Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/2nbeQoR07CzP9Ybj4trduSMR5lA.roa
File: 2nbeQoR07CzP9Ybj4trduSMR5lA.roa (raw, json)
Hash identifier: RXEemn84hRuPyWfUhFfr2oe0ncnvWFqcHu367+aVAEY=
Subject key identifier: DA:76:DE:42:84:74:EC:2C:CF:F5:86:E3:E2:DA:DD:B9:23:11:E6:50
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 73F6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2nbeQoR07CzP9Ybj4trduSMR5lA.roa
Signing time: Sun 06 Jul 2025 13:14:55 +0000
ROA not before: Sun 06 Jul 2025 13:14:55 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29686 (0x73f6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 6 13:14:55 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=DA76DE428474EC2CCFF586E3E2DADDB92311E650
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:91:73:ad:97:4c:b5:f7:8f:f5:78:06:cf:e7:
e0:44:17:92:81:27:9e:b1:9a:4d:51:97:c4:45:1c:
cd:5d:69:f2:d3:13:e5:bc:2b:34:6a:d0:4a:02:1f:
71:a9:14:9c:13:95:6d:c1:c4:e0:4f:07:5b:ca:b7:
98:1a:7e:44:90:29:67:c1:ad:6f:eb:1c:b6:ad:3d:
a5:bf:10:7b:82:4c:5d:bc:08:41:d4:5a:1c:45:00:
bd:fa:88:9e:06:37:2a:d1:67:bf:bd:97:4a:94:81:
c6:25:bb:be:ac:27:f7:41:e6:cc:87:ef:ba:66:87:
d1:5a:9b:5f:78:c2:e2:6b:b5:0e:d2:52:52:8c:fa:
1d:a4:02:0f:23:0f:2b:4d:1c:92:2e:de:cd:9c:37:
11:a2:c9:75:44:d8:d5:25:7d:99:62:9f:b1:ac:39:
dd:8c:19:59:6c:a5:72:34:d6:06:23:d2:02:0d:e9:
ba:42:f2:b3:1e:02:00:4f:55:64:c7:70:dc:09:4e:
d4:d4:de:3f:45:a7:41:54:67:fc:34:39:0f:cb:28:
5d:84:e3:4f:41:65:48:9b:58:9d:db:f6:be:7e:d2:
4d:ec:24:6b:15:9f:fc:27:7e:7f:34:5d:a6:57:a4:
63:e9:f2:90:2c:36:14:67:fa:19:73:7e:3e:29:71:
31:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:76:DE:42:84:74:EC:2C:CF:F5:86:E3:E2:DA:DD:B9:23:11:E6:50
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2nbeQoR07CzP9Ybj4trduSMR5lA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
23:40:22:ef:b8:66:f8:d1:a1:81:7b:3a:4c:77:40:0c:77:e0:
c2:02:d2:64:b0:2e:14:a8:35:d4:2c:f8:3d:fe:cb:37:12:8d:
7a:95:d7:71:e4:a4:3f:a0:df:c7:73:d3:05:6f:39:99:78:c4:
b3:eb:2e:6c:c7:31:c4:10:11:a3:d2:7c:51:bc:a1:43:39:8e:
e4:c7:b3:39:5d:05:1f:89:d9:27:9b:9c:6d:c7:6d:ce:3d:42:
21:6d:8f:15:c6:93:ab:d9:b3:3e:50:47:7e:fe:88:09:02:fd:
fd:2a:8b:25:9e:2d:05:1c:d1:f2:8e:9e:04:5b:00:e7:e7:ad:
da:d6:11:f4:44:08:c2:c9:e0:88:35:56:02:67:7c:74:0d:e6:
0f:d8:ab:c9:d4:ce:1a:3e:6a:e1:34:c0:de:b9:00:9f:45:22:
1e:4d:43:f8:62:82:66:a9:f3:25:17:07:2e:c0:ab:c7:7a:36:
a1:28:4f:37:bc:25:e8:37:f0:f5:a8:ea:bc:c3:1b:94:cd:16:
f7:4a:5b:d0:4d:b7:53:60:7f:49:e8:22:33:ac:60:6f:69:e3:
86:b6:5f:8b:f6:48:83:f9:0e:2f:de:81:f1:24:fa:19:9c:5c:
b5:d0:5c:c8:52:b1:3b:ab:d5:fd:36:c3:54:8f:4b:05:54:15:
45:57:ac:3a
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICc/YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDYx
MzE0NTVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKERBNzZERTQyODQ3NEVD
MkNDRkY1ODZFM0UyREFEREI5MjMxMUU2NTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDLkXOtl0y194/1eAbP5+BEF5KBJ56xmk1Rl8RFHM1dafLTE+W8
KzRq0EoCH3GpFJwTlW3BxOBPB1vKt5gafkSQKWfBrW/rHLatPaW/EHuCTF28CEHU
WhxFAL36iJ4GNyrRZ7+9l0qUgcYlu76sJ/dB5syH77pmh9Fam194wuJrtQ7SUlKM
+h2kAg8jDytNHJIu3s2cNxGiyXVE2NUlfZlin7GsOd2MGVlspXI01gYj0gIN6bpC
8rMeAgBPVWTHcNwJTtTU3j9Fp0FUZ/w0OQ/LKF2E409BZUibWJ3b9r5+0k3sJGsV
n/wnfn80XaZXpGPp8pAsNhRn+hlzfj4pcTF3AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU2nbeQoR07CzP9Ybj4trduSMR5lAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzJuYmVRb1IwN0N6UDlZ
Ymo0dHJkdVNNUjVsQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAjQCLv
uGb40aGBezpMd0AMd+DCAtJksC4UqDXULPg9/ss3Eo16lddx5KQ/oN/Hc9MFbzmZ
eMSz6y5sxzHEEBGj0nxRvKFDOY7kx7M5XQUfidknm5xtx23OPUIhbY8VxpOr2bM+
UEd+/ogJAv39Koslni0FHNHyjp4EWwDn563a1hH0RAjCyeCINVYCZ3x0DeYP2KvJ
1M4aPmrhNMDeuQCfRSIeTUP4YoJmqfMlFwcuwKvHejahKE83vCXoN/D1qOq8wxuU
zRb3SlvQTbdTYH9J6CIzrGBvaeOGtl+L9kiD+Q4v3oHxJPoZnFy10FzIUrE7q9X9
NsNUj0sFVBVFV6w6
-----END CERTIFICATE-----
Generated at Sun Jul 20 19:05:43 2025 by rpki-client