Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/wopWZgx-KQXGss__L6lKiCKm-HE.roa
File: wopWZgx-KQXGss__L6lKiCKm-HE.roa (raw, json)
Hash identifier: AWcrjeRKmY4zmRH7wixY4fdtprHqk93sMgOI+qaBnZE=
Subject key identifier: C2:8A:56:66:0C:7E:29:05:C6:B2:CF:FF:2F:A9:4A:88:22:A6:F8:71
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6C22
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/wopWZgx-KQXGss__L6lKiCKm-HE.roa
Signing time: Sun 15 Jun 2025 10:42:27 +0000
ROA not before: Sun 15 Jun 2025 10:42:27 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27682 (0x6c22)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 15 10:42:27 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=C28A56660C7E2905C6B2CFFF2FA94A8822A6F871
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:6e:7e:24:6c:06:45:67:58:70:8c:0c:dd:86:
7f:fa:15:5c:94:72:a4:34:3e:0d:44:57:10:09:0a:
50:89:a7:96:0f:52:68:bd:59:9d:f9:b3:11:06:80:
de:3a:3b:3b:48:67:e0:ec:a9:44:5f:72:87:37:d8:
a8:1c:f8:c5:d8:4a:b1:d0:ed:c5:4b:ef:6e:79:bd:
a7:83:e2:c4:62:fd:8b:d4:a1:2d:c0:8c:1d:eb:1c:
77:ef:00:59:d3:cf:67:60:bf:66:93:83:7a:85:f1:
00:17:11:cf:ed:2d:03:c5:33:73:21:9b:b7:58:da:
8b:e8:fc:72:a8:82:7b:2f:e4:d4:1e:d2:4c:c2:e3:
4b:b2:5c:b9:d2:7d:c1:66:37:25:1f:69:30:df:32:
ca:26:ea:ae:e9:91:47:1a:b3:96:d0:4c:9c:06:df:
44:da:3b:04:e7:07:d5:7d:4a:37:97:51:ed:9e:05:
ae:27:06:66:58:6a:7f:03:5c:27:ed:45:92:cd:92:
24:48:3c:97:ff:cf:e1:19:53:b8:3e:2d:5b:d5:cf:
65:88:6c:eb:23:ff:c4:05:af:b2:fa:a4:79:1a:04:
1a:c8:b5:ab:ee:8c:4d:c8:7b:b2:f0:9d:a1:29:07:
f6:84:69:1a:dd:b2:ff:cb:4c:19:80:36:d9:97:84:
15:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:8A:56:66:0C:7E:29:05:C6:B2:CF:FF:2F:A9:4A:88:22:A6:F8:71
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/wopWZgx-KQXGss__L6lKiCKm-HE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
32:f5:84:c2:a5:70:26:de:50:09:5b:3f:27:78:eb:0d:bc:fa:
9b:4e:9a:58:7c:af:76:73:b3:c3:d9:03:18:1c:53:ab:89:7b:
81:5b:2e:47:b8:5f:e0:ce:ae:51:81:c9:f5:ff:d5:88:91:b2:
58:e8:a7:4b:50:7c:b8:48:63:0b:e7:2a:34:8e:cc:2f:03:c9:
99:59:57:99:ba:29:69:99:b7:bb:90:46:59:c2:4b:b3:b4:23:
7a:61:96:06:bb:a4:e2:67:ae:05:67:43:b9:9d:5b:26:97:40:
f1:85:62:73:a4:fe:16:11:f4:e8:19:27:65:c9:59:71:ed:44:
a2:01:6c:cb:fb:29:8d:5c:cc:e1:81:30:17:2d:61:76:c1:59:
f1:f0:96:c0:15:50:75:0e:00:8a:11:f8:02:b7:3f:c1:93:9b:
8d:95:dc:54:eb:45:55:d1:32:ea:78:d7:d5:7e:7b:7c:79:73:
23:cb:f3:38:af:90:59:03:27:92:69:8e:c3:c9:42:c6:ea:b7:
8c:57:9d:37:b1:71:4b:b5:de:22:e3:11:a6:d8:fc:b1:08:8a:
91:39:be:36:02:db:4d:85:49:fd:22:b7:25:17:b7:1a:ce:78:
17:88:aa:f8:e7:0f:4f:e2:bd:21:4b:cd:0a:87:1d:18:5d:8e:
ff:bb:10:04
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbCIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTUx
MDQyMjdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEMyOEE1NjY2MEM3RTI5
MDVDNkIyQ0ZGRjJGQTk0QTg4MjJBNkY4NzEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9bn4kbAZFZ1hwjAzdhn/6FVyUcqQ0Pg1EVxAJClCJp5YPUmi9
WZ35sxEGgN46OztIZ+DsqURfcoc32Kgc+MXYSrHQ7cVL7255vaeD4sRi/YvUoS3A
jB3rHHfvAFnTz2dgv2aTg3qF8QAXEc/tLQPFM3Mhm7dY2ovo/HKognsv5NQe0kzC
40uyXLnSfcFmNyUfaTDfMsom6q7pkUcas5bQTJwG30TaOwTnB9V9SjeXUe2eBa4n
BmZYan8DXCftRZLNkiRIPJf/z+EZU7g+LVvVz2WIbOsj/8QFr7L6pHkaBBrItavu
jE3Ie7LwnaEpB/aEaRrdsv/LTBmANtmXhBVjAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUwopWZgx+KQXGss//L6lKiCKm+HEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3dvcFdaZ3gtS1FYR3Nz
X19MNmxLaUNLbS1IRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAy9YTC
pXAm3lAJWz8neOsNvPqbTppYfK92c7PD2QMYHFOriXuBWy5HuF/gzq5Rgcn1/9WI
kbJY6KdLUHy4SGML5yo0jswvA8mZWVeZuilpmbe7kEZZwkuztCN6YZYGu6TiZ64F
Z0O5nVsml0DxhWJzpP4WEfToGSdlyVlx7USiAWzL+ymNXMzhgTAXLWF2wVnx8JbA
FVB1DgCKEfgCtz/Bk5uNldxU60VV0TLqeNfVfnt8eXMjy/M4r5BZAyeSaY7DyULG
6reMV503sXFLtd4i4xGm2PyxCIqROb42AttNhUn9IrclF7cazngXiKr45w9P4r0h
S80Khx0YXY7/uxAE
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:44:49 2025 by rpki-client