Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/2vHfdFJV0o_xxK_qx9Nzqoy9nOs.roa
File: 2vHfdFJV0o_xxK_qx9Nzqoy9nOs.roa (raw, json)
Hash identifier: 7CTKGhsNOhX5FmjRFBSPQbiCV3W9PZwxEWAvmKJM+4Q=
Subject key identifier: DA:F1:DF:74:52:55:D2:8F:F1:C4:AF:EA:C7:D3:73:AA:8C:BD:9C:EB
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7488
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2vHfdFJV0o_xxK_qx9Nzqoy9nOs.roa
Signing time: Tue 08 Jul 2025 01:45:01 +0000
ROA not before: Tue 08 Jul 2025 01:45:01 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29832 (0x7488)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 8 01:45:01 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=DAF1DF745255D28FF1C4AFEAC7D373AA8CBD9CEB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:55:6c:69:08:c2:00:53:ff:8f:d0:88:6e:4c:
ea:65:21:c2:db:d5:e4:b0:08:8d:63:11:b3:33:d0:
27:65:95:cd:5d:07:d0:1f:8b:01:dc:0b:98:ef:b3:
fb:93:b7:6b:f5:7a:b1:16:19:2b:c2:75:32:01:c0:
8f:3d:5f:c3:32:2e:83:44:50:64:1c:71:c0:e4:c5:
5c:61:4d:ac:2c:83:32:5d:19:da:6a:f5:ed:73:b0:
db:a4:94:05:4b:31:79:f8:9f:d0:8f:e3:12:ee:59:
57:b9:29:e0:b0:e5:27:99:bc:a5:67:43:f4:73:22:
80:20:2a:ff:b3:70:d4:48:18:58:68:96:1c:ab:cc:
d6:37:28:3b:b2:26:52:3a:34:ca:5e:04:bf:2d:4c:
db:d6:79:c8:62:c8:90:b8:41:4b:c3:d2:cf:f7:51:
07:0b:e5:08:19:b2:c8:58:95:11:23:80:fc:34:b2:
4d:e5:20:4d:35:7e:47:36:be:20:0d:6b:9d:f7:e6:
ec:4b:3a:75:e2:cd:d5:11:05:9e:9b:e1:4f:a5:6f:
ce:fd:cb:9c:83:e6:d1:b1:56:23:a2:81:02:3e:ee:
95:ea:19:8a:3c:3e:a7:e6:9d:d3:0e:d0:e9:56:11:
ea:46:bf:31:ff:cc:af:bb:e3:0c:14:10:5f:4f:3d:
a6:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:F1:DF:74:52:55:D2:8F:F1:C4:AF:EA:C7:D3:73:AA:8C:BD:9C:EB
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2vHfdFJV0o_xxK_qx9Nzqoy9nOs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
86:4b:f9:28:a1:a8:98:42:ee:83:35:31:56:db:6c:6e:ce:32:
2e:d0:3d:bb:6c:33:0b:ab:73:bb:f4:a0:f8:ee:6c:48:4d:f1:
85:89:bc:06:36:ce:7b:86:39:a2:25:41:73:89:1c:32:07:21:
0b:f2:2e:0f:1d:a0:5f:e8:6f:97:4b:32:08:0e:e5:78:6b:b3:
f3:bd:05:c7:ae:60:65:ff:67:b5:94:b3:b9:05:6e:c4:ff:49:
ef:e6:ac:2d:fa:b4:3f:13:24:83:7b:55:d0:eb:b6:2c:81:99:
85:c3:98:d0:c6:d7:1c:94:b5:12:d3:9b:19:02:c1:04:f2:d6:
08:3d:91:e6:3e:7e:9f:5e:3a:83:03:e9:b8:16:83:0f:1d:cf:
5d:e1:f3:27:5f:48:5a:94:01:8b:65:bc:9a:d9:f3:0d:c3:8d:
13:18:21:7c:16:45:d5:97:1a:b6:11:dc:10:57:fc:58:4d:f2:
5a:2e:ee:43:e5:76:b7:63:4f:64:0b:1c:38:39:ba:d6:e7:51:
02:bd:19:9e:3d:6d:a7:52:cf:0b:50:92:8a:36:02:d2:64:3a:
f4:ce:59:28:d6:4b:f8:e9:c1:19:a6:40:9d:d8:cb:c4:2b:6f:
d5:01:f7:b0:ec:5d:e5:f8:bd:c8:ce:79:90:4c:e6:7c:0d:b2:
78:c1:59:e0
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdIgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDgw
MTQ1MDFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKERBRjFERjc0NTI1NUQy
OEZGMUM0QUZFQUM3RDM3M0FBOENCRDlDRUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/VWxpCMIAU/+P0IhuTOplIcLb1eSwCI1jEbMz0Cdllc1dB9Af
iwHcC5jvs/uTt2v1erEWGSvCdTIBwI89X8MyLoNEUGQcccDkxVxhTawsgzJdGdpq
9e1zsNuklAVLMXn4n9CP4xLuWVe5KeCw5SeZvKVnQ/RzIoAgKv+zcNRIGFholhyr
zNY3KDuyJlI6NMpeBL8tTNvWechiyJC4QUvD0s/3UQcL5QgZsshYlREjgPw0sk3l
IE01fkc2viANa5335uxLOnXizdURBZ6b4U+lb879y5yD5tGxViOigQI+7pXqGYo8
PqfmndMO0OlWEepGvzH/zK+74wwUEF9PPaarAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU2vHfdFJV0o/xxK/qx9Nzqoy9nOswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzJ2SGZkRkpWMG9feHhL
X3F4OU56cW95OW5Pcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCGS/ko
oaiYQu6DNTFW22xuzjIu0D27bDMLq3O79KD47mxITfGFibwGNs57hjmiJUFziRwy
ByEL8i4PHaBf6G+XSzIIDuV4a7PzvQXHrmBl/2e1lLO5BW7E/0nv5qwt+rQ/EySD
e1XQ67YsgZmFw5jQxtcclLUS05sZAsEE8tYIPZHmPn6fXjqDA+m4FoMPHc9d4fMn
X0halAGLZbya2fMNw40TGCF8FkXVlxq2EdwQV/xYTfJaLu5D5Xa3Y09kCxw4ObrW
51ECvRmePW2nUs8LUJKKNgLSZDr0zlko1kv46cEZpkCd2MvEK2/VAfew7F3l+L3I
znmQTOZ8DbJ4wVng
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:40:14 2025 by rpki-client