Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/2nTYpGZidWsj4yCDOm3ZVOGSeXU.roa
File: 2nTYpGZidWsj4yCDOm3ZVOGSeXU.roa (raw, json)
Hash identifier: OA3XX5kPH4Z2ZafnMKt4ouYw+J7rN8Ocf3VJE9gKl6o=
Subject key identifier: DA:74:D8:A4:66:62:75:6B:23:E3:20:83:3A:6D:D9:54:E1:92:79:75
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 731C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2nTYpGZidWsj4yCDOm3ZVOGSeXU.roa
Signing time: Fri 04 Jul 2025 06:45:30 +0000
ROA not before: Fri 04 Jul 2025 06:45:30 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29468 (0x731c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 4 06:45:30 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=DA74D8A46662756B23E320833A6DD954E1927975
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:af:08:09:ee:0b:a9:55:69:af:a1:25:fa:51:
28:3f:88:3a:a0:3d:87:a2:e2:ca:2e:ce:ed:f3:99:
42:8a:e3:0f:28:c4:d8:32:10:dd:e4:5c:af:80:8e:
d4:06:16:8d:00:80:7f:d6:e7:62:72:11:fe:23:d3:
84:26:af:e1:a2:54:ff:77:57:19:0e:be:0e:60:dd:
71:3b:38:64:61:b8:99:d4:e7:49:f1:dd:51:fd:bc:
a9:31:ae:f3:4d:24:d4:14:ad:24:27:bd:27:8f:f9:
ed:da:09:41:0d:61:e9:40:57:2f:c8:69:40:f3:b2:
7f:43:8d:79:8f:6c:54:ef:cf:30:c6:ec:41:7f:fc:
b1:de:48:4d:3b:40:53:53:b0:ca:e1:8a:78:19:34:
5e:c3:03:fb:3e:ee:7d:4f:e9:9c:d6:db:7a:95:5b:
3b:f7:46:02:35:34:ed:68:c9:a6:60:79:25:e4:d4:
c3:12:46:15:a7:91:d4:b0:27:b1:da:ba:89:6d:a1:
50:bc:86:f7:a4:2c:1c:22:14:9b:90:92:e0:28:72:
9b:7f:05:23:05:89:ca:c4:7b:30:bd:b8:67:99:9f:
6d:a8:f9:01:b3:c2:f0:b7:1c:d2:31:6c:12:90:a3:
7a:e0:03:1d:be:7d:12:85:cb:1b:db:fc:b6:fd:8b:
8a:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:74:D8:A4:66:62:75:6B:23:E3:20:83:3A:6D:D9:54:E1:92:79:75
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2nTYpGZidWsj4yCDOm3ZVOGSeXU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
51:1c:c0:11:02:73:9d:32:09:07:6d:d9:da:02:a0:fa:55:f9:
e1:a7:76:9e:85:d4:fc:3b:95:b8:86:03:5c:ea:52:f2:ee:28:
43:df:ac:f9:64:ce:f8:f6:0e:46:1b:cc:a7:87:49:59:82:e3:
54:65:6c:4f:ee:65:14:fd:fb:cf:a4:41:61:0b:e5:fa:44:c0:
04:f2:41:09:8f:77:bd:cb:0f:c9:a1:ca:2a:80:73:30:06:85:
9b:78:2e:ba:42:5b:a8:19:d8:dc:91:24:19:23:fd:45:69:6d:
d6:cd:35:46:c4:b6:7b:28:0d:bb:c6:80:7c:e3:91:d5:25:5d:
33:a9:43:0d:19:67:75:1e:4c:4e:49:e7:64:bc:4f:fc:72:22:
bb:8d:53:16:49:b3:d7:53:85:f2:f7:43:9f:c2:8d:d7:79:4c:
dc:eb:a8:e7:86:f1:86:9d:99:e2:5f:0e:fc:16:e2:51:cd:76:
20:25:5c:56:e6:69:da:73:ed:b1:2a:a6:a4:be:c3:52:1b:f0:
9e:9b:24:37:de:4b:3c:4a:2d:4b:4e:96:8c:59:c8:2a:d4:b2:
ff:99:82:1e:0b:f2:02:85:d8:47:47:bb:cc:40:2a:d6:9f:ed:
80:3b:72:ed:f2:2c:47:61:92:76:d3:44:7d:c5:e8:26:b7:dc:
c2:64:99:c2
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcxwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDQw
NjQ1MzBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKERBNzREOEE0NjY2Mjc1
NkIyM0UzMjA4MzNBNkREOTU0RTE5Mjc5NzUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDRrwgJ7gupVWmvoSX6USg/iDqgPYei4souzu3zmUKK4w8oxNgy
EN3kXK+AjtQGFo0AgH/W52JyEf4j04Qmr+GiVP93VxkOvg5g3XE7OGRhuJnU50nx
3VH9vKkxrvNNJNQUrSQnvSeP+e3aCUENYelAVy/IaUDzsn9DjXmPbFTvzzDG7EF/
/LHeSE07QFNTsMrhingZNF7DA/s+7n1P6ZzW23qVWzv3RgI1NO1oyaZgeSXk1MMS
RhWnkdSwJ7HauoltoVC8hvekLBwiFJuQkuAocpt/BSMFicrEezC9uGeZn22o+QGz
wvC3HNIxbBKQo3rgAx2+fRKFyxvb/Lb9i4rhAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU2nTYpGZidWsj4yCDOm3ZVOGSeXUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzJuVFlwR1ppZFdzajR5
Q0RPbTNaVk9HU2VYVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBRHMAR
AnOdMgkHbdnaAqD6Vfnhp3aehdT8O5W4hgNc6lLy7ihD36z5ZM749g5GG8ynh0lZ
guNUZWxP7mUU/fvPpEFhC+X6RMAE8kEJj3e9yw/JocoqgHMwBoWbeC66QluoGdjc
kSQZI/1FaW3WzTVGxLZ7KA27xoB845HVJV0zqUMNGWd1HkxOSedkvE/8ciK7jVMW
SbPXU4Xy90Ofwo3XeUzc66jnhvGGnZniXw78FuJRzXYgJVxW5mnac+2xKqakvsNS
G/CemyQ33ks8Si1LTpaMWcgq1LL/mYIeC/IChdhHR7vMQCrWn+2AO3Lt8ixHYZJ2
00R9xegmt9zCZJnC
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:34:00 2025 by rpki-client