Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/-ixMUMWvPgGVPeujXmg2rFcL2eY.roa
File: -ixMUMWvPgGVPeujXmg2rFcL2eY.roa (raw, json)
Hash identifier: 3pO7tC11kxQsqe8Yz3YHJ8/3c88M5JxPqQ+UZbkLVv8=
Subject key identifier: FA:2C:4C:50:C5:AF:3E:01:95:3D:EB:A3:5E:68:36:AC:57:0B:D9:E6
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 734C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-ixMUMWvPgGVPeujXmg2rFcL2eY.roa
Signing time: Fri 04 Jul 2025 18:45:10 +0000
ROA not before: Fri 04 Jul 2025 18:45:10 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29516 (0x734c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 4 18:45:10 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=FA2C4C50C5AF3E01953DEBA35E6836AC570BD9E6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:82:6e:94:e3:a7:b8:de:d3:2b:fd:42:60:85:
4b:61:c8:c1:29:21:c2:6c:fb:d5:0b:8e:bb:1c:4f:
48:47:4f:8b:ac:1a:18:9f:0b:87:72:fb:49:e6:d0:
85:2f:e9:cf:8a:5a:95:f6:04:5f:78:04:ea:5a:62:
d0:71:a3:a0:43:1c:1e:75:76:18:13:28:46:dd:f5:
24:d8:36:64:ff:00:a9:9f:98:99:65:1b:ce:d7:97:
f5:3d:0e:d2:4e:10:0f:16:2f:7d:19:59:e2:7a:42:
fc:8f:96:c7:14:23:84:c3:91:96:a0:58:16:05:1e:
b1:af:f5:77:d8:7e:62:9e:e3:90:28:59:6d:a7:68:
48:3c:f2:58:3e:61:ff:f5:c0:97:6b:a0:cb:6c:1d:
d3:18:fd:21:9b:b1:44:15:be:a6:0b:7b:ec:22:1a:
ae:d9:5e:5f:b8:b4:6d:d0:03:34:80:c6:e7:cc:f2:
9c:54:34:a3:d1:4c:70:7a:7d:e0:a7:2d:c4:fd:fe:
3a:c4:8c:1c:a5:cf:98:cf:3d:b8:e8:24:40:1c:ea:
07:ec:d3:d3:d6:64:24:5c:89:18:4d:5d:05:6e:a8:
7a:0d:44:cd:bc:20:e9:73:e8:bb:60:2d:00:22:b4:
e1:87:4b:64:99:02:62:77:95:f9:33:9a:d4:e5:a6:
74:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:2C:4C:50:C5:AF:3E:01:95:3D:EB:A3:5E:68:36:AC:57:0B:D9:E6
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-ixMUMWvPgGVPeujXmg2rFcL2eY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
72:0a:c4:9c:bb:01:bf:e1:f7:bb:8c:e5:96:26:fe:23:10:a3:
62:d5:5d:e5:eb:be:5b:52:fd:52:04:5a:f0:65:d5:25:92:67:
6e:ac:81:fc:70:6d:5c:88:3e:4b:5f:03:e9:58:1e:49:26:5f:
ab:37:1c:17:6f:39:88:43:91:c2:1f:24:94:a2:49:f3:b5:c4:
c7:96:fc:4d:3b:5b:d4:1a:b2:13:d9:de:83:d9:12:3b:c6:ea:
2f:cd:a8:ab:32:08:0f:8b:e2:76:52:05:4d:e9:af:55:7a:f6:
d8:bd:5e:46:96:44:2b:7c:fb:9a:87:09:68:f1:dc:09:ed:80:
bf:fe:4a:9f:b1:1e:45:d6:bd:31:bf:a6:ab:c7:a2:07:f7:5a:
73:cb:ae:bf:b7:1d:b4:6e:63:31:b5:d1:ec:9d:fa:f5:79:b5:
2e:b8:4b:8c:50:b0:32:d7:38:59:20:20:f0:a3:6d:4d:2e:39:
57:30:11:85:f1:f2:21:c8:bf:75:d2:97:3a:16:7c:78:a6:75:
58:f9:b4:a8:bb:0c:d1:2c:6d:6c:68:42:10:16:8d:24:60:fc:
cf:eb:cc:7b:44:a2:ec:f0:e2:d4:2e:14:92:b2:c8:59:f8:76:
65:66:f9:4b:78:3d:b1:0f:28:d1:5d:68:b9:ca:8e:fc:18:66:
e5:bc:3f:b0
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICc0wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDQx
ODQ1MTBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEZBMkM0QzUwQzVBRjNF
MDE5NTNERUJBMzVFNjgzNkFDNTcwQkQ5RTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDOgm6U46e43tMr/UJghUthyMEpIcJs+9ULjrscT0hHT4usGhif
C4dy+0nm0IUv6c+KWpX2BF94BOpaYtBxo6BDHB51dhgTKEbd9STYNmT/AKmfmJll
G87Xl/U9DtJOEA8WL30ZWeJ6QvyPlscUI4TDkZagWBYFHrGv9XfYfmKe45AoWW2n
aEg88lg+Yf/1wJdroMtsHdMY/SGbsUQVvqYLe+wiGq7ZXl+4tG3QAzSAxufM8pxU
NKPRTHB6feCnLcT9/jrEjBylz5jPPbjoJEAc6gfs09PWZCRciRhNXQVuqHoNRM28
IOlz6LtgLQAitOGHS2SZAmJ3lfkzmtTlpnSNAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU+ixMUMWvPgGVPeujXmg2rFcL2eYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3Ly1peE1VTVd2UGdHVlBl
dWpYbWcyckZjTDJlWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQByCsSc
uwG/4fe7jOWWJv4jEKNi1V3l675bUv1SBFrwZdUlkmdurIH8cG1ciD5LXwPpWB5J
Jl+rNxwXbzmIQ5HCHySUoknztcTHlvxNO1vUGrIT2d6D2RI7xuovzairMggPi+J2
UgVN6a9VevbYvV5GlkQrfPuahwlo8dwJ7YC//kqfsR5F1r0xv6arx6IH91pzy66/
tx20bmMxtdHsnfr1ebUuuEuMULAy1zhZICDwo21NLjlXMBGF8fIhyL910pc6Fnx4
pnVY+bSouwzRLG1saEIQFo0kYPzP68x7RKLs8OLULhSSsshZ+HZlZvlLeD2xDyjR
XWi5yo78GGblvD+w
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:46:39 2025 by rpki-client