Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/7otvj-cQH3qQVogpGpbYQg5Pp7k.roa
File: 7otvj-cQH3qQVogpGpbYQg5Pp7k.roa (raw, json)
Hash identifier: r2K2MGgyNH0t2XxDEQybpWl6ImeZDn+DvYtu+3oCsv0=
Subject key identifier: EE:8B:6F:8F:E7:10:1F:7A:90:56:88:29:1A:96:D8:42:0E:4F:A7:B9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6FC6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/7otvj-cQH3qQVogpGpbYQg5Pp7k.roa
Signing time: Wed 25 Jun 2025 09:14:42 +0000
ROA not before: Wed 25 Jun 2025 09:14:42 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28614 (0x6fc6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 25 09:14:42 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=EE8B6F8FE7101F7A905688291A96D8420E4FA7B9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:37:8d:08:28:bf:b6:0e:56:ae:fe:54:78:dd:
5e:8d:ea:3d:b9:73:23:dd:3a:45:c5:09:ad:c3:6a:
a3:d2:3d:f7:8e:99:87:1c:8e:03:85:7c:6d:77:8b:
9c:d4:dc:00:d7:5f:81:a9:03:1a:91:8e:0c:3e:3f:
67:75:6a:3b:d5:ee:db:8a:cb:c3:8d:6b:a4:bf:57:
04:c8:39:31:5b:54:9e:f4:32:33:bf:da:76:2e:5d:
a8:7c:35:6a:c8:47:92:12:dc:9c:03:70:77:42:11:
73:f2:85:ce:d8:3e:64:13:2e:d0:14:9d:56:a1:38:
96:63:f0:9c:34:1f:50:a3:62:41:28:75:81:d5:d5:
e6:b8:98:81:19:f9:0a:e1:5a:07:68:6d:e6:ba:87:
b6:29:1e:b8:cc:3e:9f:ee:ea:3c:55:7b:c7:ef:92:
97:73:22:35:9c:47:c7:53:79:6b:c1:ea:9b:a6:42:
6e:9b:c9:3a:eb:5a:4a:43:b2:07:0d:cf:97:fd:8b:
7c:23:72:df:83:f8:7a:5c:5e:8f:7f:39:e9:b5:75:
80:a5:cd:22:03:14:77:ac:2f:ca:fc:5c:0c:88:65:
64:e5:85:8c:18:30:23:e6:35:53:12:be:c2:e1:f4:
14:1d:21:2d:79:a7:27:16:15:f2:71:ee:73:04:37:
48:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:8B:6F:8F:E7:10:1F:7A:90:56:88:29:1A:96:D8:42:0E:4F:A7:B9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/7otvj-cQH3qQVogpGpbYQg5Pp7k.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
50:55:72:1f:a7:6e:38:3b:a3:0f:87:4f:f1:56:46:c3:cd:60:
c0:b1:8d:59:c2:48:40:cd:63:ca:d1:08:07:3d:45:ac:dc:cd:
06:d8:7b:ee:21:a2:b5:c7:a3:d8:b1:71:9b:cc:09:a1:3a:b3:
20:a5:70:cd:2f:b5:d8:ff:0d:5d:7d:f7:47:4a:ed:d7:bf:4a:
99:02:d1:2e:3f:41:8a:3c:a2:af:fd:be:0d:da:00:4d:ca:f5:
1e:ee:68:ce:32:45:d9:08:72:8c:76:c2:cc:0e:e0:8a:3d:6b:
6a:a5:9b:df:1e:93:85:7d:50:ce:c3:9e:2c:2b:90:2c:bc:3b:
c6:49:fe:b3:5b:b4:78:02:b3:78:3b:4e:23:f7:9d:c8:33:01:
4b:f4:6f:0c:53:a2:12:e6:03:c4:60:f4:22:e6:52:ea:b3:4d:
74:4f:0b:82:2a:58:7b:94:75:96:23:4b:c0:47:0d:9b:ea:ca:
d1:0e:55:c8:d5:c3:7b:40:dd:6b:98:94:09:b8:56:91:91:a7:
15:9e:e9:4b:6b:35:4a:1f:2d:06:69:f3:41:1a:a0:e9:9f:8b:
8a:f8:6d:01:fd:6c:65:54:49:31:b7:9e:d7:6b:88:1a:13:12:
02:7c:2a:8f:39:02:d5:72:9d:cc:ee:c8:9f:47:15:0a:0e:39:
ff:57:dd:5d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICb8YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjUw
OTE0NDJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEVFOEI2RjhGRTcxMDFG
N0E5MDU2ODgyOTFBOTZEODQyMEU0RkE3QjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDfN40IKL+2Dlau/lR43V6N6j25cyPdOkXFCa3DaqPSPfeOmYcc
jgOFfG13i5zU3ADXX4GpAxqRjgw+P2d1ajvV7tuKy8ONa6S/VwTIOTFbVJ70MjO/
2nYuXah8NWrIR5IS3JwDcHdCEXPyhc7YPmQTLtAUnVahOJZj8Jw0H1CjYkEodYHV
1ea4mIEZ+QrhWgdobea6h7YpHrjMPp/u6jxVe8fvkpdzIjWcR8dTeWvB6pumQm6b
yTrrWkpDsgcNz5f9i3wjct+D+HpcXo9/Oem1dYClzSIDFHesL8r8XAyIZWTlhYwY
MCPmNVMSvsLh9BQdIS15pycWFfJx7nMEN0gtAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU7otvj+cQH3qQVogpGpbYQg5Pp7kwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzdvdHZqLWNRSDNxUVZv
Z3BHcGJZUWc1UHA3ay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBQVXIf
p244O6MPh0/xVkbDzWDAsY1ZwkhAzWPK0QgHPUWs3M0G2HvuIaK1x6PYsXGbzAmh
OrMgpXDNL7XY/w1dffdHSu3Xv0qZAtEuP0GKPKKv/b4N2gBNyvUe7mjOMkXZCHKM
dsLMDuCKPWtqpZvfHpOFfVDOw54sK5AsvDvGSf6zW7R4ArN4O04j953IMwFL9G8M
U6IS5gPEYPQi5lLqs010TwuCKlh7lHWWI0vARw2b6srRDlXI1cN7QN1rmJQJuFaR
kacVnulLazVKHy0GafNBGqDpn4uK+G0B/WxlVEkxt57Xa4gaExICfCqPOQLVcp3M
7sifRxUKDjn/V91d
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:46:38 2025 by rpki-client