Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/1IsFTKQRtheAkp7NL-BDIjSnou4.roa
File: 1IsFTKQRtheAkp7NL-BDIjSnou4.roa (raw, json)
Hash identifier: tQ0If1EtLgdFM2y+s2cLHTFLKvGn676qtqkT4hPX6J0=
Subject key identifier: D4:8B:05:4C:A4:11:B6:17:80:92:9E:CD:2F:E0:43:22:34:A7:A2:EE
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7308
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1IsFTKQRtheAkp7NL-BDIjSnou4.roa
Signing time: Fri 04 Jul 2025 01:44:46 +0000
ROA not before: Fri 04 Jul 2025 01:44:46 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29448 (0x7308)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 4 01:44:46 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=D48B054CA411B61780929ECD2FE0432234A7A2EE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:83:03:6a:d6:c8:8c:b7:db:9a:41:8f:54:9f:
05:1a:af:89:90:cb:0a:37:fb:25:cd:65:9e:87:37:
b2:7c:80:bb:99:31:bd:21:dc:34:84:cb:48:69:13:
47:70:e2:27:e3:59:46:95:c4:53:7d:3f:db:8a:17:
bb:14:51:82:84:be:95:0c:f4:23:3c:cc:96:08:7a:
29:a3:dd:3e:f4:16:b4:8b:08:40:f2:d5:d8:a0:45:
96:53:19:09:a9:e7:ed:c8:98:a1:19:a3:0a:dc:08:
c7:d8:38:6b:73:74:8c:ef:9a:94:db:fd:69:ab:4e:
fe:c1:73:e2:36:2e:60:9f:da:1f:a4:ba:54:0e:36:
2d:33:65:15:f4:d3:4f:59:d5:ba:b8:06:13:bb:6b:
41:af:06:09:89:21:08:08:cb:54:13:8e:df:e8:9d:
8b:c2:10:85:ce:50:db:60:2b:7e:49:89:18:ae:69:
4f:67:26:9f:55:1e:60:7c:dd:01:0c:8b:0e:0a:ec:
f0:38:1e:23:36:b6:59:01:ea:e2:bf:f6:04:46:cd:
f3:8b:1c:58:99:fc:bb:b9:a2:2e:06:d7:07:e8:4d:
a8:06:a4:23:fd:57:da:64:25:09:93:7f:37:48:44:
90:a3:e1:07:9e:c6:01:7e:18:17:25:59:90:24:ea:
1f:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:8B:05:4C:A4:11:B6:17:80:92:9E:CD:2F:E0:43:22:34:A7:A2:EE
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1IsFTKQRtheAkp7NL-BDIjSnou4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
92:69:09:6d:fd:bd:4e:2b:5e:40:a5:b5:fe:18:3b:5d:be:44:
30:63:c4:8f:74:2f:1a:fc:1e:37:cb:95:1d:34:8e:c1:61:93:
47:ea:96:f7:1e:13:f2:d7:67:5b:be:05:d7:99:7f:28:f1:ea:
2d:cb:d4:eb:30:9c:73:f3:e4:f1:89:bb:2b:09:c9:6b:2e:8d:
d6:d2:1e:82:2b:a3:98:cd:4c:1e:a8:88:cb:db:70:c0:fa:bc:
58:33:a9:63:4f:44:d1:99:a8:00:3e:c3:95:be:48:8b:a3:b6:
a4:76:f6:f1:43:fb:a3:67:6c:59:a5:e8:5c:94:d5:c6:33:ad:
ce:d8:43:db:2d:cf:71:04:39:b1:9e:5a:90:b0:64:8a:2d:62:
48:a7:20:a7:ad:c9:ba:f6:79:74:64:e0:2f:a1:42:64:b2:1b:
1c:e0:9d:73:7c:d3:be:cf:b6:f9:42:05:61:15:9a:4c:99:40:
b2:82:a1:ab:e3:95:83:1b:c6:28:cb:85:54:89:16:d8:d5:bf:
b1:96:83:68:b5:54:0c:c0:32:9a:a6:0e:ef:b2:83:f6:12:30:
0f:d1:c1:c6:66:8c:b8:f9:9e:9e:14:e4:b9:1b:28:10:8b:6d:
36:e7:a6:25:ae:cf:ad:d3:a4:ac:52:80:01:e0:90:f0:e4:f4:
75:1b:f5:6b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcwgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDQw
MTQ0NDZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEQ0OEIwNTRDQTQxMUI2
MTc4MDkyOUVDRDJGRTA0MzIyMzRBN0EyRUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDFgwNq1siMt9uaQY9UnwUar4mQywo3+yXNZZ6HN7J8gLuZMb0h
3DSEy0hpE0dw4ifjWUaVxFN9P9uKF7sUUYKEvpUM9CM8zJYIeimj3T70FrSLCEDy
1digRZZTGQmp5+3ImKEZowrcCMfYOGtzdIzvmpTb/WmrTv7Bc+I2LmCf2h+kulQO
Ni0zZRX0009Z1bq4BhO7a0GvBgmJIQgIy1QTjt/onYvCEIXOUNtgK35JiRiuaU9n
Jp9VHmB83QEMiw4K7PA4HiM2tlkB6uK/9gRGzfOLHFiZ/Lu5oi4G1wfoTagGpCP9
V9pkJQmTfzdIRJCj4QeexgF+GBclWZAk6h9/AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU1IsFTKQRtheAkp7NL+BDIjSnou4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzFJc0ZUS1FSdGhlQWtw
N05MLUJESWpTbm91NC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCSaQlt
/b1OK15ApbX+GDtdvkQwY8SPdC8a/B43y5UdNI7BYZNH6pb3HhPy12dbvgXXmX8o
8eoty9TrMJxz8+TxibsrCclrLo3W0h6CK6OYzUweqIjL23DA+rxYM6ljT0TRmagA
PsOVvkiLo7akdvbxQ/ujZ2xZpehclNXGM63O2EPbLc9xBDmxnlqQsGSKLWJIpyCn
rcm69nl0ZOAvoUJkshsc4J1zfNO+z7b5QgVhFZpMmUCygqGr45WDG8Yoy4VUiRbY
1b+xloNotVQMwDKapg7vsoP2EjAP0cHGZoy4+Z6eFOS5GygQi20256Ylrs+t06Ss
UoAB4JDw5PR1G/Vr
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:46:36 2025 by rpki-client