Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/0pzOkgDoXvfMMqm_98GgE0Z2bBw.roa
File: 0pzOkgDoXvfMMqm_98GgE0Z2bBw.roa (raw, json)
Hash identifier: AnyAhIohJkYO9ehJ+qOFAJTEUSwKot7oY+nrCNGGlog=
Subject key identifier: D2:9C:CE:92:00:E8:5E:F7:CC:32:A9:BF:F7:C1:A0:13:46:76:6C:1C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 77E2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0pzOkgDoXvfMMqm_98GgE0Z2bBw.roa
Signing time: Thu 17 Jul 2025 00:43:46 +0000
ROA not before: Thu 17 Jul 2025 00:43:46 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30690 (0x77e2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 17 00:43:46 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=D29CCE9200E85EF7CC32A9BFF7C1A01346766C1C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:fe:13:fc:f8:8e:e0:f7:b4:58:74:91:0a:8c:
e8:67:05:59:c9:3b:c5:66:02:6d:6c:14:9b:39:4f:
6b:5c:ef:0e:b3:d6:99:ef:ae:fb:d9:1d:29:91:62:
06:dc:c2:72:02:98:32:bc:af:e8:6a:d4:50:b9:2b:
66:16:20:f4:9d:9f:26:43:9d:b1:d3:8e:49:f0:5d:
f9:80:77:77:b1:31:59:39:53:5f:19:7e:69:44:bf:
7c:56:cc:e8:47:0c:be:f4:19:91:b3:4d:86:2c:b6:
a8:00:4a:9f:35:44:37:cc:d3:78:e4:c0:0d:68:28:
e7:12:12:f1:71:aa:d9:f1:9e:64:1e:e9:1a:1b:e7:
8a:6b:c9:6a:2b:0a:d5:46:86:9f:8a:d5:88:b8:8a:
95:99:69:87:70:ba:04:a6:bc:8a:6d:a4:29:e0:65:
ba:17:89:19:d7:d4:42:aa:26:e7:97:9e:7b:aa:a0:
45:72:a8:d7:cd:23:fd:e5:57:dd:7f:e8:48:bc:96:
35:6b:d6:aa:f8:58:24:a6:47:c0:4e:e1:32:9c:45:
10:00:e6:50:13:b0:4c:e2:f1:94:44:c7:51:78:3c:
31:5d:a3:43:e7:f6:20:21:3c:73:7d:e7:ee:33:ec:
a2:70:22:4d:b9:af:8b:84:8d:22:c6:f9:26:88:73:
6a:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:9C:CE:92:00:E8:5E:F7:CC:32:A9:BF:F7:C1:A0:13:46:76:6C:1C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0pzOkgDoXvfMMqm_98GgE0Z2bBw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
56:3c:33:02:cc:b3:0e:56:21:4a:54:b9:38:25:65:a1:4b:ab:
ca:74:76:82:d2:7f:65:c1:69:4f:e5:ee:79:ed:3f:37:77:d9:
63:31:63:df:77:08:28:a5:1f:5e:cd:d1:6b:a1:51:28:76:ed:
80:c3:c8:bb:04:89:52:40:7a:21:f0:29:8f:a0:84:1a:c1:69:
e2:17:f9:33:67:a5:3e:f3:cc:c1:41:33:58:d9:a8:00:3d:74:
ea:ac:c5:97:fd:24:9d:1a:44:61:41:48:ce:46:70:84:9a:ab:
9e:8d:88:01:0d:9c:e8:af:dc:8d:d8:c1:44:33:ee:b1:b9:2a:
52:cb:79:75:1a:a5:21:d6:75:47:3a:74:3c:bc:23:f2:ed:a7:
26:42:7e:12:3e:16:a8:7d:dc:f0:26:57:4e:c7:ff:ba:66:d6:
9d:da:8d:f6:46:10:fd:0b:4c:f6:2b:e3:a8:89:06:68:1b:3c:
8b:1c:ac:e4:bf:ed:c6:a1:aa:fc:f9:04:3a:95:77:06:df:39:
25:b2:11:c7:57:4e:06:ab:0d:33:b7:da:c8:34:f0:ec:42:c9:
0b:ae:1a:1c:1a:dc:f3:c0:4d:47:3e:02:75:1f:33:c1:7d:d4:
db:f4:cc:34:20:0d:d9:df:db:9d:e2:8b:ba:9d:ba:fe:38:62:
d8:62:89:33
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICd+IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTcw
MDQzNDZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEQyOUNDRTkyMDBFODVF
RjdDQzMyQTlCRkY3QzFBMDEzNDY3NjZDMUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCj/hP8+I7g97RYdJEKjOhnBVnJO8VmAm1sFJs5T2tc7w6z1pnv
rvvZHSmRYgbcwnICmDK8r+hq1FC5K2YWIPSdnyZDnbHTjknwXfmAd3exMVk5U18Z
fmlEv3xWzOhHDL70GZGzTYYstqgASp81RDfM03jkwA1oKOcSEvFxqtnxnmQe6Rob
54pryWorCtVGhp+K1Yi4ipWZaYdwugSmvIptpCngZboXiRnX1EKqJueXnnuqoEVy
qNfNI/3lV91/6Ei8ljVr1qr4WCSmR8BO4TKcRRAA5lATsEzi8ZREx1F4PDFdo0Pn
9iAhPHN95+4z7KJwIk25r4uEjSLG+SaIc2o/AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU0pzOkgDoXvfMMqm/98GgE0Z2bBwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzBwek9rZ0RvWHZmTU1x
bV85OEdnRTBaMmJCdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBWPDMC
zLMOViFKVLk4JWWhS6vKdHaC0n9lwWlP5e557T83d9ljMWPfdwgopR9ezdFroVEo
du2Aw8i7BIlSQHoh8CmPoIQawWniF/kzZ6U+88zBQTNY2agAPXTqrMWX/SSdGkRh
QUjORnCEmquejYgBDZzor9yN2MFEM+6xuSpSy3l1GqUh1nVHOnQ8vCPy7acmQn4S
PhaofdzwJldOx/+6Ztad2o32RhD9C0z2K+OoiQZoGzyLHKzkv+3Goar8+QQ6lXcG
3zklshHHV04Gqw0zt9rINPDsQskLrhocGtzzwE1HPgJ1HzPBfdTb9Mw0IA3Z39ud
4ou6nbr+OGLYYokz
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:50:35 2025 by rpki-client