Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/1s9uoz-UrWh09APtkWKcnvRFp10.roa
File: 1s9uoz-UrWh09APtkWKcnvRFp10.roa (raw, json)
Hash identifier: GoIj4g/cZhx5Kz+DoCc84QCJn/w/OIddtC6+5rNMnfs=
Subject key identifier: D6:CF:6E:A3:3F:94:AD:68:74:F4:03:ED:91:62:9C:9E:F4:45:A7:5D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 76CE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1s9uoz-UrWh09APtkWKcnvRFp10.roa
Signing time: Mon 14 Jul 2025 03:41:41 +0000
ROA not before: Mon 14 Jul 2025 03:41:41 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30414 (0x76ce)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 14 03:41:41 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=D6CF6EA33F94AD6874F403ED91629C9EF445A75D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:97:05:f0:af:a9:9a:1e:86:79:0c:32:30:a3:
b2:16:40:cc:74:8e:0b:70:f7:9d:06:b9:3b:62:cb:
9b:f0:f9:cb:52:fc:5b:f3:5f:10:09:87:8d:86:9b:
1e:20:f8:46:70:1e:4e:ba:a7:9a:3d:d8:11:d9:77:
78:dd:7a:d6:d0:d0:b6:7b:5b:77:3e:a4:2f:bc:37:
28:69:31:76:c2:45:0d:33:cc:55:93:21:cc:a7:c3:
5f:4a:3f:f7:6c:e2:90:82:08:47:fe:73:dd:82:90:
99:82:96:83:8c:22:ce:68:5a:2b:29:c6:ab:80:1b:
e0:ff:f4:8c:d4:5e:0b:27:9a:4e:5a:46:e9:91:45:
55:8b:21:8b:da:c4:37:57:a0:5b:8d:16:1a:bc:bf:
26:62:ce:91:8f:d0:5c:5b:cc:b7:de:88:c6:d5:f9:
d9:c0:12:0e:d7:16:79:0c:d8:13:f5:43:05:0e:92:
5e:67:0e:c5:18:1c:5c:17:3d:92:e7:6d:e5:a7:b4:
47:29:8c:67:d3:84:66:e7:51:6d:76:6c:71:0a:1c:
27:60:26:94:35:f9:e5:6b:b6:21:03:4c:67:4b:5d:
5e:61:21:4d:8c:8a:43:44:0b:8f:18:dd:82:6a:d7:
13:35:4c:dd:c8:98:80:68:1c:d7:f3:46:1a:ec:c8:
d0:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:CF:6E:A3:3F:94:AD:68:74:F4:03:ED:91:62:9C:9E:F4:45:A7:5D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1s9uoz-UrWh09APtkWKcnvRFp10.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
3b:38:0c:1c:15:18:ae:44:4a:ca:59:09:44:ee:6e:4c:22:86:
fb:1f:35:c6:fb:0b:72:55:35:08:8b:b5:c8:0c:a6:a9:3b:f3:
4f:08:77:9c:07:75:63:d0:cf:3b:f1:ef:c4:90:74:0b:9c:20:
c7:4e:0f:e1:99:df:4d:2d:ed:d1:50:74:1a:48:65:37:98:85:
53:20:e1:46:7d:cc:54:8e:c5:d1:8e:7c:a2:f8:60:23:27:46:
e7:13:46:ed:f4:25:33:e3:7e:85:99:50:7d:bb:55:c1:4e:cb:
6d:f0:6f:4c:9a:87:a8:5a:a5:56:4c:af:71:f1:a6:0d:15:40:
ec:db:c8:d3:d0:48:be:6c:96:3c:d0:e2:e4:b2:c1:8b:41:23:
ec:be:78:f4:7a:77:31:40:a1:e2:0f:15:3c:05:2c:f6:68:a1:
04:a6:2b:70:c0:3b:0a:3d:ad:70:2a:59:5d:6e:80:af:dc:10:
73:6c:78:aa:57:63:ee:43:98:05:b6:21:fc:fa:5c:ed:27:bd:
4a:6f:4e:6a:0c:11:78:82:b5:33:dc:23:61:28:ac:fb:78:1c:
5a:73:10:1d:69:7b:96:0d:87:f9:d9:4c:03:e8:34:aa:f4:09:
a3:3e:0a:33:b4:69:ed:f0:18:e5:cc:8f:c6:f1:28:c6:6d:94:
3b:7b:cf:d6
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICds4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTQw
MzQxNDFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEQ2Q0Y2RUEzM0Y5NEFE
Njg3NEY0MDNFRDkxNjI5QzlFRjQ0NUE3NUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCWlwXwr6maHoZ5DDIwo7IWQMx0jgtw950GuTtiy5vw+ctS/Fvz
XxAJh42Gmx4g+EZwHk66p5o92BHZd3jdetbQ0LZ7W3c+pC+8NyhpMXbCRQ0zzFWT
Icynw19KP/ds4pCCCEf+c92CkJmCloOMIs5oWispxquAG+D/9IzUXgsnmk5aRumR
RVWLIYvaxDdXoFuNFhq8vyZizpGP0FxbzLfeiMbV+dnAEg7XFnkM2BP1QwUOkl5n
DsUYHFwXPZLnbeWntEcpjGfThGbnUW12bHEKHCdgJpQ1+eVrtiEDTGdLXV5hIU2M
ikNEC48Y3YJq1xM1TN3ImIBoHNfzRhrsyNCZAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU1s9uoz+UrWh09APtkWKcnvRFp10wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzFzOXVvei1VcldoMDlB
UHRrV0tjbnZSRnAxMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA7OAwc
FRiuRErKWQlE7m5MIob7HzXG+wtyVTUIi7XIDKapO/NPCHecB3Vj0M878e/EkHQL
nCDHTg/hmd9NLe3RUHQaSGU3mIVTIOFGfcxUjsXRjnyi+GAjJ0bnE0bt9CUz436F
mVB9u1XBTstt8G9MmoeoWqVWTK9x8aYNFUDs28jT0Ei+bJY80OLkssGLQSPsvnj0
encxQKHiDxU8BSz2aKEEpitwwDsKPa1wKlldboCv3BBzbHiqV2PuQ5gFtiH8+lzt
J71Kb05qDBF4grUz3CNhKKz7eBxacxAdaXuWDYf52UwD6DSq9AmjPgoztGnt8Bjl
zI/G8SjGbZQ7e8/W
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:47:47 2025 by rpki-client