Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/sHg3dkCs3vQrrrlHmhWKlZh66o0.roa
File: sHg3dkCs3vQrrrlHmhWKlZh66o0.roa (raw, json)
Hash identifier: gdjCyIC5ToRLiyMbEnaA8UII1jNXa+bQScKKgzSWsvs=
Subject key identifier: B0:78:37:76:40:AC:DE:F4:2B:AE:B9:47:9A:15:8A:95:98:7A:EA:8D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 703A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/sHg3dkCs3vQrrrlHmhWKlZh66o0.roa
Signing time: Thu 26 Jun 2025 14:14:45 +0000
ROA not before: Thu 26 Jun 2025 14:14:45 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28730 (0x703a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 26 14:14:45 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B078377640ACDEF42BAEB9479A158A95987AEA8D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:35:e1:81:ff:64:6f:ed:0d:31:7f:e2:a1:f1:
21:8b:77:59:78:ea:d1:41:66:36:6b:f5:a9:28:a6:
a4:3c:70:9e:6b:c8:06:05:5d:e4:b0:f2:f2:09:51:
80:46:25:49:ee:72:c0:e5:29:b4:6e:b3:1c:2f:75:
5a:81:fd:90:99:70:5e:5d:47:d4:6c:3a:f4:f2:5d:
41:31:d4:82:36:54:70:e0:2f:0a:bd:73:d1:e5:22:
40:fa:b5:69:b7:6e:82:d7:eb:60:dd:4a:78:df:77:
4f:cf:7f:1d:69:29:4f:64:7b:ee:cc:fe:07:ee:a2:
15:33:99:d1:0c:95:33:07:51:c1:79:64:8e:0c:ec:
62:90:26:f1:92:af:ed:25:c8:53:2d:09:b4:5d:b3:
a3:3f:e4:b2:68:ee:71:12:ab:95:b3:80:2d:62:4c:
22:08:40:d6:7d:50:70:cb:57:61:b9:2d:1f:e8:64:
3c:19:cb:4e:95:4c:f7:11:15:a9:a4:a9:36:99:a6:
9e:c1:16:7d:0c:a7:9b:16:70:b3:5d:da:61:00:10:
da:0d:62:fa:fc:89:6e:eb:b9:c5:4f:fe:11:c5:ba:
77:26:5f:c5:83:d4:1a:1c:db:d4:ae:ab:77:a1:90:
86:ee:6b:fe:21:9e:f4:6b:da:8d:1a:24:93:81:92:
df:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:78:37:76:40:AC:DE:F4:2B:AE:B9:47:9A:15:8A:95:98:7A:EA:8D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/sHg3dkCs3vQrrrlHmhWKlZh66o0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
99:9a:e9:59:a0:2d:7b:04:84:1c:18:63:56:20:65:99:c6:11:
0f:96:d0:88:ad:8f:bc:33:d2:cf:55:0d:5f:85:3c:c8:ef:aa:
2c:98:67:6c:e8:90:fd:79:94:28:5a:05:06:b4:47:32:7a:db:
e7:ef:59:a8:26:9a:e0:67:6a:84:7e:58:91:ea:12:6c:5d:34:
da:e2:a3:46:54:b0:ee:55:a5:30:5c:b9:95:57:86:90:76:b4:
da:c2:c1:66:bf:6d:73:d7:01:01:6c:1c:34:83:bb:e1:94:55:
f7:b5:a1:4d:84:8c:23:ef:b4:34:2e:ef:eb:66:4e:4e:7b:fe:
cb:34:1a:f7:17:01:10:41:3b:20:e6:e3:ff:49:1b:23:ad:d6:
8e:24:78:4f:7a:ac:7f:fa:6b:fa:2e:3f:4f:8e:e1:fa:0b:a3:
69:18:58:c3:3e:2b:12:d2:40:0e:c7:97:80:4c:c8:25:1d:39:
99:4f:d0:5c:a6:6b:69:20:05:42:f0:b6:24:4f:3a:3e:6e:75:
06:4b:f3:89:b2:da:46:ae:c3:8e:2b:dc:56:5a:37:cc:d7:90:
07:53:8a:79:2d:1a:0b:c9:61:4a:bb:55:7f:ff:ec:45:d1:b4:
9f:9e:66:33:4b:a6:52:07:97:fc:06:e9:8a:7e:86:3a:ba:69:
5f:ce:3c:fa
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcDowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjYx
NDE0NDVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEIwNzgzNzc2NDBBQ0RF
RjQyQkFFQjk0NzlBMTU4QTk1OTg3QUVBOEQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCuNeGB/2Rv7Q0xf+Kh8SGLd1l46tFBZjZr9akopqQ8cJ5ryAYF
XeSw8vIJUYBGJUnucsDlKbRusxwvdVqB/ZCZcF5dR9RsOvTyXUEx1II2VHDgLwq9
c9HlIkD6tWm3boLX62DdSnjfd0/Pfx1pKU9ke+7M/gfuohUzmdEMlTMHUcF5ZI4M
7GKQJvGSr+0lyFMtCbRds6M/5LJo7nESq5WzgC1iTCIIQNZ9UHDLV2G5LR/oZDwZ
y06VTPcRFamkqTaZpp7BFn0Mp5sWcLNd2mEAENoNYvr8iW7rucVP/hHFuncmX8WD
1Boc29Suq3ehkIbua/4hnvRr2o0aJJOBkt8TAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUsHg3dkCs3vQrrrlHmhWKlZh66o0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3NIZzNka0NzM3ZRcnJy
bEhtaFdLbFpoNjZvMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCZmulZ
oC17BIQcGGNWIGWZxhEPltCIrY+8M9LPVQ1fhTzI76osmGds6JD9eZQoWgUGtEcy
etvn71moJprgZ2qEfliR6hJsXTTa4qNGVLDuVaUwXLmVV4aQdrTawsFmv21z1wEB
bBw0g7vhlFX3taFNhIwj77Q0Lu/rZk5Oe/7LNBr3FwEQQTsg5uP/SRsjrdaOJHhP
eqx/+mv6Lj9PjuH6C6NpGFjDPisS0kAOx5eATMglHTmZT9BcpmtpIAVC8LYkTzo+
bnUGS/OJstpGrsOOK9xWWjfM15AHU4p5LRoLyWFKu1V//+xF0bSfnmYzS6ZSB5f8
BumKfoY6umlfzjz6
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:40:02 2025 by rpki-client