Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/-9Ulp9ZYzhjA2xJxbnUYH2uOqog.roa
File: -9Ulp9ZYzhjA2xJxbnUYH2uOqog.roa (raw, json)
Hash identifier: eCV3y1eT0VSuX2YxokYICiWPr4V0LDS/IjnUqCdYdlY=
Subject key identifier: FB:D5:25:A7:D6:58:CE:18:C0:DB:12:71:6E:75:18:1F:6B:8E:AA:88
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 72D2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-9Ulp9ZYzhjA2xJxbnUYH2uOqog.roa
Signing time: Thu 03 Jul 2025 12:14:53 +0000
ROA not before: Thu 03 Jul 2025 12:14:53 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29394 (0x72d2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 3 12:14:53 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=FBD525A7D658CE18C0DB12716E75181F6B8EAA88
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:4d:4c:b5:00:06:b9:cc:d4:21:da:2c:e4:91:
35:7d:1c:27:1f:1f:02:60:7d:4d:98:16:a5:a5:73:
0e:fa:90:8e:92:65:1d:12:e3:10:bb:71:54:5e:b2:
53:6c:71:4f:67:ff:fb:55:79:b1:aa:82:09:f2:8d:
f6:dd:93:39:38:9c:65:ac:b9:c8:a3:2c:a3:6e:42:
68:60:cd:95:6b:1d:9b:80:9e:03:8e:f6:a8:9a:cf:
1b:31:1d:b6:d1:42:29:84:1a:09:28:22:e0:8a:f3:
d7:af:5f:f9:e8:e9:25:e1:cc:2b:f0:d7:87:fb:e0:
8a:6a:af:72:8e:d8:c1:70:09:60:ae:73:65:be:1b:
73:fd:10:00:9b:8c:41:91:3f:63:3f:2d:8d:5d:8b:
00:48:86:d7:4e:04:d2:d4:b4:91:04:a0:8b:1c:7c:
d9:e7:ec:fe:fd:be:f6:6a:ac:b1:96:a4:94:f4:7f:
14:f3:20:0e:61:c5:9c:47:af:78:e1:93:42:13:74:
05:11:97:45:5b:26:d0:7c:ad:4d:ce:fb:d1:47:90:
30:4f:c4:f5:f6:6c:d8:d6:74:49:9f:5a:17:79:f6:
96:65:ac:20:db:88:62:02:96:88:c3:42:2f:b2:52:
3d:39:78:75:25:0f:2b:8f:a7:ed:5b:e0:1c:d0:83:
92:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:D5:25:A7:D6:58:CE:18:C0:DB:12:71:6E:75:18:1F:6B:8E:AA:88
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-9Ulp9ZYzhjA2xJxbnUYH2uOqog.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
85:9d:99:7e:9a:56:3d:70:90:46:79:2e:b0:5c:69:2f:4b:0d:
19:1f:71:b9:8b:6b:e1:2c:a2:bd:87:bd:75:67:b7:02:aa:1c:
5a:53:a6:1b:0b:c4:78:95:85:dc:f6:35:90:57:7d:2c:7d:87:
5e:ed:3a:c5:eb:ad:ba:76:3c:99:7c:f4:73:0d:86:73:6b:76:
80:4f:38:11:3f:55:bb:13:d2:6d:c9:49:ec:25:08:0e:9c:28:
36:d4:55:fc:88:20:88:9a:28:81:72:d9:93:fb:0f:46:4d:6b:
5e:31:31:f5:52:1e:6c:c7:09:7b:13:70:b0:44:61:36:66:2d:
26:a9:e7:97:f6:40:f9:5b:ce:d0:16:e8:87:aa:49:62:7c:cb:
7e:85:d3:b1:86:a8:20:d1:ec:27:1c:24:7d:80:5f:ba:fe:24:
76:da:fd:0d:b4:af:fc:a9:c7:d4:78:37:a6:b6:96:24:56:a7:
2c:50:de:35:6f:cf:86:da:43:ae:d4:86:16:d2:13:0f:e3:c7:
5a:f1:9b:6f:e2:c6:bd:09:71:02:91:f7:c1:4f:6a:d7:37:84:
25:1c:84:12:70:f0:5b:da:09:ac:0f:7a:c3:f6:4c:56:66:50:
e5:94:21:1b:c5:a1:a1:6a:e0:c8:62:22:f0:9a:bd:13:c0:77:
06:95:08:5b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICctIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDMx
MjE0NTNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEZCRDUyNUE3RDY1OENF
MThDMERCMTI3MTZFNzUxODFGNkI4RUFBODgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9TUy1AAa5zNQh2izkkTV9HCcfHwJgfU2YFqWlcw76kI6SZR0S
4xC7cVReslNscU9n//tVebGqggnyjfbdkzk4nGWsucijLKNuQmhgzZVrHZuAngOO
9qiazxsxHbbRQimEGgkoIuCK89evX/no6SXhzCvw14f74Ipqr3KO2MFwCWCuc2W+
G3P9EACbjEGRP2M/LY1diwBIhtdOBNLUtJEEoIscfNnn7P79vvZqrLGWpJT0fxTz
IA5hxZxHr3jhk0ITdAURl0VbJtB8rU3O+9FHkDBPxPX2bNjWdEmfWhd59pZlrCDb
iGIClojDQi+yUj05eHUlDyuPp+1b4BzQg5JTAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU+9Ulp9ZYzhjA2xJxbnUYH2uOqogwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3Ly05VWxwOVpZemhqQTJ4
SnhiblVZSDJ1T3FvZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCFnZl+
mlY9cJBGeS6wXGkvSw0ZH3G5i2vhLKK9h711Z7cCqhxaU6YbC8R4lYXc9jWQV30s
fYde7TrF6626djyZfPRzDYZza3aATzgRP1W7E9JtyUnsJQgOnCg21FX8iCCImiiB
ctmT+w9GTWteMTH1Uh5sxwl7E3CwRGE2Zi0mqeeX9kD5W87QFuiHqklifMt+hdOx
hqgg0ewnHCR9gF+6/iR22v0NtK/8qcfUeDemtpYkVqcsUN41b8+G2kOu1IYW0hMP
48da8Ztv4sa9CXECkffBT2rXN4QlHIQScPBb2gmsD3rD9kxWZlDllCEbxaGhauDI
YiLwmr0TwHcGlQhb
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:37:55 2025 by rpki-client