Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/1Z-ek6oI-fL1by4AMC8l8_jHwOk.roa
File: 1Z-ek6oI-fL1by4AMC8l8_jHwOk.roa (raw, json)
Hash identifier: gz+m3mEqlqf+GfZQKSfjFIOFuMOc7Uyp+vhcUby26AY=
Subject key identifier: D5:9F:9E:93:AA:08:F9:F2:F5:6F:2E:00:30:2F:25:F3:F8:C7:C0:E9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6F72
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1Z-ek6oI-fL1by4AMC8l8_jHwOk.roa
Signing time: Tue 24 Jun 2025 18:14:38 +0000
ROA not before: Tue 24 Jun 2025 18:14:38 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28530 (0x6f72)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 24 18:14:38 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=D59F9E93AA08F9F2F56F2E00302F25F3F8C7C0E9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:7f:a6:e3:34:b6:fb:ef:04:48:ea:56:e7:43:
de:14:87:75:cf:c5:e6:c3:11:87:49:a8:a5:89:56:
ad:cf:06:1f:66:dc:ae:cf:67:2b:c7:05:03:d9:75:
9d:57:a2:d5:f9:95:84:c6:a7:0f:37:60:07:b3:bf:
ea:47:b1:b1:fd:93:7c:65:bb:e8:98:80:33:76:36:
6e:01:77:2d:a5:9c:e7:95:70:eb:22:5b:43:9a:c3:
8d:14:72:a2:35:3f:74:34:0d:a3:44:2f:ad:36:31:
1c:8a:9f:6f:d6:88:4a:be:54:6d:78:37:64:a0:6d:
d1:a2:88:34:e0:84:26:31:e3:b3:98:79:fc:57:2e:
2d:dc:4b:22:8f:51:ab:63:12:47:81:2b:da:6f:28:
e1:ff:b0:7d:7d:97:11:18:8a:81:21:7e:1b:68:89:
35:e6:06:43:10:5a:47:a1:39:d7:6f:42:2e:80:ee:
ed:dd:f2:b1:0a:63:64:61:15:ed:b1:c7:e7:68:15:
37:f4:56:a6:7b:e2:da:b5:6d:22:0f:17:57:59:52:
62:c2:d4:8b:6e:18:0c:43:3f:1f:bd:9c:4a:1c:ad:
5e:11:b0:99:f3:48:64:c0:cd:64:73:3d:77:21:66:
74:9c:99:c4:c1:9d:60:59:56:f7:4a:75:b6:73:81:
19:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:9F:9E:93:AA:08:F9:F2:F5:6F:2E:00:30:2F:25:F3:F8:C7:C0:E9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1Z-ek6oI-fL1by4AMC8l8_jHwOk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
16:a6:f8:32:c5:e6:e6:5f:31:d7:80:fc:9e:46:b6:9e:df:cb:
9e:d9:b3:f2:0d:03:24:bf:23:77:ea:31:9b:57:65:1a:72:c1:
7a:aa:63:5d:72:07:77:09:38:8f:6a:a6:d7:61:54:5c:9b:e1:
83:0b:9f:fe:4d:e6:f6:05:2e:5d:cc:50:01:66:88:b1:ac:8d:
c8:3c:05:8a:da:9d:49:28:c6:a0:46:7a:76:c7:49:c7:39:db:
83:f8:1f:b6:d6:2e:bf:1f:7e:4b:d8:0a:f5:7f:36:1a:a2:41:
6e:23:5f:e4:48:fd:ab:6b:b2:65:b6:fe:70:90:cc:53:b7:f6:
db:66:19:93:c2:20:4c:16:9f:34:42:2e:f4:e7:18:a1:80:b0:
dd:09:c1:41:5b:be:03:f8:34:f2:59:a4:54:3c:c5:68:4b:21:
19:33:b5:6b:b6:73:5b:98:63:3c:11:7a:e9:b9:fb:f8:bd:24:
c1:86:da:2b:f3:88:94:a0:45:29:b7:36:61:18:df:ca:a8:3d:
67:85:2b:07:70:13:28:4f:89:ed:4c:fb:e8:d1:3a:b0:ee:a1:
e3:ff:e6:14:b0:c9:a8:52:2f:8c:2d:ab:41:43:cd:da:05:f2:
32:7c:80:c1:0f:6b:a4:64:af:3c:77:b5:e3:24:cc:db:76:9d:
fe:d1:81:42
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICb3IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjQx
ODE0MzhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEQ1OUY5RTkzQUEwOEY5
RjJGNTZGMkUwMDMwMkYyNUYzRjhDN0MwRTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDSf6bjNLb77wRI6lbnQ94Uh3XPxebDEYdJqKWJVq3PBh9m3K7P
ZyvHBQPZdZ1XotX5lYTGpw83YAezv+pHsbH9k3xlu+iYgDN2Nm4Bdy2lnOeVcOsi
W0Oaw40UcqI1P3Q0DaNEL602MRyKn2/WiEq+VG14N2SgbdGiiDTghCYx47OYefxX
Li3cSyKPUatjEkeBK9pvKOH/sH19lxEYioEhfhtoiTXmBkMQWkehOddvQi6A7u3d
8rEKY2RhFe2xx+doFTf0VqZ74tq1bSIPF1dZUmLC1ItuGAxDPx+9nEocrV4RsJnz
SGTAzWRzPXchZnScmcTBnWBZVvdKdbZzgRlhAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU1Z+ek6oI+fL1by4AMC8l8/jHwOkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzFaLWVrNm9JLWZMMWJ5
NEFNQzhsOF9qSHdPay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAWpvgy
xebmXzHXgPyeRrae38ue2bPyDQMkvyN36jGbV2UacsF6qmNdcgd3CTiPaqbXYVRc
m+GDC5/+Teb2BS5dzFABZoixrI3IPAWK2p1JKMagRnp2x0nHOduD+B+21i6/H35L
2Ar1fzYaokFuI1/kSP2ra7Jltv5wkMxTt/bbZhmTwiBMFp80Qi705xihgLDdCcFB
W74D+DTyWaRUPMVoSyEZM7VrtnNbmGM8EXrpufv4vSTBhtor84iUoEUptzZhGN/K
qD1nhSsHcBMoT4ntTPvo0Tqw7qHj/+YUsMmoUi+MLatBQ83aBfIyfIDBD2ukZK88
d7XjJMzbdp3+0YFC
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:34:04 2025 by rpki-client