Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/4xoHeAXfs5Vs7HAJX4LWqdE3wWE.roa
File: 4xoHeAXfs5Vs7HAJX4LWqdE3wWE.roa (raw, json)
Hash identifier: Dz+RyKkry4n9C5MESV33F7gucsnTek4+8IF7rZPlCPo=
Subject key identifier: E3:1A:07:78:05:DF:B3:95:6C:EC:70:09:5F:82:D6:A9:D1:37:C1:61
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 76FA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4xoHeAXfs5Vs7HAJX4LWqdE3wWE.roa
Signing time: Mon 14 Jul 2025 14:41:46 +0000
ROA not before: Mon 14 Jul 2025 14:41:46 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30458 (0x76fa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 14 14:41:46 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=E31A077805DFB3956CEC70095F82D6A9D137C161
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:46:79:f7:b6:99:60:4c:ad:99:1b:fa:8a:a2:
9d:ef:64:aa:92:87:a1:46:fa:9a:45:13:c0:f3:5b:
b7:f4:f8:09:4c:55:b0:6a:6f:f5:a9:ae:de:06:ff:
a1:a2:02:04:10:67:19:45:a0:82:3d:75:43:39:26:
7e:ac:77:0f:7c:68:89:8e:3f:e3:38:e3:0a:eb:31:
5e:75:ab:ff:fc:61:6f:70:2f:18:97:2e:72:dd:8c:
55:db:9c:db:22:e4:0f:3a:2f:e7:a3:b9:96:0a:3a:
32:db:22:e9:15:14:8e:a5:50:7a:fb:a0:fb:71:1f:
3f:27:2c:79:0b:85:3a:52:43:ba:46:f1:20:03:ba:
d2:68:33:8e:fc:24:e7:f7:63:75:08:d8:9e:ec:3a:
f2:d2:fe:f9:a1:ee:ed:e3:fe:25:46:75:12:c9:3c:
9f:8f:e0:56:b2:12:fe:f5:53:db:7a:12:13:dc:e4:
ba:11:04:d5:60:19:d7:77:72:f8:3c:63:27:fc:e9:
77:7d:f1:2e:4c:7a:9b:37:2c:58:88:5f:21:aa:a1:
e8:7f:f3:22:93:44:6f:6f:95:0c:d8:6c:be:dc:d7:
d8:b7:75:a7:b5:62:4f:98:e8:73:ae:c1:a5:65:05:
ef:4e:b9:25:9e:50:1b:2f:f4:89:1c:d7:32:aa:56:
a8:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:1A:07:78:05:DF:B3:95:6C:EC:70:09:5F:82:D6:A9:D1:37:C1:61
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4xoHeAXfs5Vs7HAJX4LWqdE3wWE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
aa:70:ed:a8:52:78:e9:97:ab:22:7e:ac:55:65:ad:ad:48:be:
52:fb:67:69:af:b7:78:5f:a5:b7:91:3a:7c:d5:fb:9f:ec:06:
c6:e2:41:47:da:24:70:38:e0:9b:1a:3e:a9:fc:a0:d0:ca:3e:
f2:df:a7:10:3a:7b:0f:a8:c5:c4:ed:0b:fa:19:f2:43:ca:80:
0d:52:2f:95:ab:3d:cb:ca:bf:33:6e:87:21:59:31:c5:d3:e8:
85:83:a1:d7:e2:3c:49:49:d6:f2:1b:e9:e9:4b:c2:a7:a4:82:
7e:b2:cd:eb:fc:54:50:ae:6b:9a:8e:b2:4d:9a:2c:dd:89:cb:
a3:04:1b:61:f3:0e:2e:7c:40:56:05:93:1f:4a:4e:ae:2f:c7:
84:15:d0:f9:85:7c:08:b5:18:3f:68:eb:13:c8:95:9f:d9:6d:
89:5b:51:dd:63:e6:36:df:c7:52:b4:63:22:ea:9d:10:39:ac:
b6:49:65:a4:e1:00:8c:96:07:2b:16:93:d0:29:a2:7b:1f:62:
62:b5:34:ef:b7:af:7b:f3:30:62:82:7e:b2:83:45:45:b9:da:
12:c3:52:6f:fd:95:36:f1:72:b9:ea:60:63:6d:9a:23:2e:68:
e2:55:77:a9:ab:ac:67:ac:0f:3c:df:90:ab:49:7e:12:49:a7:
42:d2:24:d5
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdvowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTQx
NDQxNDZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEUzMUEwNzc4MDVERkIz
OTU2Q0VDNzAwOTVGODJENkE5RDEzN0MxNjEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC2Rnn3tplgTK2ZG/qKop3vZKqSh6FG+ppFE8DzW7f0+AlMVbBq
b/Wprt4G/6GiAgQQZxlFoII9dUM5Jn6sdw98aImOP+M44wrrMV51q//8YW9wLxiX
LnLdjFXbnNsi5A86L+ejuZYKOjLbIukVFI6lUHr7oPtxHz8nLHkLhTpSQ7pG8SAD
utJoM478JOf3Y3UI2J7sOvLS/vmh7u3j/iVGdRLJPJ+P4FayEv71U9t6EhPc5LoR
BNVgGdd3cvg8Yyf86Xd98S5Meps3LFiIXyGqoeh/8yKTRG9vlQzYbL7c19i3dae1
Yk+Y6HOuwaVlBe9OuSWeUBsv9Ikc1zKqVqiBAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU4xoHeAXfs5Vs7HAJX4LWqdE3wWEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzR4b0hlQVhmczVWczdI
QUpYNExXcWRFM3dXRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCqcO2o
Unjpl6sifqxVZa2tSL5S+2dpr7d4X6W3kTp81fuf7AbG4kFH2iRwOOCbGj6p/KDQ
yj7y36cQOnsPqMXE7Qv6GfJDyoANUi+Vqz3Lyr8zbochWTHF0+iFg6HX4jxJSdby
G+npS8KnpIJ+ss3r/FRQrmuajrJNmizdicujBBth8w4ufEBWBZMfSk6uL8eEFdD5
hXwItRg/aOsTyJWf2W2JW1HdY+Y238dStGMi6p0QOay2SWWk4QCMlgcrFpPQKaJ7
H2JitTTvt6978zBign6yg0VFudoSw1Jv/ZU28XK56mBjbZojLmjiVXepq6xnrA88
35CrSX4SSadC0iTV
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:39:21 2025 by rpki-client