Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/6aDbEPYYLqVSNG47-UGodsxnPHQ.roa
File: 6aDbEPYYLqVSNG47-UGodsxnPHQ.roa (raw, json)
Hash identifier: VzGqk2ec77/QW99oud1IEvZwlxvhpu8i+roHze4v02g=
Subject key identifier: E9:A0:DB:10:F6:18:2E:A5:52:34:6E:3B:F9:41:A8:76:CC:67:3C:74
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 75CC
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/6aDbEPYYLqVSNG47-UGodsxnPHQ.roa
Signing time: Fri 11 Jul 2025 11:11:40 +0000
ROA not before: Fri 11 Jul 2025 11:11:40 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30156 (0x75cc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 11 11:11:40 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=E9A0DB10F6182EA552346E3BF941A876CC673C74
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:5b:00:a2:ba:3c:85:73:b7:fe:41:77:7c:f1:
7f:fb:c1:7d:f0:2c:51:6c:59:e1:2a:e3:d0:55:1d:
b5:ff:5e:85:46:5c:2c:93:44:8f:ac:f2:bd:5b:de:
8a:8b:e0:08:0b:b5:66:fa:56:d2:83:e8:8a:86:d3:
31:7a:c2:07:b0:29:5a:4b:e1:54:65:e6:90:62:5d:
44:1e:ed:64:92:0b:1c:bb:6a:81:cf:6c:3e:7b:19:
1c:b6:ec:d5:20:6f:11:22:07:1f:bd:3e:49:02:3c:
68:2a:50:9c:0b:aa:3a:bf:40:5e:80:5a:fa:6c:71:
d0:98:ad:3c:7c:1b:45:cd:72:bf:96:93:96:9e:8f:
c8:38:e2:ce:56:74:b3:c3:6c:69:1a:37:d1:ae:af:
3c:88:62:6b:09:a5:e7:5e:46:95:7b:a4:94:81:41:
7f:d1:28:5d:3a:4a:d1:a5:7b:3e:11:e6:f3:9f:4c:
d0:27:d4:e9:a7:9d:44:4c:c4:9d:80:69:83:8a:5a:
f4:a9:b9:12:87:5b:8d:c4:cd:1d:76:5e:c3:fb:2f:
da:88:8b:1c:ce:60:54:85:e2:59:5d:19:f1:d3:e7:
ce:a5:7c:d2:07:06:4e:92:42:4b:3a:d5:08:06:d5:
77:0e:62:4b:17:30:4f:fb:54:5a:62:9c:5f:7b:af:
f0:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E9:A0:DB:10:F6:18:2E:A5:52:34:6E:3B:F9:41:A8:76:CC:67:3C:74
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/6aDbEPYYLqVSNG47-UGodsxnPHQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
57:fa:ad:52:88:9a:5d:b6:c0:9c:9d:30:37:82:9e:2a:49:1c:
73:66:84:13:c5:92:1e:53:1e:be:30:4a:7a:d1:d8:4f:36:02:
c2:5a:8c:eb:04:51:d9:b9:2e:e7:dc:ad:43:4d:9c:f8:98:02:
59:cc:9e:f6:c9:45:e6:09:67:51:34:f9:bf:4b:e5:46:fe:ad:
d8:b0:c2:02:bc:d5:c1:b9:60:6f:8e:2a:9a:bf:50:68:5b:11:
54:2c:ac:6d:c2:85:c0:6d:5a:6a:ec:28:5a:f0:fd:f2:e4:43:
89:6c:e6:0c:e6:d3:b7:8d:26:c2:58:d3:00:1d:04:9d:48:a1:
a4:8f:5d:c5:8e:9f:0e:3f:fa:6a:08:ea:8f:e9:18:ac:ac:a3:
45:6c:93:10:b5:e3:7a:26:14:71:35:a1:14:97:3a:ad:f4:59:
b5:e8:4b:be:23:da:12:45:c5:58:5b:4e:64:c8:42:f0:be:c6:
04:00:ca:5c:d1:f5:cd:2a:c6:c5:ca:e3:f2:08:51:0e:25:e3:
c0:90:1a:a8:6c:0c:30:b2:33:2d:54:64:e7:36:73:ba:49:f7:
31:1d:cf:45:f6:3f:fa:db:e3:c7:83:38:2a:e3:fd:c7:63:25:
4a:f6:10:cc:27:ef:43:49:0f:74:a5:bd:2f:fa:9a:c5:98:34:
bc:81:66:bb
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdcwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTEx
MTExNDBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEU5QTBEQjEwRjYxODJF
QTU1MjM0NkUzQkY5NDFBODc2Q0M2NzNDNzQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCtWwCiujyFc7f+QXd88X/7wX3wLFFsWeEq49BVHbX/XoVGXCyT
RI+s8r1b3oqL4AgLtWb6VtKD6IqG0zF6wgewKVpL4VRl5pBiXUQe7WSSCxy7aoHP
bD57GRy27NUgbxEiBx+9PkkCPGgqUJwLqjq/QF6AWvpscdCYrTx8G0XNcr+Wk5ae
j8g44s5WdLPDbGkaN9GurzyIYmsJpedeRpV7pJSBQX/RKF06StGlez4R5vOfTNAn
1OmnnURMxJ2AaYOKWvSpuRKHW43EzR12XsP7L9qIixzOYFSF4lldGfHT586lfNIH
Bk6SQks61QgG1XcOYksXME/7VFpinF97r/ClAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU6aDbEPYYLqVSNG47+UGodsxnPHQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzZhRGJFUFlZTHFWU05H
NDctVUdvZHN4blBIUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBX+q1S
iJpdtsCcnTA3gp4qSRxzZoQTxZIeUx6+MEp60dhPNgLCWozrBFHZuS7n3K1DTZz4
mAJZzJ72yUXmCWdRNPm/S+VG/q3YsMICvNXBuWBvjiqav1BoWxFULKxtwoXAbVpq
7Cha8P3y5EOJbOYM5tO3jSbCWNMAHQSdSKGkj13Fjp8OP/pqCOqP6RisrKNFbJMQ
teN6JhRxNaEUlzqt9Fm16Eu+I9oSRcVYW05kyELwvsYEAMpc0fXNKsbFyuPyCFEO
JePAkBqobAwwsjMtVGTnNnO6SfcxHc9F9j/62+PHgzgq4/3HYyVK9hDMJ+9DSQ90
pb0v+prFmDS8gWa7
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:41:16 2025 by rpki-client