Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/o_g4EafDPf7oweqWk-eztNKRYQQ.roa
File: o_g4EafDPf7oweqWk-eztNKRYQQ.roa (raw, json)
Hash identifier: IL2GMCL8x8Zcjn1IvFpBbtAIX5MXwl+AlvJkNyijU/A=
Subject key identifier: A3:F8:38:11:A7:C3:3D:FE:E8:C1:EA:96:93:E7:B3:B4:D2:91:61:04
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6772
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/o_g4EafDPf7oweqWk-eztNKRYQQ.roa
Signing time: Mon 02 Jun 2025 22:41:41 +0000
ROA not before: Mon 02 Jun 2025 22:41:41 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26482 (0x6772)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 2 22:41:41 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=A3F83811A7C33DFEE8C1EA9693E7B3B4D2916104
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:47:51:50:6b:8f:6a:30:cf:ea:c6:ab:03:ae:
c8:a8:89:1e:18:1c:d6:c7:79:1c:e3:fa:0b:c8:68:
49:d7:d8:b1:ee:7e:0f:bd:db:2e:77:6b:76:ef:91:
22:0f:64:ad:a5:25:ab:b6:35:31:99:54:73:5b:5f:
f3:46:47:22:18:cc:4a:a5:60:e5:7b:84:17:3f:71:
23:bc:72:06:e4:d1:f2:83:00:1d:81:fa:87:bf:de:
0a:55:db:32:83:2c:7d:47:63:8f:6e:e1:a2:37:02:
04:04:6c:de:98:a8:2b:3c:5a:48:6c:51:c7:af:b9:
5a:e5:03:f6:45:92:2d:59:d4:41:de:ba:c3:e0:d1:
74:9d:0e:dd:4d:4e:a9:56:07:62:e2:d1:83:85:c3:
78:8f:17:fd:d7:95:30:b2:ab:3c:84:34:24:84:7a:
bf:95:e5:5b:0f:55:4d:35:00:63:b8:91:cb:b2:83:
40:21:f8:c2:25:e2:94:cc:cf:27:6c:a7:5c:5b:f5:
39:46:c0:4f:f8:f1:9b:5f:ff:f8:21:1c:d9:05:ef:
89:b5:2f:ba:77:47:25:d2:1e:4f:10:68:b4:aa:bb:
ca:eb:ef:98:76:00:9d:9a:3e:bd:ff:b6:6a:6a:11:
2d:2b:89:09:91:4d:b1:bd:51:e3:21:1c:48:d6:0c:
74:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:F8:38:11:A7:C3:3D:FE:E8:C1:EA:96:93:E7:B3:B4:D2:91:61:04
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/o_g4EafDPf7oweqWk-eztNKRYQQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
0b:3f:01:b1:56:6c:b7:0f:05:78:bc:2e:f8:94:58:0e:15:5b:
a0:9b:3c:f3:8c:a6:7a:86:32:53:70:7c:d7:18:76:9d:4c:61:
a0:de:c0:4a:69:00:63:57:3d:8b:fe:93:50:96:82:d6:94:4d:
9b:fd:3e:13:fb:1e:70:f1:bb:c8:25:cc:5c:86:36:96:cd:06:
3b:69:b0:f9:d2:d7:b2:31:a6:4d:04:f7:f0:5a:40:65:98:0e:
8a:49:f1:d2:eb:43:dc:34:8a:7b:e7:26:61:78:ab:21:5d:46:
73:52:bf:34:af:09:2e:62:95:ab:1e:8f:1d:d5:8f:36:d0:82:
02:63:29:94:db:e0:9e:5e:5f:2d:2c:af:5f:15:c2:ca:69:e1:
f5:d1:c7:ef:64:e2:1a:b2:27:cd:6c:e2:ac:1e:4e:b7:81:2b:
2a:22:52:22:0a:5c:b9:4c:83:e9:69:d8:50:92:ac:73:5d:9b:
35:21:10:08:6b:9a:70:9c:bf:06:c3:b8:4b:65:0a:7d:73:80:
3f:2d:1e:02:09:73:e9:97:d9:f9:36:a9:91:8b:bc:93:96:d5:
c5:63:72:e5:b7:b1:ac:b3:bd:87:72:d7:38:01:4d:5f:51:23:
78:f9:db:69:bd:ed:60:63:a3:e1:78:15:8e:22:83:75:a3:48:
56:1f:de:ab
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZ3IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDIy
MjQxNDFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEEzRjgzODExQTdDMzNE
RkVFOEMxRUE5NjkzRTdCM0I0RDI5MTYxMDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDIR1FQa49qMM/qxqsDrsioiR4YHNbHeRzj+gvIaEnX2LHufg+9
2y53a3bvkSIPZK2lJau2NTGZVHNbX/NGRyIYzEqlYOV7hBc/cSO8cgbk0fKDAB2B
+oe/3gpV2zKDLH1HY49u4aI3AgQEbN6YqCs8WkhsUcevuVrlA/ZFki1Z1EHeusPg
0XSdDt1NTqlWB2Li0YOFw3iPF/3XlTCyqzyENCSEer+V5VsPVU01AGO4kcuyg0Ah
+MIl4pTMzydsp1xb9TlGwE/48Ztf//ghHNkF74m1L7p3RyXSHk8QaLSqu8rr75h2
AJ2aPr3/tmpqES0riQmRTbG9UeMhHEjWDHSrAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUo/g4EafDPf7oweqWk+eztNKRYQQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L29fZzRFYWZEUGY3b3dl
cVdrLWV6dE5LUllRUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQALPwGx
Vmy3DwV4vC74lFgOFVugmzzzjKZ6hjJTcHzXGHadTGGg3sBKaQBjVz2L/pNQloLW
lE2b/T4T+x5w8bvIJcxchjaWzQY7abD50teyMaZNBPfwWkBlmA6KSfHS60PcNIp7
5yZheKshXUZzUr80rwkuYpWrHo8d1Y820IICYymU2+CeXl8tLK9fFcLKaeH10cfv
ZOIasifNbOKsHk63gSsqIlIiCly5TIPpadhQkqxzXZs1IRAIa5pwnL8Gw7hLZQp9
c4A/LR4CCXPpl9n5NqmRi7yTltXFY3Llt7Gss72Hctc4AU1fUSN4+dtpve1gY6Ph
eBWOIoN1o0hWH96r
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:57:43 2025 by rpki-client