Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/paBu9hmKqTKo0SfZDHjgYEaVuKU.roa
File: paBu9hmKqTKo0SfZDHjgYEaVuKU.roa (raw, json)
Hash identifier: +/dj/NWtrdH8gAkDQc+4QqtWmzTUPfahlIA0Y+wo44Y=
Subject key identifier: A5:A0:6E:F6:19:8A:A9:32:A8:D1:27:D9:0C:78:E0:60:46:95:B8:A5
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6DA8
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/paBu9hmKqTKo0SfZDHjgYEaVuKU.roa
Signing time: Thu 19 Jun 2025 20:47:18 +0000
ROA not before: Thu 19 Jun 2025 20:47:18 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28072 (0x6da8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 19 20:47:18 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=A5A06EF6198AA932A8D127D90C78E0604695B8A5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f4:5e:35:bf:fe:e1:98:72:ef:ea:ea:ff:79:1b:
41:a9:1d:e1:b6:54:da:7f:df:28:dc:c7:69:3d:6b:
bc:91:71:89:f0:de:c9:00:cc:49:bf:20:bb:e8:7e:
3d:fc:c8:e6:52:2e:5b:63:cc:0f:4d:7f:07:0e:9f:
4d:67:70:be:2c:a3:bc:ee:58:17:77:d8:6d:f0:b7:
b4:c4:a9:b4:99:27:85:54:17:8d:e5:80:9e:57:61:
45:f2:ea:48:46:64:cf:75:3c:45:81:4c:31:da:3f:
d3:3e:8a:da:fc:2d:a3:5a:43:fb:1b:fa:55:c7:b9:
1f:38:3a:d1:a0:c0:43:3f:72:8c:92:95:d7:81:1c:
c8:16:39:50:af:45:f0:7d:35:9d:b7:d0:53:0d:4f:
1e:df:c2:f6:f6:43:1e:f5:99:3f:bf:41:94:11:2e:
e6:67:ea:5f:ab:0c:9f:55:65:e1:f0:14:a7:50:56:
28:5c:37:67:c4:bd:e6:5f:10:be:84:65:ac:a0:10:
28:a5:17:63:df:64:fe:9a:d8:e8:d7:43:bb:0c:81:
7a:4e:24:64:df:f9:20:fb:b3:1c:41:74:4a:8a:f1:
d2:45:7f:36:ba:cf:41:43:e0:1c:3c:39:f2:2f:56:
37:55:54:c8:00:8e:67:79:98:26:d8:9c:86:2b:d3:
4c:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:A0:6E:F6:19:8A:A9:32:A8:D1:27:D9:0C:78:E0:60:46:95:B8:A5
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/paBu9hmKqTKo0SfZDHjgYEaVuKU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
7f:35:42:d8:c8:f3:2c:07:2c:ab:fe:19:fd:3e:36:7b:fd:da:
69:ed:71:3a:72:d7:8b:87:f5:57:e3:a4:8e:5c:5a:72:67:9c:
7f:85:f7:93:7b:b9:aa:5c:23:ae:7e:e6:56:6d:15:6a:96:0b:
52:91:b6:f2:8d:0a:1f:d5:7a:6b:f4:5d:51:ad:b8:e7:0f:38:
84:21:48:f4:d4:c8:8c:59:38:d9:6a:26:6d:b8:8c:19:4f:a1:
f5:ce:bb:33:8b:a7:40:6f:cb:ce:a2:14:a3:55:26:e6:29:75:
a5:88:f3:be:86:5b:a1:42:7c:82:3c:89:79:a6:9c:36:c8:3f:
cf:29:c8:ab:a6:9c:57:74:48:f5:65:52:d2:ab:40:ee:3e:b5:
d2:0b:fe:ef:13:34:14:2c:b1:b6:55:a1:79:51:bb:10:9c:c5:
22:0d:ac:5c:63:4f:3e:b5:56:1a:81:62:17:a3:5c:9a:57:95:
2d:c2:97:b8:bc:a7:8d:04:2a:14:f1:79:80:23:e8:13:35:e0:
5e:82:f2:b1:8e:43:85:3b:99:48:d2:ee:87:1f:e1:b7:f3:e4:
93:0c:7b:09:cd:20:b1:40:44:cc:b4:08:a9:0c:b8:50:7c:40:
11:5f:ff:34:05:7d:83:5c:01:f8:46:0c:37:ac:82:32:1b:38:
1a:c2:83:1b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbagwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTky
MDQ3MThaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEE1QTA2RUY2MTk4QUE5
MzJBOEQxMjdEOTBDNzhFMDYwNDY5NUI4QTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD0XjW//uGYcu/q6v95G0GpHeG2VNp/3yjcx2k9a7yRcYnw3skA
zEm/ILvofj38yOZSLltjzA9NfwcOn01ncL4so7zuWBd32G3wt7TEqbSZJ4VUF43l
gJ5XYUXy6khGZM91PEWBTDHaP9M+itr8LaNaQ/sb+lXHuR84OtGgwEM/coySldeB
HMgWOVCvRfB9NZ230FMNTx7fwvb2Qx71mT+/QZQRLuZn6l+rDJ9VZeHwFKdQVihc
N2fEveZfEL6EZaygECilF2PfZP6a2OjXQ7sMgXpOJGTf+SD7sxxBdEqK8dJFfza6
z0FD4Bw8OfIvVjdVVMgAjmd5mCbYnIYr00yDAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUpaBu9hmKqTKo0SfZDHjgYEaVuKUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3BhQnU5aG1LcVRLbzBT
ZlpESGpnWUVhVnVLVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB/NULY
yPMsByyr/hn9PjZ7/dpp7XE6cteLh/VX46SOXFpyZ5x/hfeTe7mqXCOufuZWbRVq
lgtSkbbyjQof1Xpr9F1RrbjnDziEIUj01MiMWTjZaiZtuIwZT6H1zrszi6dAb8vO
ohSjVSbmKXWliPO+hluhQnyCPIl5ppw2yD/PKcirppxXdEj1ZVLSq0DuPrXSC/7v
EzQULLG2VaF5UbsQnMUiDaxcY08+tVYagWIXo1yaV5Utwpe4vKeNBCoU8XmAI+gT
NeBegvKxjkOFO5lI0u6HH+G38+STDHsJzSCxQETMtAipDLhQfEARX/80BX2DXAH4
Rgw3rIIyGzgawoMb
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:44:11 2025 by rpki-client