
Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/7TmZc0_2C8hxTn65_w-x9pfwsuU.roa
File: 7TmZc0_2C8hxTn65_w-x9pfwsuU.roa (raw, json)
Hash identifier: vVH8AVAmVxA+n6OWZxKisTql+2Fj1DsZS/ruOfzUc/w=
Subject key identifier: ED:39:99:73:4F:F6:0B:C8:71:4E:7E:B9:FF:0F:B1:F6:97:F0:B2:E5
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 732E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/7TmZc0_2C8hxTn65_w-x9pfwsuU.roa
Signing time: Fri 04 Jul 2025 11:14:53 +0000
ROA not before: Fri 04 Jul 2025 11:14:53 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29486 (0x732e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 4 11:14:53 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=ED3999734FF60BC8714E7EB9FF0FB1F697F0B2E5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:3e:f5:5c:eb:ec:ec:aa:26:34:80:82:3f:4a:
44:cd:d4:a1:25:0b:8a:04:bb:72:d9:4d:72:ae:90:
2e:64:64:2b:42:f4:df:dc:5f:69:41:9d:00:90:05:
e9:a6:66:91:ca:ee:6c:f6:0b:f5:46:9d:2a:6b:3e:
8a:c5:97:4a:cd:fb:6b:ef:44:86:34:cf:7c:e2:62:
a4:52:bc:b0:eb:96:2d:41:3e:6f:de:8a:50:6f:f1:
4f:02:c6:b9:fc:ae:d8:10:9f:ed:f5:b6:45:dc:89:
a5:6d:3b:a6:6f:6a:f2:35:91:00:32:97:bc:93:70:
23:44:01:86:fa:ba:fd:9c:b8:1a:97:9e:6e:fd:e3:
d0:4e:81:92:81:58:ff:d7:bc:9e:9a:fc:fd:bf:03:
2c:3d:1a:a1:34:9b:3c:3d:39:79:5b:c8:c3:e6:46:
00:9a:fa:5e:89:36:b3:f3:96:00:34:38:63:b3:2f:
df:39:77:e1:4f:75:e2:c0:48:de:51:9a:19:00:4f:
32:97:6a:ce:e7:6c:43:95:13:8c:0d:50:1d:b3:a1:
20:36:ff:0e:9b:2f:49:a9:ff:2e:20:22:ab:f5:18:
a2:32:ce:2a:88:3f:30:cb:6f:9b:44:17:d7:6c:45:
c8:f2:ac:da:ba:2d:b4:6d:76:b3:28:20:aa:1c:de:
34:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:39:99:73:4F:F6:0B:C8:71:4E:7E:B9:FF:0F:B1:F6:97:F0:B2:E5
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/7TmZc0_2C8hxTn65_w-x9pfwsuU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
6c:c3:bd:c3:2a:23:d5:10:b3:f4:24:0b:b3:4a:75:99:c5:97:
ca:fd:c5:75:9d:1a:66:4b:94:44:48:38:f9:b9:6c:e7:df:4d:
75:ee:45:a6:64:c5:3b:61:f5:c8:cc:44:14:a5:9d:05:4b:4f:
7e:05:46:12:6f:3d:72:61:a0:bd:5b:4a:ee:29:48:55:76:cf:
e9:c3:bf:2b:aa:7a:c4:14:d1:74:50:cf:30:6c:f5:6e:ca:1c:
67:32:3b:72:b7:a1:f9:f8:9b:e8:4a:3e:88:98:d8:e0:78:22:
5d:01:cf:04:43:47:03:3b:36:1a:41:d1:c4:5d:ac:a9:2c:ba:
a3:42:bf:ac:bf:3a:f8:0f:67:3a:03:e4:d3:1a:22:1e:c8:00:
05:fb:70:04:15:e0:e7:65:a6:c7:1e:3c:1c:54:76:1e:0a:f7:
66:e4:65:55:b3:65:63:c6:8a:d8:7b:21:be:cd:ec:fa:13:aa:
24:05:f2:d5:72:c6:95:82:ad:60:20:03:f1:fd:6c:7c:3b:aa:
7f:21:5e:85:7c:ff:0f:95:0b:0a:d4:ef:bb:f9:0a:54:8b:e0:
60:98:64:3c:c4:61:bd:86:9d:cb:ec:98:a2:0a:c0:77:19:84:
7c:94:a5:6b:c0:b5:7f:c7:71:d9:eb:e2:82:f6:70:2e:19:55:
f6:77:a6:82
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcy4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDQx
MTE0NTNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEVEMzk5OTczNEZGNjBC
Qzg3MTRFN0VCOUZGMEZCMUY2OTdGMEIyRTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDPPvVc6+zsqiY0gII/SkTN1KElC4oEu3LZTXKukC5kZCtC9N/c
X2lBnQCQBemmZpHK7mz2C/VGnSprPorFl0rN+2vvRIY0z3ziYqRSvLDrli1BPm/e
ilBv8U8Cxrn8rtgQn+31tkXciaVtO6ZvavI1kQAyl7yTcCNEAYb6uv2cuBqXnm79
49BOgZKBWP/XvJ6a/P2/Ayw9GqE0mzw9OXlbyMPmRgCa+l6JNrPzlgA0OGOzL985
d+FPdeLASN5RmhkATzKXas7nbEOVE4wNUB2zoSA2/w6bL0mp/y4gIqv1GKIyziqI
PzDLb5tEF9dsRcjyrNq6LbRtdrMoIKoc3jSPAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU7TmZc0/2C8hxTn65/w+x9pfwsuUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzdUbVpjMF8yQzhoeFRu
NjVfdy14OXBmd3N1VS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBsw73D
KiPVELP0JAuzSnWZxZfK/cV1nRpmS5RESDj5uWzn30117kWmZMU7YfXIzEQUpZ0F
S09+BUYSbz1yYaC9W0ruKUhVds/pw78rqnrEFNF0UM8wbPVuyhxnMjtyt6H5+Jvo
Sj6ImNjgeCJdAc8EQ0cDOzYaQdHEXaypLLqjQr+svzr4D2c6A+TTGiIeyAAF+3AE
FeDnZabHHjwcVHYeCvdm5GVVs2VjxorYeyG+zez6E6okBfLVcsaVgq1gIAPx/Wx8
O6p/IV6FfP8PlQsK1O+7+QpUi+BgmGQ8xGG9hp3L7JiiCsB3GYR8lKVrwLV/x3HZ
6+KC9nAuGVX2d6aC
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:48:44 2025 by rpki-client