2f:
36:79:1e:c4:c6:7c:1f:4b:16:79:e4:77:b9:33:a4:
9e:36:77:32:7f:45:a0:ed:6d:a0:c7:a2:4d:66:be:
57:70:17:a9:79:0e:2b:a8:7e:d2:62:d8:2e:91:0d:
83:a1:a4:4d:49:9a:72:96:fd:ed:c7:ec:a0:13:82:
30:0b:31:12:cb:90:00:dc:c1:d6:3c:81:5d:ff:00:
c1:6a:72:9c:e3:1f:92:46:2f:88:77:65:4c:28:94:
3b:a8:06:d0:aa:bb:8e:26:29:b4:57:f3:a6:4e:2e:
8b:ae:78:9d:d7:c4:12:2c:da:8e:9a:b5:85:8a:3d:
c8:c0:85:43:e2:6b:6f:84:e3:42:10:33:2f:ec:d7:
2b:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:7D:19:0E:C0:01:C0:3D:88:D5:1B:61:CE:27:A0:98:C7:CC:FA:77
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/oX0ZDsABwD2I1RthziegmMfM-nc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
39:56:36:14:69:23:3e:0c:eb:63:87:b2:4b:b4:fa:a4:89:eb:
80:87:32:b8:a3:49:02:0b:7a:bc:3b:22:4f:44:59:66:70:41:
bd:1c:30:02:19:e8:b5:ea:90:8f:b1:61:ba:2c:14:a3:91:93:
36:c1:b4:57:bb:e6:61:71:00:f3:9c:6c:5a:7a:4d:b0:76:9e:
2c:44:03:2f:3c:84:fb:4d:8b:26:7c:1d:c0:60:b4:ff:66:09:
21:8c:dc:35:c1:98:59:05:f3:74:86:15:11:ff:bd:32:30:e8:
8c:77:49:a0:be:7c:7f:76:e8:65:bc:6c:5d:e3:9c:f6:a2:d6:
da:b2:60:52:c0:0e:fa:79:51:73:03:bc:6c:f0:2a:50:ab:6f:
60:48:9f:b8:07:54:21:5f:b8:18:a8:7a:50:fa:60:be:75:7d:
d3:ab:57:16:2d:ca:e7:a8:0f:38:b1:e5:f0:d1:81:ca:4f:b6:
e0:9d:52:c6:49:5b:d8:1e:e1:c7:7c:dc:82:d3:2c:97:3c:be:
b8:9c:b4:e2:7b:fc:02:7e:63:11:51:b9:10:91:c6:0d:e0:4c:
46:71:a6:f5:f9:ff:f3:a2:a5:49:60:98:f1:a5:27:44:72:68:
17:33:ad:9a:7c:34:a1:13:0a:01:30:f5:b2:36:ab:ac:d7:a8:
25:09:a8:90
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcYgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MzAw
MTQ0NTJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEExN0QxOTBFQzAwMUMw
M0Q4OEQ1MUI2MUNFMjdBMDk4QzdDQ0ZBNzcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDHUtPA2vjH8HkMV+LMii1Mgc+r5nda7Fo2ZNQJ7J0XUEP6VvHp
yNoE6O02d5PGuNDM3v5cJI5u2c6P4lopyIdgQu8yckLgqCLkLZ7mSa5Pl5U1mHJN
oj2FdZm7LGTN2ce/SJqz0Pgmdhsw1ELlOe/0QYAJ6JdLLzZ5HsTGfB9LFnnkd7kz
pJ42dzJ/RaDtbaDHok1mvldwF6l5DiuoftJi2C6RDYOhpE1JmnKW/e3H7KATgjAL
MRLLkADcwdY8gV3/AMFqcpzjH5JGL4h3ZUwolDuoBtCqu44mKbRX86ZOLouueJ3X
xBIs2o6atYWKPcjAhUPia2+E40IQMy/s1yujAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUoX0ZDsABwD2I1RthziegmMfM+ncwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L29YMFpEc0FCd0QySTFS
dGh6aWVnbU1mTS1uYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA5VjYU
aSM+DOtjh7JLtPqkieuAhzK4o0kCC3q8OyJPRFlmcEG9HDACGei16pCPsWG6LBSj
kZM2wbRXu+ZhcQDznGxaek2wdp4sRAMvPIT7TYsmfB3AYLT/ZgkhjNw1wZhZBfN0
hhUR/70yMOiMd0mgvnx/duhlvGxd45z2otbasmBSwA76eVFzA7xs8CpQq29gSJ+4
B1QhX7gYqHpQ+mC+dX3Tq1cWLcrnqA84seXw0YHKT7bgnVLGSVvYHuHHfNyC0yyX
PL64nLTie/wCfmMRUbkQkcYN4ExGcab1+f/zoqVJYJjxpSdEcmgXM62afDShEwoB
MPWyNqus16glCaiQ
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:50:29 2025 by rpki-client