Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/7q3eLrdb93z4V64Tw0KGjJvMosc.roa
File: 7q3eLrdb93z4V64Tw0KGjJvMosc.roa (raw, json)
Hash identifier: bYkHCV5l12u71TQ/dDu+gsolpYOUwMTU52H5pvpHMmE=
Subject key identifier: EE:AD:DE:2E:B7:5B:F7:7C:F8:57:AE:13:C3:42:86:8C:9B:CC:A2:C7
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7326
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/7q3eLrdb93z4V64Tw0KGjJvMosc.roa
Signing time: Fri 04 Jul 2025 09:14:59 +0000
ROA not before: Fri 04 Jul 2025 09:14:59 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29478 (0x7326)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 4 09:14:59 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=EEADDE2EB75BF77CF857AE13C342868C9BCCA2C7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:07:3d:2c:b8:6d:7a:00:a1:64:38:93:66:32:
99:6c:bb:b6:76:3f:93:db:87:7c:aa:e4:ed:b9:50:
ad:3e:d1:cc:cd:31:cf:1c:02:9d:0e:98:55:e6:8c:
3b:1b:3e:d0:79:14:ed:b5:1a:70:61:17:98:06:cd:
38:67:ec:28:46:a7:47:d8:ab:b6:61:3a:7b:db:a9:
0f:6c:75:54:3a:9a:68:6b:76:6d:b6:96:a0:ed:86:
82:31:5f:31:4e:c3:25:59:74:03:b9:d6:16:93:3e:
d9:c0:d9:91:f7:3f:14:56:a1:19:7c:4f:47:79:2f:
c7:60:fb:c1:cc:37:b1:35:ce:e1:80:4d:0d:bf:b7:
6b:a3:62:ec:3e:a1:4b:32:39:f8:f9:73:ba:23:9d:
74:7f:db:62:89:41:9e:64:d9:b7:b8:50:d3:36:f3:
83:7a:6e:bc:c5:95:dd:41:67:a1:c0:15:52:30:44:
9a:8c:2e:84:d3:05:e8:93:d8:c1:88:f4:fe:e5:30:
42:cb:59:d9:4b:f9:fd:fc:f1:65:9e:35:1d:be:fc:
2f:c2:9b:07:7b:ae:1c:fb:b6:4a:2f:14:5c:9f:4d:
50:54:42:ff:5a:93:f0:31:ca:50:2d:9f:ca:b4:8f:
98:fe:91:6b:96:2b:a4:89:29:d5:b4:20:23:4a:39:
d5:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:AD:DE:2E:B7:5B:F7:7C:F8:57:AE:13:C3:42:86:8C:9B:CC:A2:C7
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/7q3eLrdb93z4V64Tw0KGjJvMosc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
91:b8:99:12:9f:78:13:0c:9c:11:3d:08:57:06:13:8e:ef:f9:
00:28:bf:79:50:24:24:f3:4f:c6:79:9b:07:a5:fb:37:76:c2:
b5:e8:23:8e:1c:06:6e:15:88:b4:3a:d8:63:cb:2b:f6:69:4f:
e8:4f:6e:d7:7a:a0:13:17:a8:ee:78:96:b0:4f:80:9f:38:25:
db:df:c7:8a:fa:dc:d1:27:c4:30:15:d0:0e:4c:8e:1f:02:f0:
26:4c:5a:69:5f:44:91:da:95:7f:96:00:0a:7c:4a:8d:74:ba:
9c:30:12:e8:f2:74:f0:e4:b9:0f:43:c8:ae:22:95:ae:9a:3e:
29:66:25:69:76:94:62:76:d7:39:b6:13:b8:1c:c4:46:9b:e2:
09:69:3d:96:db:1b:bf:1f:bd:4a:bf:b5:6d:a3:9b:30:3d:52:
fb:08:1b:ba:cc:43:3f:e9:f0:d8:37:1f:bc:9c:11:10:eb:c4:
f0:5f:4c:53:ff:c6:74:86:0c:ec:ef:2f:1f:ee:12:50:d3:0d:
b4:11:de:9f:2f:0e:89:51:05:a3:d9:bb:74:8c:2a:b9:89:05:
5e:4e:62:da:5d:ce:08:fd:d7:51:56:58:86:3a:23:5b:c3:ad:
58:0f:24:b8:b5:74:28:73:4a:8a:53:08:78:40:64:33:36:cb:
55:0c:02:e0
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcyYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDQw
OTE0NTlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEVFQURERTJFQjc1QkY3
N0NGODU3QUUxM0MzNDI4NjhDOUJDQ0EyQzcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDBBz0suG16AKFkOJNmMplsu7Z2P5Pbh3yq5O25UK0+0czNMc8c
Ap0OmFXmjDsbPtB5FO21GnBhF5gGzThn7ChGp0fYq7ZhOnvbqQ9sdVQ6mmhrdm22
lqDthoIxXzFOwyVZdAO51haTPtnA2ZH3PxRWoRl8T0d5L8dg+8HMN7E1zuGATQ2/
t2ujYuw+oUsyOfj5c7ojnXR/22KJQZ5k2be4UNM284N6brzFld1BZ6HAFVIwRJqM
LoTTBeiT2MGI9P7lMELLWdlL+f388WWeNR2+/C/Cmwd7rhz7tkovFFyfTVBUQv9a
k/AxylAtn8q0j5j+kWuWK6SJKdW0ICNKOdXFAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU7q3eLrdb93z4V64Tw0KGjJvMoscwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzdxM2VMcmRiOTN6NFY2
NFR3MEtHakp2TW9zYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCRuJkS
n3gTDJwRPQhXBhOO7/kAKL95UCQk80/GeZsHpfs3dsK16COOHAZuFYi0Othjyyv2
aU/oT27XeqATF6jueJawT4CfOCXb38eK+tzRJ8QwFdAOTI4fAvAmTFppX0SR2pV/
lgAKfEqNdLqcMBLo8nTw5LkPQ8iuIpWumj4pZiVpdpRidtc5thO4HMRGm+IJaT2W
2xu/H71Kv7Vto5swPVL7CBu6zEM/6fDYNx+8nBEQ68TwX0xT/8Z0hgzs7y8f7hJQ
0w20Ed6fLw6JUQWj2bt0jCq5iQVeTmLaXc4I/ddRVliGOiNbw61YDyS4tXQoc0qK
Uwh4QGQzNstVDALg
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:37:44 2025 by rpki-client