Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ogYLusgAjittzqX0ozbf6FEm-vM.roa
File: ogYLusgAjittzqX0ozbf6FEm-vM.roa (raw, json)
Hash identifier: GBDhXaoaIrGrgHUsy2UWSTEQ+ILgchiEZwu7LSoZIng=
Subject key identifier: A2:06:0B:BA:C8:00:8E:2B:6D:CE:A5:F4:A3:36:DF:E8:51:26:FA:F3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 787A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ogYLusgAjittzqX0ozbf6FEm-vM.roa
Signing time: Fri 18 Jul 2025 14:42:08 +0000
ROA not before: Fri 18 Jul 2025 14:42:08 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30842 (0x787a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 18 14:42:08 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=A2060BBAC8008E2B6DCEA5F4A336DFE85126FAF3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:ef:84:a3:a6:3d:d3:0f:2c:06:fe:fe:3d:8a:
89:1e:a3:e3:60:ff:27:3d:a3:82:14:95:10:a6:9a:
8c:ec:8d:1f:4e:ce:1d:19:f9:54:79:ac:50:20:fc:
e8:1a:2c:35:57:d0:62:e4:28:b6:51:75:fc:a5:b9:
5b:09:2d:b8:7e:48:2b:31:c9:f4:1d:32:76:07:8d:
3d:50:ad:87:f6:0d:3c:c6:22:02:5b:1e:2d:a7:0f:
e9:bb:27:e4:67:f6:24:58:94:1a:0f:bc:80:c9:54:
41:8d:82:31:8f:d9:2e:e4:1f:af:80:d0:d9:1d:e0:
65:7a:4d:33:ec:24:97:21:68:62:4d:d1:4b:d4:07:
7f:a1:71:3a:c4:03:97:d2:44:67:81:3c:d0:2f:50:
0f:72:3e:a0:97:37:77:04:df:e4:1d:fd:92:3d:7c:
80:85:8e:d8:70:31:02:de:42:c0:d4:46:a7:fd:7f:
38:98:76:38:e0:ef:7d:38:57:1b:04:4d:6f:bd:5d:
7d:62:a2:ef:71:3a:0d:3e:93:b4:ee:85:db:b9:ca:
68:ab:1d:b8:0e:62:6e:29:e9:44:93:db:5e:69:6d:
1f:4f:7d:54:34:53:5f:04:9d:e1:ad:c4:36:01:98:
42:ad:ee:8f:cf:96:5c:e5:e0:5c:3f:27:58:c9:04:
26:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:06:0B:BA:C8:00:8E:2B:6D:CE:A5:F4:A3:36:DF:E8:51:26:FA:F3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ogYLusgAjittzqX0ozbf6FEm-vM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
11:0e:2e:3c:08:fb:2b:cb:e0:5f:d4:bf:f3:3e:56:f6:a5:53:
49:d0:10:b1:1a:32:11:8f:2c:7a:14:9a:fd:90:5e:ed:10:e2:
5d:d6:f2:0b:b4:34:9a:3f:b6:ac:e7:6a:85:08:e3:0e:a6:bd:
00:07:c8:ce:94:c2:4a:f5:35:bf:7a:4c:3e:30:e4:ce:88:0f:
d7:84:16:d5:bb:c6:8c:e0:26:3d:20:dd:d0:42:ce:a0:47:4d:
ca:94:e6:22:95:35:4d:8c:14:11:61:83:ec:be:fa:0d:8d:5d:
a3:ae:64:5c:26:d0:c7:07:68:2c:52:bc:0b:34:22:88:52:e3:
31:7b:f3:1a:85:70:d7:0e:52:a4:78:c2:dd:3b:38:67:6c:7b:
f0:b0:cd:e2:75:2a:8c:a1:77:6e:52:e5:bf:95:0a:e2:10:d7:
3d:ce:c6:13:83:9b:dc:92:cb:7e:cb:7f:e4:19:ac:f7:40:22:
6b:b6:05:46:48:e7:9b:1f:88:9d:b3:17:96:da:60:13:28:29:
50:4c:df:ee:be:e7:5c:a7:98:20:2d:e7:f5:05:68:04:b1:a9:
ac:45:11:06:fd:27:64:35:24:14:54:e5:0c:7e:55:e0:0a:92:
60:2c:ea:ad:bc:f2:9c:8a:cf:cb:c3:e8:01:d6:e5:15:3a:e3:
05:1e:21:ee
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeHowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTgx
NDQyMDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEEyMDYwQkJBQzgwMDhF
MkI2RENFQTVGNEEzMzZERkU4NTEyNkZBRjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDQ74Sjpj3TDywG/v49iokeo+Ng/yc9o4IUlRCmmozsjR9Ozh0Z
+VR5rFAg/OgaLDVX0GLkKLZRdfyluVsJLbh+SCsxyfQdMnYHjT1QrYf2DTzGIgJb
Hi2nD+m7J+Rn9iRYlBoPvIDJVEGNgjGP2S7kH6+A0Nkd4GV6TTPsJJchaGJN0UvU
B3+hcTrEA5fSRGeBPNAvUA9yPqCXN3cE3+Qd/ZI9fICFjthwMQLeQsDURqf9fziY
djjg7304VxsETW+9XX1iou9xOg0+k7Tuhdu5ymirHbgOYm4p6UST215pbR9PfVQ0
U18EneGtxDYBmEKt7o/Pllzl4Fw/J1jJBCb3AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUogYLusgAjittzqX0ozbf6FEm+vMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L29nWUx1c2dBaml0dHpx
WDBvemJmNkZFbS12TS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQARDi48
CPsry+Bf1L/zPlb2pVNJ0BCxGjIRjyx6FJr9kF7tEOJd1vILtDSaP7as52qFCOMO
pr0AB8jOlMJK9TW/ekw+MOTOiA/XhBbVu8aM4CY9IN3QQs6gR03KlOYilTVNjBQR
YYPsvvoNjV2jrmRcJtDHB2gsUrwLNCKIUuMxe/MahXDXDlKkeMLdOzhnbHvwsM3i
dSqMoXduUuW/lQriENc9zsYTg5vckst+y3/kGaz3QCJrtgVGSOebH4idsxeW2mAT
KClQTN/uvudcp5ggLef1BWgEsamsRREG/SdkNSQUVOUMflXgCpJgLOqtvPKcis/L
w+gB1uUVOuMFHiHu
-----END CERTIFICATE-----
Generated at Sun Jul 20 21:20:55 2025 by rpki-client