Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/k8BdpUc3e6WuTO8tX02o6IOWfzo.roa
File: k8BdpUc3e6WuTO8tX02o6IOWfzo.roa (raw, json)
Hash identifier: u9mRwrJxPK9YfkerOd8Y4EY7a3h+nQYJeXU5rIFbPRw=
Subject key identifier: 93:C0:5D:A5:47:37:7B:A5:AE:4C:EF:2D:5F:4D:A8:E8:83:96:7F:3A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 608A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/k8BdpUc3e6WuTO8tX02o6IOWfzo.roa
Signing time: Thu 15 May 2025 12:40:20 +0000
ROA not before: Thu 15 May 2025 12:40:20 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24714 (0x608a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 15 12:40:20 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=93C05DA547377BA5AE4CEF2D5F4DA8E883967F3A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:39:58:48:46:df:9f:f1:98:db:58:38:d2:ab:
fc:b9:bb:47:38:fe:15:a2:52:db:19:db:b5:b7:a2:
c9:8c:dd:94:16:e8:56:4c:be:d4:0e:2d:cb:4e:ff:
e3:45:d3:51:44:e7:be:1e:59:12:d3:96:24:0a:49:
62:68:52:16:d9:45:6d:da:46:90:6e:fc:59:67:f2:
4d:8b:cc:d1:c6:62:29:b5:89:d0:8c:34:b2:88:bb:
01:f8:a0:82:df:56:80:b5:70:21:c4:66:8b:a2:fa:
5c:0e:db:ae:5d:41:2f:37:bf:f0:9e:c9:bf:d7:53:
44:8d:b9:6e:ae:96:16:3d:9c:e2:9c:64:75:46:d0:
ee:2c:5b:78:ab:07:13:51:24:1c:5a:85:17:17:2b:
94:5e:28:16:4f:a2:04:4c:ec:14:74:c6:04:19:b1:
c9:42:17:03:d3:57:6d:84:93:68:27:2c:25:1e:99:
9f:65:7c:44:70:29:ee:92:63:a1:82:fa:99:3f:43:
a3:50:03:79:b4:92:e1:c5:ba:58:0a:b8:01:27:2c:
3c:48:df:10:eb:ad:7f:0d:e1:0a:f6:63:64:22:bf:
17:20:88:ba:01:bc:f0:50:5e:1a:3c:b2:e7:07:73:
1b:8d:bf:3f:aa:91:e6:60:21:92:58:b3:5d:3e:6d:
47:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:C0:5D:A5:47:37:7B:A5:AE:4C:EF:2D:5F:4D:A8:E8:83:96:7F:3A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/k8BdpUc3e6WuTO8tX02o6IOWfzo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
a2:19:09:c8:a2:62:2b:24:e3:e5:25:f4:64:a2:84:91:0d:12:
90:ca:70:35:24:1c:7c:be:a4:09:d6:7a:61:90:2f:a0:12:0a:
ae:1c:29:50:1a:2b:25:49:d5:1e:57:d7:54:16:cf:67:22:7c:
e3:fd:fc:1d:17:43:39:55:1b:b5:ef:7d:5b:df:df:09:74:bc:
33:a3:d7:ba:bd:9e:01:7a:62:7a:0a:f4:17:f2:4b:f0:e9:a2:
46:8d:59:d3:77:3f:73:3b:21:6d:38:ec:12:31:a5:ee:cf:d6:
b5:e4:c6:09:67:7b:16:6f:29:40:08:c9:01:71:f9:86:9f:3b:
c0:05:df:7a:3b:53:66:10:1d:8d:77:22:99:7a:83:11:19:8c:
6b:22:c1:0b:04:ec:1a:1b:72:03:0c:49:7f:e0:87:a6:39:01:
ff:19:ff:b5:1c:73:e1:4e:79:3b:02:e3:db:66:79:94:f2:f0:
68:87:b4:6d:72:27:2c:b8:14:52:68:f8:67:b7:10:16:63:5a:
5a:41:c5:45:af:b1:1c:02:b5:3f:4c:1b:27:d4:4c:61:7b:7a:
71:5d:38:d1:16:8a:93:52:b7:be:e1:9c:ff:fb:5c:67:a8:f7:
f6:99:28:ab:a7:33:8e:49:0d:eb:00:5c:10:89:28:08:d8:b0:
09:5d:e2:d7
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYIowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTUx
MjQwMjBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDkzQzA1REE1NDczNzdC
QTVBRTRDRUYyRDVGNERBOEU4ODM5NjdGM0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKOVhIRt+f8ZjbWDjSq/y5u0c4/hWiUtsZ27W3osmM3ZQW6FZM
vtQOLctO/+NF01FE574eWRLTliQKSWJoUhbZRW3aRpBu/Fln8k2LzNHGYim1idCM
NLKIuwH4oILfVoC1cCHEZoui+lwO265dQS83v/Ceyb/XU0SNuW6ulhY9nOKcZHVG
0O4sW3irBxNRJBxahRcXK5ReKBZPogRM7BR0xgQZsclCFwPTV22Ek2gnLCUemZ9l
fERwKe6SY6GC+pk/Q6NQA3m0kuHFulgKuAEnLDxI3xDrrX8N4Qr2Y2QivxcgiLoB
vPBQXho8sucHcxuNvz+qkeZgIZJYs10+bUd9AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUk8BdpUc3e6WuTO8tX02o6IOWfzowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2s4QmRwVWMzZTZXdVRP
OHRYMDJvNklPV2Z6by5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCiGQnI
omIrJOPlJfRkooSRDRKQynA1JBx8vqQJ1nphkC+gEgquHClQGislSdUeV9dUFs9n
Inzj/fwdF0M5VRu1731b398JdLwzo9e6vZ4BemJ6CvQX8kvw6aJGjVnTdz9zOyFt
OOwSMaXuz9a15MYJZ3sWbylACMkBcfmGnzvABd96O1NmEB2NdyKZeoMRGYxrIsEL
BOwaG3IDDEl/4IemOQH/Gf+1HHPhTnk7AuPbZnmU8vBoh7RtcicsuBRSaPhntxAW
Y1paQcVFr7EcArU/TBsn1Exhe3pxXTjRFoqTUre+4Zz/+1xnqPf2mSirpzOOSQ3r
AFwQiSgI2LAJXeLX
-----END CERTIFICATE-----
Generated at Sat May 17 20:58:32 2025 by rpki-client