Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/tH4IY1Qb46CF_OAbF_nbn502LLo.roa
File: tH4IY1Qb46CF_OAbF_nbn502LLo.roa (raw, json)
Hash identifier: JyCHgbFSWPJ/nBt0+1NLQsev1NX6x3Pc7nDV99YBxDE=
Subject key identifier: B4:7E:08:63:54:1B:E3:A0:85:FC:E0:1B:17:F9:DB:9F:9D:36:2C:BA
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7216
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tH4IY1Qb46CF_OAbF_nbn502LLo.roa
Signing time: Tue 01 Jul 2025 13:15:00 +0000
ROA not before: Tue 01 Jul 2025 13:15:00 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29206 (0x7216)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 1 13:15:00 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B47E0863541BE3A085FCE01B17F9DB9F9D362CBA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:32:4d:6f:2e:c8:57:68:f7:fa:8e:fe:23:5b:
d2:46:97:d1:76:95:03:49:6f:8c:62:6e:f7:87:d2:
f8:53:e4:3a:15:d2:30:5c:24:b2:99:e1:d2:d5:6e:
f5:1b:23:e8:8b:7a:9e:43:12:09:96:3a:2d:67:3b:
5e:00:7f:33:83:7c:1f:19:12:af:c7:7a:8e:7b:33:
6d:78:c2:30:9c:34:67:cf:9a:5b:04:0e:b0:44:aa:
5a:6e:26:d6:27:d1:f7:0c:a8:e6:44:38:da:85:ad:
de:8c:a4:d0:28:e8:d1:c0:b5:df:a9:11:39:96:cf:
f9:9e:87:ad:79:c8:f4:9b:d9:0d:3e:46:a1:22:be:
49:96:e1:2f:53:bf:92:c6:69:7d:eb:75:9c:db:37:
b4:17:1b:bb:61:55:44:6a:fc:2b:ec:9a:fd:61:c8:
b0:19:f9:f8:82:da:ed:47:a0:da:f5:e8:19:eb:33:
79:f3:2f:57:28:e7:49:69:b7:00:61:1e:d0:1a:82:
5d:a9:2d:05:68:07:35:4b:31:a0:d6:dc:c8:76:50:
eb:49:f2:4b:e2:13:9f:85:f2:12:e3:9c:a3:f1:96:
ed:38:60:13:e1:dd:46:cb:5d:d9:f9:35:eb:0b:f2:
4e:2e:0e:d1:4d:4b:f7:87:0f:6d:6b:e6:f0:4f:60:
c7:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:7E:08:63:54:1B:E3:A0:85:FC:E0:1B:17:F9:DB:9F:9D:36:2C:BA
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tH4IY1Qb46CF_OAbF_nbn502LLo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
4a:ef:b3:7b:d8:19:55:89:a6:57:08:f4:42:e6:54:c4:d6:ec:
db:6d:f3:f9:24:24:dd:d8:0f:67:98:86:59:e3:c6:08:d4:0d:
41:fc:2b:c5:eb:81:d6:94:b9:cb:32:7c:e4:e0:94:ba:6f:8d:
64:81:c1:40:19:e1:8a:95:79:fd:72:e3:7b:81:c0:5a:18:4d:
cd:50:6f:b8:4d:42:0d:57:79:08:c0:ab:41:b9:5d:2a:36:d0:
b9:fd:fd:34:f3:9b:78:4e:1f:63:e3:65:2b:3c:75:cb:d5:77:
98:a3:5b:94:17:f2:65:ea:bf:a6:e3:ed:0b:da:cf:ce:a5:31:
4a:86:31:b9:64:13:f8:0d:d2:89:b4:20:7d:a3:a4:f5:24:8e:
4b:c3:8e:f4:3e:5f:67:1a:8a:87:5a:31:8d:d6:2e:a3:d3:85:
06:31:c7:eb:78:64:e7:a1:ba:cf:31:65:db:f2:bd:ba:fa:1c:
7b:4b:3a:a6:08:f0:3c:83:b8:1f:c0:f6:f3:ad:54:2c:0c:f6:
b1:3c:3b:65:ec:6c:e5:48:4a:b1:41:ed:91:f6:67:80:26:84:
65:fb:31:23:8d:7d:7c:bb:77:96:52:72:ae:31:a2:32:5a:5d:
9c:db:85:7d:13:99:77:32:1a:25:ca:d0:64:07:54:07:74:b8:
f5:f3:68:46
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICchYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDEx
MzE1MDBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEI0N0UwODYzNTQxQkUz
QTA4NUZDRTAxQjE3RjlEQjlGOUQzNjJDQkEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCdMk1vLshXaPf6jv4jW9JGl9F2lQNJb4xibveH0vhT5DoV0jBc
JLKZ4dLVbvUbI+iLep5DEgmWOi1nO14AfzODfB8ZEq/Heo57M214wjCcNGfPmlsE
DrBEqlpuJtYn0fcMqOZEONqFrd6MpNAo6NHAtd+pETmWz/meh615yPSb2Q0+RqEi
vkmW4S9Tv5LGaX3rdZzbN7QXG7thVURq/Cvsmv1hyLAZ+fiC2u1HoNr16BnrM3nz
L1co50lptwBhHtAagl2pLQVoBzVLMaDW3Mh2UOtJ8kviE5+F8hLjnKPxlu04YBPh
3UbLXdn5NesL8k4uDtFNS/eHD21r5vBPYMdFAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUtH4IY1Qb46CF/OAbF/nbn502LLowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3RINElZMVFiNDZDRl9P
QWJGX25ibjUwMkxMby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBK77N7
2BlViaZXCPRC5lTE1uzbbfP5JCTd2A9nmIZZ48YI1A1B/CvF64HWlLnLMnzk4JS6
b41kgcFAGeGKlXn9cuN7gcBaGE3NUG+4TUINV3kIwKtBuV0qNtC5/f0085t4Th9j
42UrPHXL1XeYo1uUF/Jl6r+m4+0L2s/OpTFKhjG5ZBP4DdKJtCB9o6T1JI5Lw470
Pl9nGoqHWjGN1i6j04UGMcfreGTnobrPMWXb8r26+hx7SzqmCPA8g7gfwPbzrVQs
DPaxPDtl7GzlSEqxQe2R9meAJoRl+zEjjX18u3eWUnKuMaIyWl2c24V9E5l3Mhol
ytBkB1QHdLj182hG
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:32:04 2025 by rpki-client