Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/29kI09Sm4JeKEJZsHsaT9FcT50Y.roa
File: 29kI09Sm4JeKEJZsHsaT9FcT50Y.roa (raw, json)
Hash identifier: KeD00gHEVesb9jBg2qhs+lNsURoov9trx5CJ2ECs1FQ=
Subject key identifier: DB:D9:08:D3:D4:A6:E0:97:8A:10:96:6C:1E:C6:93:F4:57:13:E7:46
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 781C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/29kI09Sm4JeKEJZsHsaT9FcT50Y.roa
Signing time: Thu 17 Jul 2025 15:14:44 +0000
ROA not before: Thu 17 Jul 2025 15:14:44 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30748 (0x781c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 17 15:14:44 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=DBD908D3D4A6E0978A10966C1EC693F45713E746
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:d1:c8:bb:35:7f:bb:4a:bf:15:77:b3:67:d3:
01:b2:27:33:a1:f8:10:14:22:5e:fc:78:24:12:e7:
e0:5c:f8:b0:b3:c3:3e:fa:4c:02:d9:f1:3d:34:20:
a1:aa:dd:e4:2d:ff:08:17:9d:e5:2c:e4:5b:11:eb:
8d:2c:1c:c9:22:00:b5:fa:2d:fe:db:c7:c4:82:22:
e7:17:e9:ac:0b:d1:1c:c3:10:f8:8c:a9:df:42:18:
f5:85:f9:e6:02:20:05:10:b8:af:02:aa:d5:5f:01:
86:c0:69:02:b8:74:0d:57:02:3f:ae:96:dd:00:97:
f9:02:a8:24:70:52:98:96:ce:ff:a2:08:49:96:23:
6d:28:1b:43:e2:e2:3d:d2:ce:f3:8e:df:e7:31:4b:
f3:65:b0:19:fa:e9:7f:bb:8e:2e:6f:6f:d4:64:c5:
16:45:d4:a1:3b:0d:36:e8:74:53:e9:0e:aa:ed:29:
91:fa:82:8f:cb:9e:a4:2f:bc:c7:c9:da:26:25:56:
0a:90:bb:b9:d5:ce:ab:a0:38:05:c3:d2:54:8a:6a:
fd:7e:b9:77:61:68:2a:ba:91:60:79:e2:55:18:8e:
31:6f:e1:b8:95:c5:54:b9:8c:e3:67:37:63:ed:fe:
bc:3f:e9:eb:1b:64:c9:54:88:5c:fc:fa:1f:52:96:
e4:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:D9:08:D3:D4:A6:E0:97:8A:10:96:6C:1E:C6:93:F4:57:13:E7:46
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/29kI09Sm4JeKEJZsHsaT9FcT50Y.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
6b:93:39:bb:2a:25:6b:ec:33:cb:90:d2:c8:5d:67:5b:55:52:
9d:ef:59:13:52:08:39:41:0f:cf:e2:d8:f0:3e:6d:44:62:1f:
a0:b6:db:ce:fe:21:46:64:cd:50:2a:2d:0e:35:21:eb:ba:33:
dc:bd:3a:6a:11:c7:67:e2:40:5d:52:ad:fd:fa:d0:bf:18:fc:
de:03:f3:48:b3:8e:ad:b0:ac:59:c3:7a:70:ee:2e:45:1f:19:
bb:c8:3e:bf:a9:32:e8:65:1b:c0:2a:10:ae:a0:41:2d:50:35:
4a:0f:dc:91:5c:ad:cd:c1:b1:97:c9:06:61:a9:d6:71:f7:ee:
58:05:43:20:24:a8:27:9c:df:85:d5:18:1a:73:44:fb:f8:53:
a7:ca:2b:5e:d2:52:6e:fb:72:4b:1e:18:ad:a6:8a:e2:1b:1b:
8e:74:5b:59:8e:2b:e6:33:15:65:ef:9b:5e:d0:a3:af:9b:4d:
db:e1:c0:1d:0e:a4:3c:d9:46:64:32:3b:a8:12:7a:26:72:a3:
63:cf:1a:f5:1c:63:c6:dd:49:b8:11:c3:77:4f:9c:9c:eb:ee:
bb:47:e6:0d:34:af:a6:f5:cb:56:95:37:5c:41:e8:9a:8e:b7:
42:e3:ad:4b:07:c2:d7:4a:e1:e0:6e:13:73:e8:01:c8:9a:f7:
7b:b5:b9:da
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeBwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTcx
NTE0NDRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKERCRDkwOEQzRDRBNkUw
OTc4QTEwOTY2QzFFQzY5M0Y0NTcxM0U3NDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDi0ci7NX+7Sr8Vd7Nn0wGyJzOh+BAUIl78eCQS5+Bc+LCzwz76
TALZ8T00IKGq3eQt/wgXneUs5FsR640sHMkiALX6Lf7bx8SCIucX6awL0RzDEPiM
qd9CGPWF+eYCIAUQuK8CqtVfAYbAaQK4dA1XAj+ult0Al/kCqCRwUpiWzv+iCEmW
I20oG0Pi4j3SzvOO3+cxS/NlsBn66X+7ji5vb9RkxRZF1KE7DTbodFPpDqrtKZH6
go/LnqQvvMfJ2iYlVgqQu7nVzqugOAXD0lSKav1+uXdhaCq6kWB54lUYjjFv4biV
xVS5jONnN2Pt/rw/6esbZMlUiFz8+h9SluRBAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU29kI09Sm4JeKEJZsHsaT9FcT50YwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzI5a0kwOVNtNEplS0VK
WnNIc2FUOUZjVDUwWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBrkzm7
KiVr7DPLkNLIXWdbVVKd71kTUgg5QQ/P4tjwPm1EYh+gttvO/iFGZM1QKi0ONSHr
ujPcvTpqEcdn4kBdUq39+tC/GPzeA/NIs46tsKxZw3pw7i5FHxm7yD6/qTLoZRvA
KhCuoEEtUDVKD9yRXK3NwbGXyQZhqdZx9+5YBUMgJKgnnN+F1Rgac0T7+FOnyite
0lJu+3JLHhitporiGxuOdFtZjivmMxVl75te0KOvm03b4cAdDqQ82UZkMjuoEnom
cqNjzxr1HGPG3Um4EcN3T5yc6+67R+YNNK+m9ctWlTdcQeiajrdC461LB8LXSuHg
bhNz6AHImvd7tbna
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:45:52 2025 by rpki-client