Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/5Z1QYd0X2jKSmRJafpzbE4BayWs.roa
File: 5Z1QYd0X2jKSmRJafpzbE4BayWs.roa (raw, json)
Hash identifier: YYhsbbEtDvbfrq/WuYp7caenLXTJoGIow+/pQqoahRw=
Subject key identifier: E5:9D:50:61:DD:17:DA:32:92:99:12:5A:7E:9C:DB:13:80:5A:C9:6B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 77DC
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/5Z1QYd0X2jKSmRJafpzbE4BayWs.roa
Signing time: Wed 16 Jul 2025 23:12:56 +0000
ROA not before: Wed 16 Jul 2025 23:12:56 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30684 (0x77dc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 16 23:12:56 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=E59D5061DD17DA329299125A7E9CDB13805AC96B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:8c:04:77:1e:78:52:82:f3:65:c0:7d:49:a1:
37:39:9d:cd:62:25:8f:fd:c5:2c:4d:32:52:3a:c9:
09:f9:e4:96:04:eb:5f:5c:e7:8a:02:bb:92:3c:b0:
2c:7e:43:d2:8e:90:52:26:d4:1f:50:21:77:d5:f6:
3a:1a:55:ba:6b:01:93:10:da:20:77:ca:44:48:b2:
0b:ff:2a:ea:fa:59:11:5f:32:07:2c:8d:c8:0a:0b:
d8:c6:28:ae:fd:fa:8e:a8:8e:fa:40:2b:fc:c9:13:
a8:05:13:68:0d:30:4f:33:0a:41:15:78:01:09:f6:
f1:30:3a:63:8a:86:06:c4:42:35:31:1e:c1:19:29:
5c:60:79:2d:cc:d3:e2:76:41:57:53:58:68:32:f7:
2a:5f:bf:e0:08:c4:2f:b4:5e:02:59:a2:d6:58:41:
80:c0:c7:a3:1d:f5:bd:88:38:32:8e:f8:31:fa:e5:
f3:a2:db:de:3b:da:79:20:16:13:02:72:8c:e1:f8:
2a:53:e6:d0:82:ae:31:a8:a1:ba:ea:1b:fe:60:71:
e6:1d:62:c5:eb:c6:3e:40:a2:fb:a7:5c:65:00:50:
78:32:aa:a9:c7:fb:55:05:2d:65:0d:f6:d6:51:a5:
ca:ed:12:aa:e1:ce:69:33:d6:6b:c0:ee:07:30:da:
3c:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E5:9D:50:61:DD:17:DA:32:92:99:12:5A:7E:9C:DB:13:80:5A:C9:6B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/5Z1QYd0X2jKSmRJafpzbE4BayWs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
9c:e5:e3:6e:eb:cc:f8:e6:ca:c1:1a:dc:e9:a6:5e:35:9d:ac:
4e:2b:4d:6b:f5:a2:5d:b1:75:db:54:14:12:5f:e1:ae:b1:3b:
bb:f7:23:4f:d4:e7:b7:1a:19:31:29:33:63:40:97:f4:4e:00:
a5:95:b0:1b:de:05:18:38:b8:df:f1:40:87:bd:a7:7b:c5:41:
27:c9:57:72:df:95:97:eb:3c:91:d8:7e:f3:3a:8d:95:b8:64:
a3:b6:3e:af:9a:06:16:13:22:cf:24:a3:69:6b:cd:14:fe:43:
8a:3b:26:40:70:e8:8b:1c:dc:13:6b:ca:0f:48:e4:f0:1a:ac:
f3:42:f7:62:0f:0c:1d:8e:ac:38:de:10:ca:f6:18:6b:ed:fa:
20:6b:0c:73:6e:ff:92:bc:e8:38:f6:31:ba:40:18:9b:92:28:
74:95:45:da:e3:1f:78:14:56:25:6b:04:f6:a8:4b:0f:4e:de:
8c:a7:1b:74:0d:d0:33:55:bd:f0:16:3f:ed:31:2d:a6:87:28:
88:5b:7d:a8:21:e3:ca:95:ed:5c:28:1b:66:e8:54:04:b0:13:
9a:de:77:58:89:81:9e:5c:12:f7:a6:6b:ac:32:a9:b6:78:c3:
9b:6e:9a:8e:2e:e1:b3:b6:63:73:b6:9d:cc:2c:c6:21:b2:5c:
0b:fe:b0:8e
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICd9wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTYy
MzEyNTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEU1OUQ1MDYxREQxN0RB
MzI5Mjk5MTI1QTdFOUNEQjEzODA1QUM5NkIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCjAR3HnhSgvNlwH1JoTc5nc1iJY/9xSxNMlI6yQn55JYE619c
54oCu5I8sCx+Q9KOkFIm1B9QIXfV9joaVbprAZMQ2iB3ykRIsgv/Kur6WRFfMgcs
jcgKC9jGKK79+o6ojvpAK/zJE6gFE2gNME8zCkEVeAEJ9vEwOmOKhgbEQjUxHsEZ
KVxgeS3M0+J2QVdTWGgy9ypfv+AIxC+0XgJZotZYQYDAx6Md9b2IODKO+DH65fOi
29472nkgFhMCcozh+CpT5tCCrjGoobrqG/5gceYdYsXrxj5AovunXGUAUHgyqqnH
+1UFLWUN9tZRpcrtEqrhzmkz1mvA7gcw2jyJAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU5Z1QYd0X2jKSmRJafpzbE4BayWswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzVaMVFZZDBYMmpLU21S
SmFmcHpiRTRCYXlXcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCc5eNu
68z45srBGtzppl41naxOK01r9aJdsXXbVBQSX+GusTu79yNP1Oe3GhkxKTNjQJf0
TgCllbAb3gUYOLjf8UCHvad7xUEnyVdy35WX6zyR2H7zOo2VuGSjtj6vmgYWEyLP
JKNpa80U/kOKOyZAcOiLHNwTa8oPSOTwGqzzQvdiDwwdjqw43hDK9hhr7fogawxz
bv+SvOg49jG6QBibkih0lUXa4x94FFYlawT2qEsPTt6Mpxt0DdAzVb3wFj/tMS2m
hyiIW32oIePKle1cKBtm6FQEsBOa3ndYiYGeXBL3pmusMqm2eMObbpqOLuGztmNz
tp3MLMYhslwL/rCO
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:35:15 2025 by rpki-client