Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/79IMMD8gsdvZP3tWul7nJGYCOTU.roa
File: 79IMMD8gsdvZP3tWul7nJGYCOTU.roa (raw, json)
Hash identifier: QBrNoWFsGErPl7eihpOKWsG+xNifgj41C8aNIfyBPVo=
Subject key identifier: EF:D2:0C:30:3F:20:B1:DB:D9:3F:7B:56:BA:5E:E7:24:66:02:39:35
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 77B0
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/79IMMD8gsdvZP3tWul7nJGYCOTU.roa
Signing time: Wed 16 Jul 2025 12:12:14 +0000
ROA not before: Wed 16 Jul 2025 12:12:14 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30640 (0x77b0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 16 12:12:14 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=EFD20C303F20B1DBD93F7B56BA5EE72466023935
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:be:e8:aa:49:67:93:e9:bf:f5:8e:a5:98:04:
05:2d:b2:25:a5:7b:cd:0f:56:2b:93:1c:93:17:99:
9f:b5:c4:3e:63:1f:48:a8:69:0f:28:c7:c3:a0:a5:
3b:f7:b0:8d:32:ed:f6:e3:04:5a:9d:b5:43:72:63:
93:62:3f:24:6b:e1:27:1a:15:1e:9f:1b:da:d7:43:
7d:17:28:57:e1:c5:b7:55:02:41:6c:68:2f:ce:4d:
d5:66:60:5b:70:16:4f:c5:cc:71:8f:3f:14:c8:b8:
71:98:57:39:b6:8c:fc:d5:cd:19:c3:b9:0f:b9:a0:
bb:73:e9:e9:30:78:af:97:ba:62:29:87:ba:d3:8b:
06:60:a8:ca:3a:c5:8a:c8:61:25:7a:bb:1b:85:d9:
12:4e:60:d9:df:c5:43:1a:81:f0:2a:84:46:a4:a6:
3c:0f:66:99:ba:ba:39:33:6a:d6:17:77:e6:9c:6b:
e3:35:c9:87:0e:7a:50:1f:e3:86:22:f7:74:36:2d:
6f:06:75:11:f0:b9:fd:cf:27:32:37:97:c1:0a:ea:
83:00:08:d6:af:93:de:83:c3:db:46:57:34:cb:2f:
59:47:7c:af:43:c3:92:da:48:e5:fb:f8:af:3f:8d:
eb:e1:70:17:d6:9c:af:36:2a:0c:78:58:2a:ea:3a:
fb:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:D2:0C:30:3F:20:B1:DB:D9:3F:7B:56:BA:5E:E7:24:66:02:39:35
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/79IMMD8gsdvZP3tWul7nJGYCOTU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
aa:ca:1f:15:98:7b:67:45:0c:ec:dd:96:94:d7:af:f5:f3:c5:
30:81:37:78:0f:bb:08:8f:2c:39:6b:cf:1e:90:df:16:50:ac:
59:94:32:07:fc:ee:ff:e6:ea:79:49:1f:b8:dd:b0:9d:99:fb:
b7:f2:f3:36:90:7d:b0:e8:7d:8e:c7:c0:fa:30:6d:41:3c:a1:
d0:b6:80:ad:ac:45:79:79:e6:15:e6:2c:81:d5:c0:b0:88:20:
e9:16:07:21:05:b6:80:58:cc:7b:28:e5:c3:8d:3f:6d:28:90:
cd:5f:8a:cf:29:1e:72:8f:b6:8c:c6:b9:e2:5d:11:df:ea:ea:
d9:38:60:85:e5:f1:dc:96:42:f5:eb:fd:3c:f3:52:97:0f:ee:
19:a0:09:f1:d2:7d:a6:dc:90:95:e1:eb:4a:ac:cb:31:a4:ad:
34:20:fe:32:70:21:33:33:f3:f8:b2:ee:9f:f4:52:da:d3:d7:
ca:2e:55:1e:2f:fd:5e:dd:7b:e1:b1:a1:a3:2a:3f:2f:a9:85:
66:31:8f:f4:c4:ef:a5:94:dd:38:25:d6:2a:2e:2b:23:47:01:
af:1b:44:37:ac:88:bb:97:c4:f1:90:1e:f3:21:7e:c0:dd:da:
92:22:00:9a:87:7f:55:7e:bb:87:b8:cf:6a:25:08:66:61:51:
12:7f:03:e2
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICd7AwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTYx
MjEyMTRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEVGRDIwQzMwM0YyMEIx
REJEOTNGN0I1NkJBNUVFNzI0NjYwMjM5MzUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDvuiqSWeT6b/1jqWYBAUtsiWle80PViuTHJMXmZ+1xD5jH0io
aQ8ox8OgpTv3sI0y7fbjBFqdtUNyY5NiPyRr4ScaFR6fG9rXQ30XKFfhxbdVAkFs
aC/OTdVmYFtwFk/FzHGPPxTIuHGYVzm2jPzVzRnDuQ+5oLtz6ekweK+XumIph7rT
iwZgqMo6xYrIYSV6uxuF2RJOYNnfxUMagfAqhEakpjwPZpm6ujkzatYXd+aca+M1
yYcOelAf44Yi93Q2LW8GdRHwuf3PJzI3l8EK6oMACNavk96Dw9tGVzTLL1lHfK9D
w5LaSOX7+K8/jevhcBfWnK82Kgx4WCrqOvtPAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU79IMMD8gsdvZP3tWul7nJGYCOTUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3Lzc5SU1NRDhnc2R2WlAz
dFd1bDduSkdZQ09UVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCqyh8V
mHtnRQzs3ZaU16/188UwgTd4D7sIjyw5a88ekN8WUKxZlDIH/O7/5up5SR+43bCd
mfu38vM2kH2w6H2Ox8D6MG1BPKHQtoCtrEV5eeYV5iyB1cCwiCDpFgchBbaAWMx7
KOXDjT9tKJDNX4rPKR5yj7aMxrniXRHf6urZOGCF5fHclkL16/0881KXD+4ZoAnx
0n2m3JCV4etKrMsxpK00IP4ycCEzM/P4su6f9FLa09fKLlUeL/1e3XvhsaGjKj8v
qYVmMY/0xO+llN04JdYqLisjRwGvG0Q3rIi7l8TxkB7zIX7A3dqSIgCah39VfruH
uM9qJQhmYVESfwPi
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:44:19 2025 by rpki-client