Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ten8uJU7an2LfDGzzBGnZmowlok.roa
File: ten8uJU7an2LfDGzzBGnZmowlok.roa (raw, json)
Hash identifier: GvuB2VffcC8RhQfvsAPkGkKnbHPiO7EAgUdDdvUCAXg=
Subject key identifier: B5:E9:FC:B8:95:3B:6A:7D:8B:7C:31:B3:CC:11:A7:66:6A:30:96:89
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6D4C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ten8uJU7an2LfDGzzBGnZmowlok.roa
Signing time: Wed 18 Jun 2025 13:28:25 +0000
ROA not before: Wed 18 Jun 2025 13:28:25 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27980 (0x6d4c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 18 13:28:25 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B5E9FCB8953B6A7D8B7C31B3CC11A7666A309689
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:14:44:0e:7d:ea:d3:52:a7:39:2f:54:41:f2:
28:39:41:e4:74:0c:4d:d1:a7:4b:30:f2:f2:24:33:
54:37:2e:00:f5:58:88:f1:cd:5d:f4:a7:f9:db:ed:
8b:dd:44:cd:b4:fb:e1:b0:75:0a:dd:8f:80:7d:31:
82:a8:bc:82:25:48:bd:3d:24:e6:fd:5b:c8:cc:ab:
3b:58:be:4d:b3:f4:3c:7b:5f:b8:56:55:80:91:68:
e8:f3:6d:fc:b3:38:db:df:7c:51:b5:5a:8b:1a:5e:
cd:68:a9:bb:02:a0:71:26:71:a2:e5:57:aa:19:ba:
0c:37:1c:05:f8:cf:4b:8d:7c:29:ad:a7:b5:fc:cc:
a1:49:a1:d8:ea:21:6d:08:57:1f:f6:0b:e0:5f:d8:
ef:b3:e9:d2:db:f7:9d:02:f8:aa:01:7a:a0:c0:6d:
f5:87:7a:0a:8b:92:27:9c:6f:cc:03:0a:33:f7:cf:
12:1f:db:fb:85:b4:37:1b:f8:e1:20:f0:05:da:2c:
64:6e:95:14:7b:a0:55:07:e9:05:be:a7:cc:65:df:
b1:b2:c1:c4:70:9d:72:3d:11:5e:e2:c9:db:7d:36:
3d:15:41:e1:28:76:6e:57:a1:ef:6a:6f:4f:24:0b:
64:67:4c:e1:3e:e2:6f:37:c5:a9:db:ca:8f:6b:be:
04:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:E9:FC:B8:95:3B:6A:7D:8B:7C:31:B3:CC:11:A7:66:6A:30:96:89
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ten8uJU7an2LfDGzzBGnZmowlok.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
bc:43:63:e2:fc:c5:23:dd:55:a4:e6:8b:4a:4e:45:56:16:b4:
3b:ad:73:e2:78:97:be:59:f1:96:cc:6b:60:b1:a9:dc:37:4d:
5e:84:1f:3c:ab:65:3f:d8:a1:6b:2f:1c:d8:0d:0b:ac:32:f9:
a6:ab:d5:1c:26:7e:05:91:4f:8e:d4:35:15:c9:82:ae:45:e5:
53:04:c3:2d:78:5f:f0:86:e4:4e:d9:19:84:b3:9c:42:7e:af:
52:a0:84:8f:09:05:1e:62:01:f2:7f:2e:96:5f:cf:c0:60:d4:
4b:d7:2a:04:28:4a:4b:f2:be:e8:66:03:11:37:c0:92:cf:c5:
92:da:ee:a0:4e:e2:8e:59:7e:15:83:1e:75:b5:8f:b2:57:05:
dd:cf:5c:38:46:4b:09:1f:7a:b5:07:b4:4c:48:6a:51:62:85:
cf:17:49:c7:c2:c6:eb:8d:ab:3c:d9:5b:86:4d:04:a3:00:34:
8a:fb:60:56:35:20:40:74:7a:22:f7:fb:0f:3e:65:5c:61:66:
9e:7c:96:dc:5f:7b:f1:3c:55:2a:d7:69:17:1e:fa:5b:a2:4d:
9f:ea:f2:84:b5:fc:1b:f6:c3:07:64:90:04:1f:4f:87:52:20:
6e:91:2e:47:2f:42:28:6c:1e:0b:76:c5:ef:da:01:0e:fc:2c:
79:1e:cb:7b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbUwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTgx
MzI4MjVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEI1RTlGQ0I4OTUzQjZB
N0Q4QjdDMzFCM0NDMTFBNzY2NkEzMDk2ODkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCxFEQOferTUqc5L1RB8ig5QeR0DE3Rp0sw8vIkM1Q3LgD1WIjx
zV30p/nb7YvdRM20++GwdQrdj4B9MYKovIIlSL09JOb9W8jMqztYvk2z9Dx7X7hW
VYCRaOjzbfyzONvffFG1WosaXs1oqbsCoHEmcaLlV6oZugw3HAX4z0uNfCmtp7X8
zKFJodjqIW0IVx/2C+Bf2O+z6dLb950C+KoBeqDAbfWHegqLkiecb8wDCjP3zxIf
2/uFtDcb+OEg8AXaLGRulRR7oFUH6QW+p8xl37GywcRwnXI9EV7iydt9Nj0VQeEo
dm5Xoe9qb08kC2RnTOE+4m83xanbyo9rvgSpAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUten8uJU7an2LfDGzzBGnZmowlokwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3Rlbjh1SlU3YW4yTGZE
R3p6QkduWm1vd2xvay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQC8Q2Pi
/MUj3VWk5otKTkVWFrQ7rXPieJe+WfGWzGtgsancN01ehB88q2U/2KFrLxzYDQus
Mvmmq9UcJn4FkU+O1DUVyYKuReVTBMMteF/whuRO2RmEs5xCfq9SoISPCQUeYgHy
fy6WX8/AYNRL1yoEKEpL8r7oZgMRN8CSz8WS2u6gTuKOWX4Vgx51tY+yVwXdz1w4
RksJH3q1B7RMSGpRYoXPF0nHwsbrjas82VuGTQSjADSK+2BWNSBAdHoi9/sPPmVc
YWaefJbcX3vxPFUq12kXHvpbok2f6vKEtfwb9sMHZJAEH0+HUiBukS5HL0IobB4L
dsXv2gEO/Cx5Hst7
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:53:08 2025 by rpki-client