Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/8WRyLHPKSPkR_jUHN1Fbm3gmhRE.roa
File: 8WRyLHPKSPkR_jUHN1Fbm3gmhRE.roa (raw, json)
Hash identifier: iqND0xkNrl3GbU5yUd4dFTZnv/lSZYBNhxC3HEQOz08=
Subject key identifier: F1:64:72:2C:73:CA:48:F9:11:FE:35:07:37:51:5B:9B:78:26:85:11
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7734
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8WRyLHPKSPkR_jUHN1Fbm3gmhRE.roa
Signing time: Tue 15 Jul 2025 05:11:47 +0000
ROA not before: Tue 15 Jul 2025 05:11:47 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30516 (0x7734)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 15 05:11:47 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=F164722C73CA48F911FE350737515B9B78268511
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:5d:9a:0a:c9:f0:df:43:72:28:25:cd:78:8c:
88:35:fc:30:d7:fa:6e:6c:bd:45:c0:94:9d:0b:cf:
53:73:d0:8c:5c:b6:2b:92:bc:c7:a2:07:2f:e4:d1:
d5:d6:90:c3:e0:70:8b:84:53:60:51:6a:62:b5:39:
e9:9f:04:e0:e9:a3:e0:dd:3b:50:fb:bf:85:af:cc:
49:50:98:c8:91:fa:ae:bb:85:78:f9:d3:9c:73:0f:
8e:08:c3:60:a1:9d:1e:db:e1:c7:96:8c:ae:b9:6c:
2e:6a:64:fc:c5:8a:ad:41:15:cf:cf:46:49:ac:9d:
38:56:d4:1d:8c:72:91:8a:3b:55:a3:ac:d4:ce:e1:
2e:f5:8c:7d:a1:47:1f:f7:be:de:46:c2:db:4d:5a:
83:d8:b4:ee:84:14:d5:cc:fd:84:4e:65:e0:3e:4f:
18:4c:2f:51:b0:ea:ad:74:32:04:00:5b:72:4c:62:
9d:18:fa:f7:03:95:ce:d8:0b:c7:2f:3c:37:63:17:
04:c8:32:d5:02:e7:f2:81:ab:a3:66:e2:bc:8c:ba:
0f:01:f0:a8:d1:d9:32:a7:15:b7:51:be:34:88:9d:
df:19:b4:48:d1:eb:a0:ed:cc:43:fc:a1:bd:74:62:
1a:b7:51:d8:25:f9:87:41:a1:82:26:7b:d3:b2:f2:
21:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:64:72:2C:73:CA:48:F9:11:FE:35:07:37:51:5B:9B:78:26:85:11
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8WRyLHPKSPkR_jUHN1Fbm3gmhRE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
73:a0:b5:d5:0b:48:bd:e2:a4:6c:69:d8:3f:c3:ae:ee:6b:48:
11:99:3e:60:37:70:3c:1b:66:5f:7e:ea:e6:d3:b6:6a:cc:9f:
74:9d:3b:24:a9:e1:84:05:24:5d:5c:58:cf:4d:0d:74:7f:cc:
d1:17:b4:41:90:18:a2:2d:e3:4a:18:7e:28:8b:c9:0c:6f:71:
77:93:54:58:56:77:cd:63:f9:98:8e:aa:16:92:94:88:0f:f4:
d1:9d:d6:57:84:66:9c:42:5c:2d:84:ae:89:81:b8:7d:87:68:
1d:93:63:79:a1:e3:fd:f0:23:fe:22:a6:16:cb:ea:d8:b7:0e:
c3:c5:99:5e:0f:5e:24:cf:e6:15:17:07:c9:91:26:3f:00:d6:
a2:4c:ce:a1:05:3c:02:3e:d7:5c:da:e1:83:ad:48:d8:1a:66:
e4:d1:db:e7:47:ba:f3:ce:9d:2f:dc:0d:46:e6:fd:f7:98:74:
85:b2:70:41:83:9e:1d:b8:18:12:4f:38:ca:a8:e8:46:e3:15:
61:ae:96:f6:8f:72:e1:db:c0:a7:b0:46:23:6e:11:f1:87:86:
42:08:b5:ed:ff:fe:4d:9a:d8:24:64:bb:ab:e1:26:83:87:51:
b6:30:ed:f7:b0:70:07:bf:58:7c:a2:d6:d1:dc:24:1d:99:bf:
85:03:21:1e
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdzQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTUw
NTExNDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEYxNjQ3MjJDNzNDQTQ4
RjkxMUZFMzUwNzM3NTE1QjlCNzgyNjg1MTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDfXZoKyfDfQ3IoJc14jIg1/DDX+m5svUXAlJ0Lz1Nz0IxctiuS
vMeiBy/k0dXWkMPgcIuEU2BRamK1OemfBODpo+DdO1D7v4WvzElQmMiR+q67hXj5
05xzD44Iw2ChnR7b4ceWjK65bC5qZPzFiq1BFc/PRkmsnThW1B2McpGKO1WjrNTO
4S71jH2hRx/3vt5GwttNWoPYtO6EFNXM/YROZeA+TxhML1Gw6q10MgQAW3JMYp0Y
+vcDlc7YC8cvPDdjFwTIMtUC5/KBq6Nm4ryMug8B8KjR2TKnFbdRvjSInd8ZtEjR
66DtzEP8ob10Yhq3Udgl+YdBoYIme9Oy8iH/AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU8WRyLHPKSPkR/jUHN1Fbm3gmhREwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzhXUnlMSFBLU1BrUl9q
VUhOMUZibTNnbWhSRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBzoLXV
C0i94qRsadg/w67ua0gRmT5gN3A8G2Zffurm07ZqzJ90nTskqeGEBSRdXFjPTQ10
f8zRF7RBkBiiLeNKGH4oi8kMb3F3k1RYVnfNY/mYjqoWkpSID/TRndZXhGacQlwt
hK6Jgbh9h2gdk2N5oeP98CP+IqYWy+rYtw7DxZleD14kz+YVFwfJkSY/ANaiTM6h
BTwCPtdc2uGDrUjYGmbk0dvnR7rzzp0v3A1G5v33mHSFsnBBg54duBgSTzjKqOhG
4xVhrpb2j3Lh28CnsEYjbhHxh4ZCCLXt//5NmtgkZLur4SaDh1G2MO33sHAHv1h8
otbR3CQdmb+FAyEe
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:35:58 2025 by rpki-client