Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/hWnrH8EZDb2X_NVrZ7nOfArbiz8.roa
File: hWnrH8EZDb2X_NVrZ7nOfArbiz8.roa (raw, json)
Hash identifier: dta+4b7rrsshSTUa5g8Ioo/PqIYHx2cXOhsoBnTT0xI=
Subject key identifier: 85:69:EB:1F:C1:19:0D:BD:97:FC:D5:6B:67:B9:CE:7C:0A:DB:8B:3F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 611C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hWnrH8EZDb2X_NVrZ7nOfArbiz8.roa
Signing time: Sat 17 May 2025 01:10:32 +0000
ROA not before: Sat 17 May 2025 01:10:32 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24860 (0x611c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 17 01:10:32 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=8569EB1FC1190DBD97FCD56B67B9CE7C0ADB8B3F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f1:2a:74:58:fe:31:9b:58:82:10:3a:08:3b:92:
f8:16:41:2e:89:da:ca:b6:70:c7:13:a6:7a:cc:93:
fd:55:07:ea:dd:41:5f:36:1b:01:cc:73:40:f6:bb:
dd:52:a7:95:e8:9e:a1:48:26:6a:42:96:6d:eb:31:
15:04:ff:56:84:15:cc:d5:3b:52:42:b4:0e:ae:e8:
91:79:c3:02:d5:66:49:24:2d:07:be:fc:8c:b3:1d:
f5:74:21:78:88:2c:80:ce:54:b3:7d:10:b3:2f:c4:
32:f5:dc:6b:60:d4:0a:93:2d:89:7f:12:b3:53:ad:
f7:41:3f:1d:88:89:9c:b8:6f:ef:cd:26:e6:1b:bb:
0e:f3:2e:e0:2b:d0:43:29:4c:17:2e:1f:cf:97:41:
05:f9:97:2d:a4:7f:64:1d:50:5d:a1:05:52:0f:4b:
95:d7:f9:c5:86:b9:b7:d6:04:04:52:35:e1:f1:2f:
ea:aa:a1:43:07:b3:30:bc:92:ab:03:8e:cf:42:65:
a8:cf:41:eb:16:cc:e9:53:b1:fd:39:60:77:95:81:
3e:17:c9:18:6c:20:b5:b2:5f:80:2c:06:34:e4:46:
88:90:0c:42:00:d4:1d:7f:56:7e:cc:6d:ea:4b:e3:
5c:c2:d9:54:ef:f9:e8:15:cb:e4:6d:bc:e4:48:f0:
46:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:69:EB:1F:C1:19:0D:BD:97:FC:D5:6B:67:B9:CE:7C:0A:DB:8B:3F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hWnrH8EZDb2X_NVrZ7nOfArbiz8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
44:02:cb:a0:9f:fd:e7:14:42:e0:67:22:de:b9:a1:9c:c1:92:
94:5d:1f:eb:99:1d:65:9d:c2:2c:e0:ef:9c:6a:7b:0f:23:ba:
9b:35:04:29:6e:3a:d7:9e:66:df:58:95:0a:65:22:08:96:c6:
4b:09:73:05:50:bd:cb:23:25:ec:c8:df:37:ed:95:77:d4:9c:
89:42:de:00:60:54:79:06:63:0c:74:ed:ce:b1:4d:18:ec:3e:
6a:f5:11:30:08:ed:80:06:1a:3a:0c:91:9e:83:1b:6d:4d:08:
49:18:92:6e:ed:c5:7f:8d:ba:79:84:0d:28:3e:3b:be:cc:17:
2e:65:24:8d:8e:7a:04:96:5c:37:77:c9:0f:ac:3d:0b:0f:e2:
01:8e:e8:2d:ba:1d:70:0a:f5:e0:b8:4a:26:d2:41:38:59:7d:
23:12:d8:d6:ed:ac:fc:70:df:1c:1c:a1:7d:03:5b:61:0c:86:
f0:61:44:76:7e:65:97:73:8d:c3:69:8d:37:4d:5b:83:48:5c:
81:d2:68:f7:53:9a:25:1c:70:32:b7:e2:36:a4:63:cf:ef:2a:
58:94:7a:08:57:fa:f3:f9:d7:91:6d:00:a4:63:89:8c:7b:2a:
4e:f9:e0:48:44:97:5d:9d:cc:b8:3a:58:af:a5:91:07:59:a4:
f1:bf:ac:f4
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYRwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTcw
MTEwMzJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDg1NjlFQjFGQzExOTBE
QkQ5N0ZDRDU2QjY3QjlDRTdDMEFEQjhCM0YwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDxKnRY/jGbWIIQOgg7kvgWQS6J2sq2cMcTpnrMk/1VB+rdQV82
GwHMc0D2u91Sp5XonqFIJmpClm3rMRUE/1aEFczVO1JCtA6u6JF5wwLVZkkkLQe+
/IyzHfV0IXiILIDOVLN9ELMvxDL13Gtg1AqTLYl/ErNTrfdBPx2IiZy4b+/NJuYb
uw7zLuAr0EMpTBcuH8+XQQX5ly2kf2QdUF2hBVIPS5XX+cWGubfWBARSNeHxL+qq
oUMHszC8kqsDjs9CZajPQesWzOlTsf05YHeVgT4XyRhsILWyX4AsBjTkRoiQDEIA
1B1/Vn7MbepL41zC2VTv+egVy+RtvORI8EbNAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUhWnrH8EZDb2X/NVrZ7nOfArbiz8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2hXbnJIOEVaRGIyWF9O
VnJaN25PZkFyYml6OC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBEAsug
n/3nFELgZyLeuaGcwZKUXR/rmR1lncIs4O+cansPI7qbNQQpbjrXnmbfWJUKZSII
lsZLCXMFUL3LIyXsyN837ZV31JyJQt4AYFR5BmMMdO3OsU0Y7D5q9REwCO2ABho6
DJGegxttTQhJGJJu7cV/jbp5hA0oPju+zBcuZSSNjnoEllw3d8kPrD0LD+IBjugt
uh1wCvXguEom0kE4WX0jEtjW7az8cN8cHKF9A1thDIbwYUR2fmWXc43DaY03TVuD
SFyB0mj3U5olHHAyt+I2pGPP7ypYlHoIV/rz+deRbQCkY4mMeypO+eBIRJddncy4
OlivpZEHWaTxv6z0
-----END CERTIFICATE-----
Generated at Sun May 18 18:51:03 2025 by rpki-client