Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/41E91BfthFboSc9arViBN5MKB_Y.roa
File: 41E91BfthFboSc9arViBN5MKB_Y.roa (raw, json)
Hash identifier: ZJ2oD2WwIh6nsKFzeRkIUol+B6EB6PZF8WFIStyNSuw=
Subject key identifier: E3:51:3D:D4:17:ED:84:56:E8:49:CF:5A:AD:58:81:37:93:0A:07:F6
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7104
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/41E91BfthFboSc9arViBN5MKB_Y.roa
Signing time: Sat 28 Jun 2025 16:44:37 +0000
ROA not before: Sat 28 Jun 2025 16:44:37 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28932 (0x7104)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 28 16:44:37 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=E3513DD417ED8456E849CF5AAD588137930A07F6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:07:ad:46:6a:31:17:df:33:be:e9:69:e2:4a:
63:78:7b:25:00:e0:e3:ae:ce:48:ae:e3:02:6f:49:
fd:53:8a:1a:3a:78:ca:8f:2f:89:c7:32:7d:b4:cc:
10:99:ba:01:91:fb:22:2b:7b:c1:c0:b1:16:63:9f:
a8:d6:36:a6:b8:02:19:f2:0a:24:b4:5a:6f:98:4b:
98:68:e4:cc:90:eb:58:4d:34:00:43:66:b0:14:a0:
6d:82:e1:6b:5c:bb:51:e9:d1:f1:2f:e2:cd:72:35:
73:45:c9:b0:02:c6:57:bc:05:e1:be:1f:fc:00:3b:
e0:3b:57:ef:ad:2a:8d:46:69:de:57:7b:fa:cb:b7:
f8:9a:35:66:5b:31:2b:6e:9b:d3:59:e8:9c:89:a7:
b4:cc:f2:22:ec:83:13:a6:a2:cd:c6:8f:4f:6f:d9:
7f:cb:91:ea:80:99:65:ec:24:5e:19:36:9c:01:04:
dc:e4:e5:b8:f9:17:67:26:00:92:b7:00:42:30:17:
1d:43:d7:73:59:d3:e0:00:0e:68:57:a9:f2:f8:67:
c1:86:8e:a3:5b:06:1c:68:23:fa:cf:e3:d3:b5:ae:
c9:6c:64:d7:96:5c:e3:c3:f9:6a:a3:1b:e4:17:3a:
2d:0d:51:dc:9b:6a:bc:15:cf:a8:a2:d4:3e:cf:ce:
b0:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:51:3D:D4:17:ED:84:56:E8:49:CF:5A:AD:58:81:37:93:0A:07:F6
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/41E91BfthFboSc9arViBN5MKB_Y.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
72:3b:2d:8f:27:de:d1:7f:b5:cd:6f:30:7b:d9:24:1d:34:b9:
39:ce:92:6c:75:44:5a:91:3b:e8:ed:26:f2:34:75:5e:4e:91:
85:55:fd:b0:db:84:1e:9c:9c:34:fe:85:ba:b5:86:63:ad:f3:
f7:1b:2d:f1:a2:53:40:73:9d:42:1b:73:94:22:10:b7:2a:00:
d2:43:fc:0c:b7:ef:98:7c:e0:54:07:88:50:79:68:97:2b:7b:
16:76:c4:66:51:83:de:3d:0a:c3:ea:ae:84:82:44:f6:a8:9f:
ff:82:70:cf:9a:18:27:2c:64:03:7d:00:08:c3:1d:cb:02:2e:
63:bc:4a:31:a4:86:b9:44:f5:4e:b4:b0:ed:54:bc:46:5d:f1:
4a:07:76:83:88:dc:36:c2:2e:56:8c:77:ed:0d:80:8d:f0:35:
b0:86:77:39:3e:98:aa:8a:22:ac:60:dd:1c:9d:30:f0:07:8e:
f2:d2:ae:d5:bc:1a:70:ee:69:e1:76:27:cd:b9:01:d8:3e:16:
c4:03:b7:fc:63:49:70:c5:bd:89:5c:43:7b:c2:8f:5d:93:67:
cc:9b:18:36:37:95:0c:0b:a0:ce:b3:20:df:fe:b1:cf:f5:28:
a9:ca:93:4c:36:8b:e8:27:31:d9:ac:3e:c0:1b:e0:48:2b:99:
d2:7f:8e:47
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcQQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2Mjgx
NjQ0MzdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEUzNTEzREQ0MTdFRDg0
NTZFODQ5Q0Y1QUFENTg4MTM3OTMwQTA3RjYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDAB61GajEX3zO+6WniSmN4eyUA4OOuzkiu4wJvSf1Tiho6eMqP
L4nHMn20zBCZugGR+yIre8HAsRZjn6jWNqa4AhnyCiS0Wm+YS5ho5MyQ61hNNABD
ZrAUoG2C4Wtcu1Hp0fEv4s1yNXNFybACxle8BeG+H/wAO+A7V++tKo1Gad5Xe/rL
t/iaNWZbMStum9NZ6JyJp7TM8iLsgxOmos3Gj09v2X/LkeqAmWXsJF4ZNpwBBNzk
5bj5F2cmAJK3AEIwFx1D13NZ0+AADmhXqfL4Z8GGjqNbBhxoI/rP49O1rslsZNeW
XOPD+WqjG+QXOi0NUdybarwVz6ii1D7PzrADAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU41E91BfthFboSc9arViBN5MKB/YwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzQxRTkxQmZ0aEZib1Nj
OWFyVmlCTjVNS0JfWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQByOy2P
J97Rf7XNbzB72SQdNLk5zpJsdURakTvo7SbyNHVeTpGFVf2w24QenJw0/oW6tYZj
rfP3Gy3xolNAc51CG3OUIhC3KgDSQ/wMt++YfOBUB4hQeWiXK3sWdsRmUYPePQrD
6q6EgkT2qJ//gnDPmhgnLGQDfQAIwx3LAi5jvEoxpIa5RPVOtLDtVLxGXfFKB3aD
iNw2wi5WjHftDYCN8DWwhnc5PpiqiiKsYN0cnTDwB47y0q7VvBpw7mnhdifNuQHY
PhbEA7f8Y0lwxb2JXEN7wo9dk2fMmxg2N5UMC6DOsyDf/rHP9SipypNMNovoJzHZ
rD7AG+BIK5nSf45H
-----END CERTIFICATE-----
Generated at Sun Jul 20 16:33:45 2025 by rpki-client