Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/u968_8Fhb7KEqlIV1aOHqOrbnU0.roa
File: u968_8Fhb7KEqlIV1aOHqOrbnU0.roa (raw, json)
Hash identifier: m1OnDFCTS6UsImWFoyLRIN7QJX6XpCXkk0TAT1Q7lx4=
Subject key identifier: BB:DE:BC:FF:C1:61:6F:B2:84:AA:52:15:D5:A3:87:A8:EA:DB:9D:4D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 74A8
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/u968_8Fhb7KEqlIV1aOHqOrbnU0.roa
Signing time: Tue 08 Jul 2025 09:45:48 +0000
ROA not before: Tue 08 Jul 2025 09:45:48 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29864 (0x74a8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 8 09:45:48 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=BBDEBCFFC1616FB284AA5215D5A387A8EADB9D4D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f3:d8:ad:dc:84:b7:0d:f4:ea:52:d5:cf:10:8c:
b0:6b:e8:86:86:d3:54:75:dd:b0:e1:2e:08:6a:7a:
e7:4f:45:2c:9a:36:30:4f:44:6a:43:41:61:a3:8a:
37:a7:d0:4e:9c:78:f9:7d:d7:cb:12:cd:ca:98:7b:
b3:3a:7d:31:3f:33:1d:7f:23:d0:96:6d:05:b6:3f:
6c:bb:8b:fa:66:05:b9:0b:19:61:5f:c3:0d:0b:91:
d7:f2:20:df:5f:be:0a:7a:d1:f7:d1:6c:d8:9b:4f:
9d:2d:7f:26:57:9b:9c:3f:3b:ab:32:9f:9b:b3:ef:
82:a0:7f:b2:f1:71:0e:21:94:53:c6:f3:31:dc:a6:
fd:5c:84:75:4f:33:14:04:8a:8d:93:af:10:04:30:
fd:96:8e:00:86:76:09:37:fa:0e:62:c8:62:02:2d:
fb:02:6c:bf:d7:ee:44:ef:22:97:52:87:fb:69:0a:
38:bd:7c:52:b3:94:4e:95:29:12:91:05:19:60:9e:
a8:95:06:a3:32:7d:03:03:cf:f5:00:98:15:a9:ce:
0a:31:e4:f4:2d:51:1f:d8:a1:57:9c:86:63:9c:8c:
11:e8:9d:eb:03:1c:e4:d7:3c:2a:40:f8:d1:a5:87:
94:47:fb:1d:29:6b:85:fe:0b:a4:a7:00:56:8b:4d:
d4:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:DE:BC:FF:C1:61:6F:B2:84:AA:52:15:D5:A3:87:A8:EA:DB:9D:4D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/u968_8Fhb7KEqlIV1aOHqOrbnU0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
ae:e8:54:2f:f4:9e:f6:5d:d9:43:49:5b:a7:6b:1f:05:80:57:
3e:eb:95:58:a9:14:db:15:14:76:38:95:6f:82:bb:68:90:13:
26:2a:db:76:81:9a:20:d7:75:1a:7a:c2:64:c3:4b:60:55:eb:
0b:53:90:1b:c3:93:25:c2:fc:b9:9a:67:7b:cf:96:b0:49:61:
19:50:d1:aa:b6:34:3f:80:e0:6c:4d:43:38:6b:4b:df:06:13:
17:15:93:3d:f2:34:3f:60:52:ab:e2:1e:37:aa:b0:53:5c:9e:
39:46:21:2f:4f:19:51:b3:90:7d:c7:53:b2:bc:d2:a9:9a:0d:
c5:ed:8b:ad:3f:78:e3:f4:3a:27:56:ae:40:cd:fb:c6:00:79:
bb:9a:a6:f4:1b:70:75:7b:2a:7a:2e:00:17:e2:2d:cf:43:ee:
e9:b8:93:74:10:7f:0a:a8:5f:df:b7:f9:c7:11:a9:f2:86:74:
46:52:a6:9e:a3:c9:aa:bf:d5:07:e3:a6:60:1f:8c:06:f7:9e:
7b:a4:f8:e0:f5:2b:27:65:97:2c:ba:a8:18:94:db:a1:45:19:
18:e8:59:b9:55:28:e3:54:2f:78:fc:3c:1c:f8:09:1f:72:01:
09:4c:f8:1a:70:74:49:90:39:30:7c:da:a6:23:3e:46:34:7e:
6f:22:b2:6d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdKgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDgw
OTQ1NDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEJCREVCQ0ZGQzE2MTZG
QjI4NEFBNTIxNUQ1QTM4N0E4RUFEQjlENEQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDz2K3chLcN9OpS1c8QjLBr6IaG01R13bDhLghqeudPRSyaNjBP
RGpDQWGjijen0E6cePl918sSzcqYe7M6fTE/Mx1/I9CWbQW2P2y7i/pmBbkLGWFf
ww0LkdfyIN9fvgp60ffRbNibT50tfyZXm5w/O6syn5uz74Kgf7LxcQ4hlFPG8zHc
pv1chHVPMxQEio2TrxAEMP2WjgCGdgk3+g5iyGICLfsCbL/X7kTvIpdSh/tpCji9
fFKzlE6VKRKRBRlgnqiVBqMyfQMDz/UAmBWpzgox5PQtUR/YoVechmOcjBHonesD
HOTXPCpA+NGlh5RH+x0pa4X+C6SnAFaLTdS5AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUu968/8Fhb7KEqlIV1aOHqOrbnU0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3U5NjhfOEZoYjdLRXFs
SVYxYU9IcU9yYm5VMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCu6FQv
9J72XdlDSVunax8FgFc+65VYqRTbFRR2OJVvgrtokBMmKtt2gZog13UaesJkw0tg
VesLU5Abw5Mlwvy5mmd7z5awSWEZUNGqtjQ/gOBsTUM4a0vfBhMXFZM98jQ/YFKr
4h43qrBTXJ45RiEvTxlRs5B9x1OyvNKpmg3F7YutP3jj9DonVq5AzfvGAHm7mqb0
G3B1eyp6LgAX4i3PQ+7puJN0EH8KqF/ft/nHEanyhnRGUqaeo8mqv9UH46ZgH4wG
9557pPjg9SsnZZcsuqgYlNuhRRkY6Fm5VSjjVC94/Dwc+AkfcgEJTPgacHRJkDkw
fNqmIz5GNH5vIrJt
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:37:38 2025 by rpki-client