Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/-T0aKg9Z51fDIrHX4kplFTFpYog.roa
File: -T0aKg9Z51fDIrHX4kplFTFpYog.roa (raw, json)
Hash identifier: p5i5W/ukuhY5MbIqPqox3U4vAoJKyPMAwQEeO3it3tM=
Subject key identifier: F9:3D:1A:2A:0F:59:E7:57:C3:22:B1:D7:E2:4A:65:15:31:69:62:88
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7842
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-T0aKg9Z51fDIrHX4kplFTFpYog.roa
Signing time: Fri 18 Jul 2025 00:42:04 +0000
ROA not before: Fri 18 Jul 2025 00:42:04 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30786 (0x7842)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 18 00:42:04 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=F93D1A2A0F59E757C322B1D7E24A651531696288
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:d8:a6:7c:98:89:42:df:d9:72:04:cf:ec:74:
5b:1a:0e:fc:ff:c5:cc:23:1b:3b:96:76:19:31:60:
92:0f:98:b9:ce:5b:88:03:03:ab:35:d7:29:f2:23:
f6:45:89:f5:69:f6:ed:3a:df:6c:8f:67:6b:6b:7b:
89:c1:03:d4:6a:49:64:75:95:cb:ce:66:b4:78:c4:
8d:b3:bf:c0:0c:53:f5:14:81:e1:e1:71:9f:e7:6e:
58:2f:8c:a1:79:68:3d:6f:35:25:8a:9e:55:ef:89:
25:4d:d3:77:cc:93:d6:7e:81:28:4f:c5:81:0d:cb:
26:d7:74:8e:6f:52:72:b9:87:ec:78:2e:75:59:ab:
e1:74:a9:22:15:23:76:0f:e7:4e:45:40:94:5e:d6:
f5:34:8f:c6:a7:8d:90:30:8c:9f:ce:09:35:de:e0:
73:ee:a5:fd:d3:18:84:2a:99:85:ab:73:26:15:1c:
b7:6b:fb:20:cd:a3:1d:47:c2:05:a3:bc:35:f9:a9:
5b:14:43:ce:7f:c7:c7:0d:09:0c:98:53:da:4e:31:
34:1a:21:20:24:e9:9a:25:18:ac:e6:bd:6e:b4:52:
42:e6:cf:98:c3:fe:96:e0:19:c6:f5:17:b2:50:a3:
6c:a0:9c:0f:80:78:45:7c:79:8a:37:b2:24:bf:10:
34:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:3D:1A:2A:0F:59:E7:57:C3:22:B1:D7:E2:4A:65:15:31:69:62:88
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-T0aKg9Z51fDIrHX4kplFTFpYog.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
51:ee:21:26:9b:d7:eb:a1:45:13:6a:7c:ed:33:ef:eb:4f:98:
23:89:32:77:59:34:b4:3c:04:25:66:89:d7:1e:b0:19:93:ef:
0c:e1:df:d8:9f:a5:0c:d6:d4:af:17:69:74:bf:e1:7b:74:47:
94:44:91:86:42:7d:58:58:03:44:e2:90:f8:f4:38:97:8a:e3:
7d:0f:0e:57:d4:7a:db:71:ef:87:7f:ab:67:22:ec:4a:5c:73:
b4:f5:18:03:bd:42:7a:a7:8e:a7:70:73:fb:b9:df:e9:27:44:
8e:6f:36:62:c7:c2:d4:53:bc:83:02:d0:e0:bf:45:63:c5:28:
6a:7c:dc:82:c5:a5:5b:6b:81:2c:cc:df:27:60:eb:46:52:91:
d0:08:36:38:48:6e:8c:c0:70:31:b4:2b:16:85:98:d5:a5:ad:
a7:ed:c4:40:a0:6c:4d:0d:90:21:be:b0:92:6d:ae:55:71:0a:
db:5b:ce:eb:15:d4:6f:3f:f7:91:cf:30:17:a7:24:12:df:0b:
4b:3c:10:6c:40:72:1b:e5:91:99:e2:aa:f1:12:37:4d:31:4e:
1c:17:df:9a:07:3d:09:8a:18:4b:11:a5:b6:29:fb:7b:e7:87:
b7:49:49:23:a1:b4:ef:69:6b:1b:82:65:e2:01:0e:90:18:e1:
f2:b2:ab:75
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeEIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTgw
MDQyMDRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEY5M0QxQTJBMEY1OUU3
NTdDMzIyQjFEN0UyNEE2NTE1MzE2OTYyODgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDe2KZ8mIlC39lyBM/sdFsaDvz/xcwjGzuWdhkxYJIPmLnOW4gD
A6s11ynyI/ZFifVp9u0632yPZ2tre4nBA9RqSWR1lcvOZrR4xI2zv8AMU/UUgeHh
cZ/nblgvjKF5aD1vNSWKnlXviSVN03fMk9Z+gShPxYENyybXdI5vUnK5h+x4LnVZ
q+F0qSIVI3YP505FQJRe1vU0j8anjZAwjJ/OCTXe4HPupf3TGIQqmYWrcyYVHLdr
+yDNox1HwgWjvDX5qVsUQ85/x8cNCQyYU9pOMTQaISAk6ZolGKzmvW60UkLmz5jD
/pbgGcb1F7JQo2ygnA+AeEV8eYo3siS/EDSHAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU+T0aKg9Z51fDIrHX4kplFTFpYogwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3Ly1UMGFLZzlaNTFmREly
SFg0a3BsRlRGcFlvZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBR7iEm
m9froUUTanztM+/rT5gjiTJ3WTS0PAQlZonXHrAZk+8M4d/Yn6UM1tSvF2l0v+F7
dEeURJGGQn1YWANE4pD49DiXiuN9Dw5X1Hrbce+Hf6tnIuxKXHO09RgDvUJ6p46n
cHP7ud/pJ0SObzZix8LUU7yDAtDgv0VjxShqfNyCxaVba4EszN8nYOtGUpHQCDY4
SG6MwHAxtCsWhZjVpa2n7cRAoGxNDZAhvrCSba5VcQrbW87rFdRvP/eRzzAXpyQS
3wtLPBBsQHIb5ZGZ4qrxEjdNMU4cF9+aBz0JihhLEaW2Kft754e3SUkjobTvaWsb
gmXiAQ6QGOHysqt1
-----END CERTIFICATE-----
Generated at Sun Jul 20 16:37:09 2025 by rpki-client