Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/1wsIAgo0F05MeIwECSNulbLKOwM.roa
File: 1wsIAgo0F05MeIwECSNulbLKOwM.roa (raw, json)
Hash identifier: EfdfXlpvEVz5aRXA+BPo8iUHygwicWPfmhm9qrcoGks=
Subject key identifier: D7:0B:08:02:0A:34:17:4E:4C:78:8C:04:09:23:6E:95:B2:CA:3B:03
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 78CC
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1wsIAgo0F05MeIwECSNulbLKOwM.roa
Signing time: Sat 19 Jul 2025 11:12:46 +0000
ROA not before: Sat 19 Jul 2025 11:12:46 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30924 (0x78cc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 19 11:12:46 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=D70B08020A34174E4C788C0409236E95B2CA3B03
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:4a:9d:bf:84:c7:48:63:d3:75:30:b2:d4:1f:
ed:0a:95:6f:3c:f3:51:2c:c6:9b:a1:8e:ab:e6:b1:
46:15:e2:f1:6d:a0:12:48:27:04:22:27:d8:6e:76:
10:4a:3e:df:a0:79:3c:7b:fb:cd:05:3c:cc:27:38:
b2:b7:e0:a6:67:5c:8a:e7:e4:c5:dd:b5:0b:a5:0f:
ba:22:5d:65:e5:46:41:0d:a8:10:79:19:01:05:12:
b6:83:fb:d3:ae:56:ed:3b:65:77:d6:db:7c:51:29:
44:0b:f1:98:00:b1:55:8d:55:fd:4c:9c:a6:6e:6d:
f7:95:5b:2c:e8:09:4b:1b:24:e3:d6:a8:be:d5:8c:
a7:25:c1:4e:33:ab:a5:96:fb:65:39:96:5d:16:68:
4c:8b:b5:b0:f3:a0:80:7b:1d:c7:39:6f:8a:91:ec:
2d:f8:28:d8:72:9c:6e:30:a9:b5:19:ad:aa:f4:9c:
8f:78:10:02:9f:5e:3a:99:95:e4:02:e8:c4:a9:3d:
fe:62:22:42:ce:78:29:d1:12:35:d2:89:5d:c7:a9:
6f:2e:cd:4b:73:1f:d3:9a:59:c5:0f:c6:86:66:b1:
d5:a0:19:31:34:63:00:6e:15:35:c4:f1:6a:7a:92:
41:e8:ec:0f:e6:21:ed:35:2d:45:e7:bd:fe:cb:a3:
62:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:0B:08:02:0A:34:17:4E:4C:78:8C:04:09:23:6E:95:B2:CA:3B:03
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1wsIAgo0F05MeIwECSNulbLKOwM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
37:82:03:03:02:58:d8:41:b5:1b:5f:8e:1f:6b:4e:cd:f1:68:
eb:c2:13:42:28:ba:a4:fc:5f:10:8a:e4:d2:ec:98:bb:ee:59:
60:06:9a:62:e7:bd:ca:d9:77:db:5d:32:f4:d1:f5:76:7a:26:
83:8f:fe:f8:16:55:a0:0a:61:42:19:a5:4e:e8:c9:a6:76:58:
d0:4c:f9:86:e3:25:29:e6:d1:a3:0a:09:ab:ea:8f:be:5f:b8:
b2:83:ed:4f:91:1c:3b:0c:94:8e:de:9d:ce:f0:7d:7e:3f:67:
d1:7d:ac:89:e3:c5:cf:03:f6:c6:6c:94:7e:94:5a:b7:36:34:
2e:ac:4c:f6:ed:0d:97:f6:4a:9e:a2:ca:db:02:3c:d2:d0:9d:
4e:6e:1a:41:27:b1:d8:99:9e:24:3a:9e:39:79:f0:11:9d:bf:
f0:82:6d:66:7c:53:6b:dc:05:cf:3d:8e:72:81:69:ef:ef:cb:
ce:2e:07:ed:38:ee:45:35:ee:78:73:63:b2:dc:f0:82:b8:92:
08:31:c4:68:6e:4c:c2:65:25:fc:ab:9e:94:90:c1:e8:91:2a:
d8:f8:0c:5a:1e:ee:e5:08:2f:8d:4b:e1:01:d7:d1:7b:e6:0c:
71:d8:fc:49:f3:60:ae:f6:a6:2c:96:8a:c0:64:c3:73:ce:a6:
3d:d4:7d:dd
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeMwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTkx
MTEyNDZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEQ3MEIwODAyMEEzNDE3
NEU0Qzc4OEMwNDA5MjM2RTk1QjJDQTNCMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQChSp2/hMdIY9N1MLLUH+0KlW8881EsxpuhjqvmsUYV4vFtoBJI
JwQiJ9hudhBKPt+geTx7+80FPMwnOLK34KZnXIrn5MXdtQulD7oiXWXlRkENqBB5
GQEFEraD+9OuVu07ZXfW23xRKUQL8ZgAsVWNVf1MnKZubfeVWyzoCUsbJOPWqL7V
jKclwU4zq6WW+2U5ll0WaEyLtbDzoIB7Hcc5b4qR7C34KNhynG4wqbUZrar0nI94
EAKfXjqZleQC6MSpPf5iIkLOeCnREjXSiV3HqW8uzUtzH9OaWcUPxoZmsdWgGTE0
YwBuFTXE8Wp6kkHo7A/mIe01LUXnvf7Lo2LhAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU1wsIAgo0F05MeIwECSNulbLKOwMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzF3c0lBZ28wRjA1TWVJ
d0VDU051bGJMS093TS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA3ggMD
AljYQbUbX44fa07N8WjrwhNCKLqk/F8QiuTS7Ji77llgBppi573K2XfbXTL00fV2
eiaDj/74FlWgCmFCGaVO6MmmdljQTPmG4yUp5tGjCgmr6o++X7iyg+1PkRw7DJSO
3p3O8H1+P2fRfayJ48XPA/bGbJR+lFq3NjQurEz27Q2X9kqeosrbAjzS0J1ObhpB
J7HYmZ4kOp45efARnb/wgm1mfFNr3AXPPY5ygWnv78vOLgftOO5FNe54c2Oy3PCC
uJIIMcRobkzCZSX8q56UkMHokSrY+AxaHu7lCC+NS+EB19F75gxx2PxJ82Cu9qYs
lorAZMNzzqY91H3d
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:57:48 2025 by rpki-client