Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/pOWFjE2tX3IibWVjqObIvUzbqPg.roa
File: pOWFjE2tX3IibWVjqObIvUzbqPg.roa (raw, json)
Hash identifier: MkvtSISzjAduYmOOSlh499Wq3hSdpYJ8FUXZbUIdAe4=
Subject key identifier: A4:E5:85:8C:4D:AD:5F:72:22:6D:65:63:A8:E6:C8:BD:4C:DB:A8:F8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7158
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/pOWFjE2tX3IibWVjqObIvUzbqPg.roa
Signing time: Sun 29 Jun 2025 13:44:38 +0000
ROA not before: Sun 29 Jun 2025 13:44:38 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29016 (0x7158)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 29 13:44:38 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=A4E5858C4DAD5F72226D6563A8E6C8BD4CDBA8F8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:c6:89:b9:d2:1c:b7:1f:14:d3:d7:c9:18:50:
c3:37:aa:e6:d0:82:1b:66:7e:c0:b5:d3:73:b5:0f:
57:28:76:f9:16:23:39:a5:76:48:c1:76:bc:b4:f9:
e8:6e:ea:02:14:d6:a1:ef:38:37:46:f8:ce:1b:da:
0c:e4:94:3d:9c:9b:67:d3:14:00:36:9b:42:d2:96:
26:5f:a2:0b:a6:64:e9:4b:41:ed:85:69:00:cf:73:
69:f7:7b:d6:e0:bd:d0:d3:15:0b:80:fd:b7:31:94:
17:4c:eb:0b:3a:d9:9b:48:09:0c:65:71:f5:74:33:
c4:66:41:6b:de:43:45:48:c1:10:ae:f7:93:6c:95:
bb:b1:03:24:04:07:45:f8:46:a1:7d:6d:d2:48:71:
6a:b7:3b:f4:0f:28:c3:af:f1:28:0d:95:90:ab:74:
0a:86:7b:e4:7e:ed:0d:5b:43:5d:9f:41:4d:32:9e:
03:16:1c:92:cc:6d:2a:25:15:34:0c:2f:ef:b4:c0:
f0:42:f0:70:49:da:14:18:3a:f4:8a:b5:3f:b4:3c:
5e:b3:ef:04:1a:6f:41:7a:ea:f8:d9:c6:2c:db:30:
1a:24:13:e2:6f:26:45:77:6a:ef:24:bd:37:ab:0e:
5f:fa:3d:7f:67:2f:fc:e1:65:a1:ee:1d:52:0f:67:
5e:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:E5:85:8C:4D:AD:5F:72:22:6D:65:63:A8:E6:C8:BD:4C:DB:A8:F8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/pOWFjE2tX3IibWVjqObIvUzbqPg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
bc:2b:54:12:8f:ed:38:0b:59:53:5a:a0:d9:dc:85:7f:a4:a4:
32:b6:05:e3:e1:b1:cd:ea:ec:ec:5c:41:70:1f:2c:ab:9e:ca:
16:4d:0c:c8:b8:ee:4a:7c:1e:10:15:b3:ef:05:ee:a3:06:2f:
76:66:d4:ce:97:c8:b3:e1:2c:cd:0e:31:1e:af:01:29:2a:0f:
77:60:6c:d8:cb:1e:87:bf:c0:e7:3f:77:4e:1c:c4:af:da:06:
f3:d0:18:22:89:f6:f6:cf:84:19:19:6f:56:10:4c:98:97:c6:
39:56:c7:c0:0d:e6:df:bf:37:60:25:03:db:6f:e7:9d:08:03:
51:34:0e:10:79:cc:78:f0:73:31:48:b7:01:36:d9:a1:c6:dd:
b1:00:2c:ae:7c:18:57:bb:5c:9f:da:21:51:3a:50:dc:18:a2:
e7:c0:6b:30:85:54:0b:ca:e1:92:9c:a8:d2:0c:f9:c7:95:ef:
d4:6d:1e:e4:2f:f9:ec:c8:30:12:2f:ff:f0:fb:f9:8e:b5:8b:
29:54:39:3a:aa:83:13:99:98:42:de:33:16:57:d5:e1:79:3b:
09:40:01:e6:83:3a:61:3b:4c:15:1e:db:46:ff:6d:06:10:e2:
e6:d8:4e:2d:93:fb:45:4b:a9:b4:16:a3:ac:4a:48:59:f0:2f:
c3:7d:5c:af
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcVgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2Mjkx
MzQ0MzhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEE0RTU4NThDNERBRDVG
NzIyMjZENjU2M0E4RTZDOEJENENEQkE4RjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC5xom50hy3HxTT18kYUMM3qubQghtmfsC103O1D1codvkWIzml
dkjBdry0+ehu6gIU1qHvODdG+M4b2gzklD2cm2fTFAA2m0LSliZfogumZOlLQe2F
aQDPc2n3e9bgvdDTFQuA/bcxlBdM6ws62ZtICQxlcfV0M8RmQWveQ0VIwRCu95Ns
lbuxAyQEB0X4RqF9bdJIcWq3O/QPKMOv8SgNlZCrdAqGe+R+7Q1bQ12fQU0yngMW
HJLMbSolFTQML++0wPBC8HBJ2hQYOvSKtT+0PF6z7wQab0F66vjZxizbMBokE+Jv
JkV3au8kvTerDl/6PX9nL/zhZaHuHVIPZ16hAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUpOWFjE2tX3IibWVjqObIvUzbqPgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3BPV0ZqRTJ0WDNJaWJX
VmpxT2JJdlV6YnFQZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQC8K1QS
j+04C1lTWqDZ3IV/pKQytgXj4bHN6uzsXEFwHyyrnsoWTQzIuO5KfB4QFbPvBe6j
Bi92ZtTOl8iz4SzNDjEerwEpKg93YGzYyx6Hv8DnP3dOHMSv2gbz0Bgiifb2z4QZ
GW9WEEyYl8Y5VsfADebfvzdgJQPbb+edCANRNA4Qecx48HMxSLcBNtmhxt2xACyu
fBhXu1yf2iFROlDcGKLnwGswhVQLyuGSnKjSDPnHle/UbR7kL/nsyDASL//w+/mO
tYspVDk6qoMTmZhC3jMWV9XheTsJQAHmgzphO0wVHttG/20GEOLm2E4tk/tFS6m0
FqOsSkhZ8C/DfVyv
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:37:05 2025 by rpki-client