Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/4_aMhZ3Q-LyO7YsCHP6CdKOyeuY.roa
File: 4_aMhZ3Q-LyO7YsCHP6CdKOyeuY.roa (raw, json)
Hash identifier: HtOyxJ7mHUmxi6IjNevHv3iULXm09ZjK0Bj4FnaKU+s=
Subject key identifier: E3:F6:8C:85:9D:D0:F8:BC:8E:ED:8B:02:1C:FE:82:74:A3:B2:7A:E6
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 72CE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4_aMhZ3Q-LyO7YsCHP6CdKOyeuY.roa
Signing time: Thu 03 Jul 2025 11:15:08 +0000
ROA not before: Thu 03 Jul 2025 11:15:08 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29390 (0x72ce)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 3 11:15:08 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=E3F68C859DD0F8BC8EED8B021CFE8274A3B27AE6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:a5:13:b9:a7:10:ab:7d:bd:15:e3:45:27:25:
00:2b:24:45:cd:39:08:a6:54:61:85:92:63:3f:3a:
11:1d:f0:3b:0b:0e:eb:c1:10:00:8a:ae:ee:b6:8f:
d7:4e:e1:8b:b9:60:db:43:34:4a:f4:01:31:d2:0d:
4e:d5:20:44:41:22:03:d5:12:3f:b4:43:99:cd:70:
fe:bb:b3:b0:8e:1b:7b:09:29:76:3b:d7:9b:7c:91:
9b:60:ac:d0:e2:ae:e1:4c:bc:2e:ec:6f:4b:0b:6c:
7e:bf:72:f9:2e:3c:b7:b4:04:18:0d:52:c2:db:77:
9d:65:3b:dc:c6:e0:00:9d:78:c3:fb:ca:db:cf:66:
55:ec:67:32:f7:2f:65:b2:44:9d:c3:98:0a:3d:e1:
b3:17:18:47:b3:43:c9:ea:2b:ac:fb:67:9e:89:80:
d4:48:74:66:70:32:d6:57:1f:94:ce:62:98:e6:0c:
d3:f9:b7:ce:42:61:dd:aa:a5:f9:f4:4c:a1:ee:21:
76:fe:23:03:a5:68:d6:81:0e:e1:92:56:9c:ee:b5:
25:a9:80:0b:29:40:bb:c5:54:60:74:15:f0:05:8c:
9b:ec:9a:2a:8e:31:82:8c:c6:03:f4:2c:5c:cd:b0:
9c:75:db:4b:70:f5:f9:07:ad:65:f6:ae:e4:d4:b1:
69:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:F6:8C:85:9D:D0:F8:BC:8E:ED:8B:02:1C:FE:82:74:A3:B2:7A:E6
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4_aMhZ3Q-LyO7YsCHP6CdKOyeuY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
9c:38:73:98:3a:9b:93:3c:71:c3:fb:d9:f6:6a:d1:82:9d:0c:
a4:54:32:77:aa:a1:a8:ea:cc:d1:0d:6d:86:13:2d:25:5d:d7:
c7:60:c5:7f:de:cd:2b:52:c1:58:4e:a7:10:35:96:31:e1:e5:
31:49:80:60:61:50:1f:91:80:a3:cb:24:79:54:7d:fa:75:79:
f2:f1:bc:6a:fb:05:40:16:47:88:bd:e8:70:30:4d:66:2e:aa:
51:5a:98:dd:a1:f5:39:64:68:28:27:c7:24:50:54:e2:31:81:
77:d4:40:43:e1:2f:44:0f:ed:76:bd:bf:33:c2:22:d8:3c:21:
2f:10:ea:72:86:0a:28:b2:30:3d:3d:21:e3:b0:86:58:9d:5b:
d8:f9:63:61:93:9f:8b:f7:1d:4c:9d:a3:32:9f:13:f1:a1:ec:
af:af:a2:28:b8:42:91:d7:48:ae:72:07:66:84:66:50:f4:4f:
74:88:3e:a3:ce:11:9e:24:f4:9b:33:93:13:11:63:8d:3d:6e:
7f:8e:bf:25:09:0e:68:34:3a:f1:51:3a:b4:9f:98:9a:1e:66:
d9:36:1d:94:2a:15:63:39:c4:3b:56:44:e1:da:2a:86:db:05:
1a:fe:1d:56:5b:6c:6f:30:2f:d7:37:84:fb:b2:9f:c8:d3:a5:
a6:b5:1e:64
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcs4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDMx
MTE1MDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEUzRjY4Qzg1OUREMEY4
QkM4RUVEOEIwMjFDRkU4Mjc0QTNCMjdBRTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDOpRO5pxCrfb0V40UnJQArJEXNOQimVGGFkmM/OhEd8DsLDuvB
EACKru62j9dO4Yu5YNtDNEr0ATHSDU7VIERBIgPVEj+0Q5nNcP67s7COG3sJKXY7
15t8kZtgrNDiruFMvC7sb0sLbH6/cvkuPLe0BBgNUsLbd51lO9zG4ACdeMP7ytvP
ZlXsZzL3L2WyRJ3DmAo94bMXGEezQ8nqK6z7Z56JgNRIdGZwMtZXH5TOYpjmDNP5
t85CYd2qpfn0TKHuIXb+IwOlaNaBDuGSVpzutSWpgAspQLvFVGB0FfAFjJvsmiqO
MYKMxgP0LFzNsJx120tw9fkHrWX2ruTUsWnbAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU4/aMhZ3Q+LyO7YsCHP6CdKOyeuYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzRfYU1oWjNRLUx5TzdZ
c0NIUDZDZEtPeWV1WS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCcOHOY
OpuTPHHD+9n2atGCnQykVDJ3qqGo6szRDW2GEy0lXdfHYMV/3s0rUsFYTqcQNZYx
4eUxSYBgYVAfkYCjyyR5VH36dXny8bxq+wVAFkeIvehwME1mLqpRWpjdofU5ZGgo
J8ckUFTiMYF31EBD4S9ED+12vb8zwiLYPCEvEOpyhgoosjA9PSHjsIZYnVvY+WNh
k5+L9x1MnaMynxPxoeyvr6IouEKR10iucgdmhGZQ9E90iD6jzhGeJPSbM5MTEWON
PW5/jr8lCQ5oNDrxUTq0n5iaHmbZNh2UKhVjOcQ7VkTh2iqG2wUa/h1WW2xvMC/X
N4T7sp/I06WmtR5k
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:37:39 2025 by rpki-client