Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/2SDqUZ_u3CkILgVbEK1FmLprM5o.roa
File: 2SDqUZ_u3CkILgVbEK1FmLprM5o.roa (raw, json)
Hash identifier: +6GP07nV1uDSp3d7F1q/PVA9+5ZSjpiMbEDO4Ot0j1o=
Subject key identifier: D9:20:EA:51:9F:EE:DC:29:08:2E:05:5B:10:AD:45:98:BA:6B:33:9A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7282
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2SDqUZ_u3CkILgVbEK1FmLprM5o.roa
Signing time: Wed 02 Jul 2025 16:14:57 +0000
ROA not before: Wed 02 Jul 2025 16:14:57 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29314 (0x7282)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 2 16:14:57 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=D920EA519FEEDC29082E055B10AD4598BA6B339A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:22:01:ae:02:4b:b7:09:5d:61:66:30:96:97:
1d:0b:54:b9:fe:ce:99:a4:8c:06:69:ae:f7:7b:96:
de:4e:11:3a:bc:5d:8c:d7:d8:7c:21:da:3e:41:8b:
f9:99:0a:df:6d:df:89:63:6c:72:2e:27:5d:7a:4e:
ae:c6:8b:52:fb:41:af:23:f1:5f:c1:95:8e:d7:0d:
d5:36:9b:11:af:af:b0:5a:d7:38:21:0d:11:10:91:
02:80:ff:4c:f0:db:ca:ac:be:6e:bd:a1:a8:e1:8c:
cc:27:fe:f1:8f:1d:8f:ea:7c:19:77:72:3d:07:92:
16:1f:ce:d5:eb:04:a3:13:14:61:98:8b:dd:42:0e:
e2:8b:f1:9e:62:72:76:4e:ab:d1:ef:86:30:d8:75:
bf:5e:af:c8:e3:37:19:e7:b4:d7:98:43:11:87:bb:
2d:5f:91:84:6f:ba:2c:a4:7c:ed:ee:b0:1d:42:97:
68:80:6e:50:76:20:c0:a1:39:4e:54:83:9f:70:c9:
74:a3:e5:f0:3f:38:bf:32:f0:5e:70:17:de:7e:97:
4f:93:f0:c1:f4:0c:c1:5f:fe:da:cd:1c:da:9c:e4:
8a:c0:3b:50:15:bd:16:6b:82:7a:f5:3f:3f:91:34:
cf:88:59:43:4c:47:bf:41:96:e2:90:55:f1:f1:ff:
d8:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:20:EA:51:9F:EE:DC:29:08:2E:05:5B:10:AD:45:98:BA:6B:33:9A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2SDqUZ_u3CkILgVbEK1FmLprM5o.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
4b:f6:eb:d7:1d:fa:47:23:0a:e6:95:4a:0c:36:f7:3e:6b:c4:
5f:ac:f5:5a:a0:f8:5c:5c:57:ad:c3:e5:97:71:8b:25:2e:ec:
f4:50:86:51:ba:dd:39:3d:b8:3d:e6:54:cb:08:af:c1:97:d0:
5c:09:8d:c5:29:65:86:30:3e:c0:a6:69:78:bd:38:90:de:8b:
29:42:09:51:cb:61:63:80:22:95:4a:48:8a:0d:63:b8:3e:3d:
ef:b3:68:50:b3:80:57:28:fe:ae:b3:93:79:12:6c:71:5f:1e:
d8:3b:48:51:4a:12:ab:ef:47:a1:ef:0c:2e:ce:92:7e:d2:98:
ad:26:ae:e2:07:b8:1d:a7:51:3b:e9:4e:22:c5:99:a9:a3:f7:
de:62:b7:48:76:9e:6a:a0:62:d4:41:f0:13:d8:f7:e6:05:d4:
b3:1c:3a:8a:5e:da:88:91:05:58:f0:30:8c:04:61:00:3f:c2:
94:6b:e7:b9:d4:a2:5e:e9:12:6c:a3:bf:62:85:4c:c4:9b:94:
8d:13:83:35:9f:22:22:01:41:21:8c:4c:87:31:30:40:67:a5:
d9:a2:b4:2a:18:b2:66:9c:e3:22:2c:ef:8a:90:ce:df:31:8a:
39:c8:0e:59:6f:e3:76:bf:98:ea:5e:a3:fe:3b:4d:99:81:32:
33:80:05:a7
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcoIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDIx
NjE0NTdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEQ5MjBFQTUxOUZFRURD
MjkwODJFMDU1QjEwQUQ0NTk4QkE2QjMzOUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQClIgGuAku3CV1hZjCWlx0LVLn+zpmkjAZprvd7lt5OETq8XYzX
2Hwh2j5Bi/mZCt9t34ljbHIuJ116Tq7Gi1L7Qa8j8V/BlY7XDdU2mxGvr7Ba1zgh
DREQkQKA/0zw28qsvm69oajhjMwn/vGPHY/qfBl3cj0HkhYfztXrBKMTFGGYi91C
DuKL8Z5icnZOq9HvhjDYdb9er8jjNxnntNeYQxGHuy1fkYRvuiykfO3usB1Cl2iA
blB2IMChOU5Ug59wyXSj5fA/OL8y8F5wF95+l0+T8MH0DMFf/trNHNqc5IrAO1AV
vRZrgnr1Pz+RNM+IWUNMR79BluKQVfHx/9ivAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU2SDqUZ/u3CkILgVbEK1FmLprM5owHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzJTRHFVWl91M0NrSUxn
VmJFSzFGbUxwck01by5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBL9uvX
HfpHIwrmlUoMNvc+a8RfrPVaoPhcXFetw+WXcYslLuz0UIZRut05Pbg95lTLCK/B
l9BcCY3FKWWGMD7Apml4vTiQ3ospQglRy2FjgCKVSkiKDWO4Pj3vs2hQs4BXKP6u
s5N5EmxxXx7YO0hRShKr70eh7wwuzpJ+0pitJq7iB7gdp1E76U4ixZmpo/feYrdI
dp5qoGLUQfAT2PfmBdSzHDqKXtqIkQVY8DCMBGEAP8KUa+e51KJe6RJso79ihUzE
m5SNE4M1nyIiAUEhjEyHMTBAZ6XZorQqGLJmnOMiLO+KkM7fMYo5yA5Zb+N2v5jq
XqP+O02ZgTIzgAWn
-----END CERTIFICATE-----
Generated at Sun Jul 20 16:21:34 2025 by rpki-client