Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/5Ab1Uqt_8dHg20jiqXwJoAMoW8g.roa
File: 5Ab1Uqt_8dHg20jiqXwJoAMoW8g.roa (raw, json)
Hash identifier: juzD3gc0K6cZ/AOZ3/aDhAxwK12Xkt++2iaocJYpPrY=
Subject key identifier: E4:06:F5:52:AB:7F:F1:D1:E0:DB:48:E2:A9:7C:09:A0:03:28:5B:C8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 729C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/5Ab1Uqt_8dHg20jiqXwJoAMoW8g.roa
Signing time: Wed 02 Jul 2025 22:44:47 +0000
ROA not before: Wed 02 Jul 2025 22:44:47 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29340 (0x729c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 2 22:44:47 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=E406F552AB7FF1D1E0DB48E2A97C09A003285BC8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:8a:ef:ae:22:9a:70:0d:4e:10:67:e3:93:94:
5a:22:62:e4:55:b2:96:1e:f2:ff:da:96:29:69:da:
de:70:67:ea:f4:14:bd:f0:59:85:dc:d2:87:87:37:
08:db:bd:21:3a:ce:89:81:ae:b0:18:90:7f:05:d4:
f7:9c:2b:f0:9f:39:91:c8:97:fd:29:1f:a8:b7:95:
3b:a9:29:4a:1e:1c:fb:7a:9d:02:4c:d2:95:50:d0:
69:26:cb:f4:91:d6:2b:0c:4b:ec:26:a9:d7:7e:e4:
8b:30:af:53:37:3a:49:59:7f:e6:00:73:fc:13:55:
45:19:85:f6:1e:49:7d:84:82:22:22:05:bf:86:9c:
dc:d1:a6:d6:fe:c2:1f:e8:20:ab:ac:ca:a6:76:60:
44:42:d3:5c:23:88:62:e7:3e:90:c9:01:fc:53:41:
b7:6e:62:c4:b2:ec:fe:dd:bc:9c:13:30:7f:b8:d2:
16:04:ac:d8:7e:92:1e:56:f1:c6:b0:e9:25:15:ab:
27:13:ed:f8:8d:22:0d:f1:b0:0c:be:b0:fa:cf:08:
0f:bb:4f:06:9f:3f:c7:5b:6f:f9:38:9e:0f:f2:be:
98:d1:89:b4:25:ab:34:b6:62:fe:21:bd:d4:9e:8d:
b1:76:83:43:a8:ba:7c:a2:1d:80:82:38:a8:ea:83:
56:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E4:06:F5:52:AB:7F:F1:D1:E0:DB:48:E2:A9:7C:09:A0:03:28:5B:C8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/5Ab1Uqt_8dHg20jiqXwJoAMoW8g.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
1a:ae:38:05:0f:e3:66:0a:91:9e:99:ba:52:91:1e:b1:bd:9a:
b7:86:9d:5b:d8:42:a0:67:0d:f6:97:66:9a:7f:51:52:6d:1d:
75:8c:7a:e2:18:ba:5c:c0:34:bc:71:17:15:95:44:ca:97:19:
e0:57:14:af:6d:e2:04:d2:28:ae:40:32:ef:ff:65:f7:96:8f:
c1:17:a8:bb:e1:fd:3d:1a:5b:3a:15:b2:a8:51:0e:87:d4:f6:
93:9f:aa:72:d2:5f:9d:24:a4:02:12:c4:48:63:13:41:ba:44:
b1:ef:62:54:ec:7d:94:ce:0b:36:d0:3e:a7:3f:00:f2:a8:d0:
cb:ec:76:d9:51:4b:70:59:e9:e5:14:bd:5d:55:54:9a:31:e9:
2c:1c:f7:1b:3c:8e:b6:94:da:85:ef:59:55:d4:a1:4e:06:c1:
0b:2c:ea:47:63:f6:b0:16:87:fc:bb:9f:40:d3:cd:92:eb:dc:
1a:1e:9d:38:5b:53:34:7a:82:bf:31:5c:eb:a2:e0:f8:c5:e7:
ed:b5:16:46:2f:a1:9b:66:fd:4b:60:4a:81:e8:93:03:e6:5d:
af:93:c6:8b:b0:c8:8b:a4:31:b0:32:4e:82:28:e9:27:44:34:
b4:4e:4e:df:5b:a2:b6:36:c7:5d:2c:08:34:1f:a8:06:9b:91:
6e:73:eb:19
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcpwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDIy
MjQ0NDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEU0MDZGNTUyQUI3RkYx
RDFFMERCNDhFMkE5N0MwOUEwMDMyODVCQzgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCwiu+uIppwDU4QZ+OTlFoiYuRVspYe8v/alilp2t5wZ+r0FL3w
WYXc0oeHNwjbvSE6zomBrrAYkH8F1PecK/CfOZHIl/0pH6i3lTupKUoeHPt6nQJM
0pVQ0Gkmy/SR1isMS+wmqdd+5Iswr1M3OklZf+YAc/wTVUUZhfYeSX2EgiIiBb+G
nNzRptb+wh/oIKusyqZ2YERC01wjiGLnPpDJAfxTQbduYsSy7P7dvJwTMH+40hYE
rNh+kh5W8caw6SUVqycT7fiNIg3xsAy+sPrPCA+7TwafP8dbb/k4ng/yvpjRibQl
qzS2Yv4hvdSejbF2g0OounyiHYCCOKjqg1Z7AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU5Ab1Uqt/8dHg20jiqXwJoAMoW8gwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzVBYjFVcXRfOGRIZzIw
amlxWHdKb0FNb1c4Zy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAarjgF
D+NmCpGembpSkR6xvZq3hp1b2EKgZw32l2aaf1FSbR11jHriGLpcwDS8cRcVlUTK
lxngVxSvbeIE0iiuQDLv/2X3lo/BF6i74f09Gls6FbKoUQ6H1PaTn6py0l+dJKQC
EsRIYxNBukSx72JU7H2Uzgs20D6nPwDyqNDL7HbZUUtwWenlFL1dVVSaMeksHPcb
PI62lNqF71lV1KFOBsELLOpHY/awFof8u59A082S69waHp04W1M0eoK/MVzrouD4
xefttRZGL6GbZv1LYEqB6JMD5l2vk8aLsMiLpDGwMk6CKOknRDS0Tk7fW6K2Nsdd
LAg0H6gGm5Fuc+sZ
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:37:48 2025 by rpki-client