Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/KOsjlLFOCJDgMxb1rXwE8_SiRqE.roa
File: KOsjlLFOCJDgMxb1rXwE8_SiRqE.roa (raw, json)
Hash identifier: ulbMffs52plFY2EBtQYU/Oq7nhWA8+fnounBb/vY1Ww=
Subject key identifier: 28:EB:23:94:B1:4E:08:90:E0:33:16:F5:AD:7C:04:F3:F4:A2:46:A1
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 607C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/KOsjlLFOCJDgMxb1rXwE8_SiRqE.roa
Signing time: Thu 15 May 2025 09:10:30 +0000
ROA not before: Thu 15 May 2025 09:10:30 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24700 (0x607c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 15 09:10:30 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=28EB2394B14E0890E03316F5AD7C04F3F4A246A1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:0d:a2:3d:2d:cc:2a:0b:13:5f:ca:f6:68:8e:
72:0c:66:10:ec:35:c2:9a:0c:39:ae:16:ef:2f:b6:
80:8f:c0:03:1d:b4:9e:47:3f:cc:38:2b:13:6e:b6:
0a:74:fe:25:b5:17:48:e0:87:38:d9:72:c9:3d:0c:
cd:08:0f:dd:64:8c:ac:11:3e:84:6b:1d:6b:d0:1e:
29:d0:44:7c:0e:3c:1b:b6:09:59:54:b2:9a:dd:ab:
4b:34:03:e3:f0:14:8f:77:dc:24:51:b6:50:45:4a:
59:4a:ed:d1:13:51:de:80:f8:95:02:e7:fd:a4:08:
53:92:76:6b:31:5c:9f:3a:0b:85:a6:26:3b:b1:77:
a5:d0:e3:20:b7:ec:7c:07:ea:f4:a1:a7:37:27:4a:
19:31:61:ce:5e:04:62:8e:4c:ad:e3:a8:b0:8a:43:
95:b7:2d:2f:78:fe:e1:d0:6f:4b:eb:2f:51:7c:af:
fa:91:5b:53:27:a5:17:7e:f2:21:84:2e:29:cd:9a:
ef:63:ea:3c:c2:af:3f:a7:12:b6:ef:dc:75:99:c9:
92:23:91:bd:fd:34:76:61:ac:52:ac:57:b8:eb:5a:
48:65:f9:1f:04:11:6e:58:28:cc:12:a7:7a:fe:dd:
c1:40:e4:70:e3:1f:ab:57:9e:97:77:2c:8c:ed:2a:
95:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:EB:23:94:B1:4E:08:90:E0:33:16:F5:AD:7C:04:F3:F4:A2:46:A1
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/KOsjlLFOCJDgMxb1rXwE8_SiRqE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
98:c8:15:79:2f:e8:cf:0e:af:7f:81:a9:f3:9e:35:26:63:f8:
db:42:17:02:39:3c:b4:96:82:06:2a:73:e4:25:e0:53:7f:f5:
6a:80:0d:7e:ad:90:d4:97:60:85:de:5b:18:eb:da:e9:cc:4d:
3e:84:ba:6d:39:b5:12:5f:09:99:b8:ad:27:83:74:bc:63:8d:
34:76:05:c3:b1:a3:aa:a6:10:0f:bb:ab:d5:ab:c2:3e:94:2d:
79:62:44:6a:7b:75:15:77:f2:68:eb:19:a8:c8:4f:cd:4f:80:
cb:0a:f4:1f:7b:c8:3d:67:bf:83:d5:90:e6:d7:05:89:80:90:
f1:f3:e5:59:0c:83:a6:54:31:91:ec:e4:ea:8a:2d:a6:c5:cd:
03:5e:b3:9d:28:38:5a:ef:43:36:4f:95:63:ce:5d:30:f5:96:
eb:6a:4e:c3:88:d3:02:03:4b:71:20:f3:c3:b9:06:94:fb:1d:
a8:17:0e:f3:6d:4b:6f:d1:62:10:60:34:5c:ed:91:96:2b:6f:
1b:97:1f:28:8c:42:41:31:2c:66:cc:e2:3a:18:c7:53:e3:5b:
e1:db:54:47:23:d0:70:93:c4:2a:71:13:15:38:ca:22:b9:31:
a7:4b:db:77:01:50:be:71:06:c1:54:30:78:1f:d3:12:97:a9:
74:1f:15:4b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYHwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTUw
OTEwMzBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDI4RUIyMzk0QjE0RTA4
OTBFMDMzMTZGNUFEN0MwNEYzRjRBMjQ2QTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDGDaI9LcwqCxNfyvZojnIMZhDsNcKaDDmuFu8vtoCPwAMdtJ5H
P8w4KxNutgp0/iW1F0jghzjZcsk9DM0ID91kjKwRPoRrHWvQHinQRHwOPBu2CVlU
sprdq0s0A+PwFI933CRRtlBFSllK7dETUd6A+JUC5/2kCFOSdmsxXJ86C4WmJjux
d6XQ4yC37HwH6vShpzcnShkxYc5eBGKOTK3jqLCKQ5W3LS94/uHQb0vrL1F8r/qR
W1MnpRd+8iGELinNmu9j6jzCrz+nErbv3HWZyZIjkb39NHZhrFKsV7jrWkhl+R8E
EW5YKMwSp3r+3cFA5HDjH6tXnpd3LIztKpXPAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUKOsjlLFOCJDgMxb1rXwE8/SiRqEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0tPc2psTEZPQ0pEZ014
YjFyWHdFOF9TaVJxRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCYyBV5
L+jPDq9/ganznjUmY/jbQhcCOTy0loIGKnPkJeBTf/VqgA1+rZDUl2CF3lsY69rp
zE0+hLptObUSXwmZuK0ng3S8Y400dgXDsaOqphAPu6vVq8I+lC15YkRqe3UVd/Jo
6xmoyE/NT4DLCvQfe8g9Z7+D1ZDm1wWJgJDx8+VZDIOmVDGR7OTqii2mxc0DXrOd
KDha70M2T5Vjzl0w9Zbrak7DiNMCA0txIPPDuQaU+x2oFw7zbUtv0WIQYDRc7ZGW
K28blx8ojEJBMSxmzOI6GMdT41vh21RHI9Bwk8QqcRMVOMoiuTGnS9t3AVC+cQbB
VDB4H9MSl6l0HxVL
-----END CERTIFICATE-----
Generated at Sat May 17 20:49:38 2025 by rpki-client