Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/4NRO7NbASeb1oB-r2gVyJIrk0_k.roa
File: 4NRO7NbASeb1oB-r2gVyJIrk0_k.roa (raw, json)
Hash identifier: GVApUWlY3adccjnGjATzLZ2Yps0qKzDKhh89COQEC1Y=
Subject key identifier: E0:D4:4E:EC:D6:C0:49:E6:F5:A0:1F:AB:DA:05:72:24:8A:E4:D3:F9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 72CA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4NRO7NbASeb1oB-r2gVyJIrk0_k.roa
Signing time: Thu 03 Jul 2025 10:14:57 +0000
ROA not before: Thu 03 Jul 2025 10:14:57 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29386 (0x72ca)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 3 10:14:57 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=E0D44EECD6C049E6F5A01FABDA0572248AE4D3F9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:0b:d4:4c:a1:9d:8f:fd:10:ac:4b:8b:cf:8a:
47:d5:45:af:2e:ee:c8:38:2f:d4:99:bd:1d:3f:51:
b8:09:cc:8f:ee:31:5c:96:0f:8c:d8:a0:65:76:a3:
01:9b:03:46:79:d8:ce:73:e9:4c:d4:43:5e:0c:ab:
f2:00:59:9d:2c:ec:4d:4d:0c:19:a5:52:eb:7b:91:
7a:75:79:04:a7:e3:da:a6:8c:5e:fb:ab:b4:82:5a:
7a:03:65:88:3a:76:b2:5b:22:f8:b7:09:b9:82:88:
a6:ee:b9:e3:6b:27:c9:84:d4:57:73:d5:05:16:c3:
b8:e7:97:9f:11:08:f4:30:3f:0d:c3:16:44:71:11:
d8:6d:d9:d3:64:b5:c9:c8:27:d1:4a:58:ee:0c:af:
5b:5f:a8:76:2a:e9:33:3f:c0:b2:47:fa:b4:78:99:
26:a8:81:bf:bd:ec:a0:36:91:b5:b8:83:f2:6f:d5:
f5:68:8d:04:3b:69:56:df:ab:1b:07:13:19:ce:4e:
71:18:b8:34:6c:2b:95:b1:4b:04:5c:d8:54:83:ea:
c0:f8:4c:0e:0a:e9:14:31:0b:b9:cf:93:80:55:42:
00:e4:c2:aa:8f:d9:76:82:9a:85:9a:0d:72:09:01:
1e:00:e6:87:3a:2c:e4:d4:38:74:86:8e:df:21:ee:
d4:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:D4:4E:EC:D6:C0:49:E6:F5:A0:1F:AB:DA:05:72:24:8A:E4:D3:F9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4NRO7NbASeb1oB-r2gVyJIrk0_k.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
8a:a0:81:dc:6f:ad:29:c9:0c:90:ab:92:9d:f7:c6:99:20:81:
7c:a1:3b:98:37:e8:d7:a9:87:59:c9:77:27:3f:75:e1:89:e5:
3e:db:7a:62:74:dd:d1:7f:5d:ea:e1:31:72:43:be:54:66:55:
5e:17:22:c6:13:c5:9a:a7:43:77:61:64:63:e7:c8:aa:74:9a:
f4:ca:88:e4:de:1f:a6:b1:87:37:f0:c2:99:6d:d7:1b:49:cf:
ea:e3:75:50:dc:51:36:a3:e3:eb:7e:90:33:03:1b:d8:a9:3b:
24:95:62:83:8e:7b:d2:b3:7b:81:bb:59:6c:cd:0a:47:66:e0:
d7:42:f0:25:77:dc:41:2e:4c:98:d6:74:4a:5e:5b:7d:fd:2d:
a1:00:01:0a:8c:e6:9d:33:e3:d9:98:23:8f:38:34:7a:4d:48:
81:1c:44:16:cb:1f:f5:31:1d:5f:a4:94:e9:ea:cb:5a:ce:90:
d0:e6:54:db:03:55:32:cd:1a:aa:80:65:5a:d6:72:1e:9d:57:
ce:17:4c:e2:34:ee:18:bf:dd:a7:ee:44:a5:4f:47:52:bb:99:
52:8a:14:0e:c4:39:ee:9c:17:da:98:86:90:13:e2:05:f9:39:
fd:fa:d9:d1:f3:99:37:4a:2b:81:50:ca:d8:a9:88:b8:87:fe:
c7:b9:b9:58
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcsowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDMx
MDE0NTdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEUwRDQ0RUVDRDZDMDQ5
RTZGNUEwMUZBQkRBMDU3MjI0OEFFNEQzRjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC5C9RMoZ2P/RCsS4vPikfVRa8u7sg4L9SZvR0/UbgJzI/uMVyW
D4zYoGV2owGbA0Z52M5z6UzUQ14Mq/IAWZ0s7E1NDBmlUut7kXp1eQSn49qmjF77
q7SCWnoDZYg6drJbIvi3CbmCiKbuueNrJ8mE1Fdz1QUWw7jnl58RCPQwPw3DFkRx
Edht2dNktcnIJ9FKWO4Mr1tfqHYq6TM/wLJH+rR4mSaogb+97KA2kbW4g/Jv1fVo
jQQ7aVbfqxsHExnOTnEYuDRsK5WxSwRc2FSD6sD4TA4K6RQxC7nPk4BVQgDkwqqP
2XaCmoWaDXIJAR4A5oc6LOTUOHSGjt8h7tSVAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU4NRO7NbASeb1oB+r2gVyJIrk0/kwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzROUk83TmJBU2ViMW9C
LXIyZ1Z5SklyazBfay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCKoIHc
b60pyQyQq5Kd98aZIIF8oTuYN+jXqYdZyXcnP3XhieU+23pidN3Rf13q4TFyQ75U
ZlVeFyLGE8Wap0N3YWRj58iqdJr0yojk3h+msYc38MKZbdcbSc/q43VQ3FE2o+Pr
fpAzAxvYqTsklWKDjnvSs3uBu1lszQpHZuDXQvAld9xBLkyY1nRKXlt9/S2hAAEK
jOadM+PZmCOPODR6TUiBHEQWyx/1MR1fpJTp6stazpDQ5lTbA1UyzRqqgGVa1nIe
nVfOF0ziNO4Yv92n7kSlT0dSu5lSihQOxDnunBfamIaQE+IF+Tn9+tnR85k3SiuB
UMrYqYi4h/7HublY
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:56:50 2025 by rpki-client