Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/91fl42tJdXHrFIgy0zzt-9UWX-Q.roa
File: 91fl42tJdXHrFIgy0zzt-9UWX-Q.roa (raw, json)
Hash identifier: /scWuLw7xntw9V+9V8wC40onWTzpio2Js+vVtXVTccE=
Subject key identifier: F7:57:E5:E3:6B:49:75:71:EB:14:88:32:D3:3C:ED:FB:D5:16:5F:E4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 755C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/91fl42tJdXHrFIgy0zzt-9UWX-Q.roa
Signing time: Thu 10 Jul 2025 06:48:15 +0000
ROA not before: Thu 10 Jul 2025 06:48:15 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30044 (0x755c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 10 06:48:15 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=F757E5E36B497571EB148832D33CEDFBD5165FE4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:54:6a:b8:be:1d:16:c9:39:18:d7:7c:fb:80:
45:74:8a:c8:1e:e2:5f:d1:47:f6:27:3b:b6:19:de:
7c:2c:a3:6c:e4:70:7d:38:f3:88:50:53:a4:9a:c9:
f0:27:a0:f2:a2:2f:e8:71:0f:df:64:b5:8e:4d:94:
2a:e0:c6:5f:14:75:fb:c4:72:b4:1e:1b:9d:46:8a:
22:4b:2c:5f:01:3a:59:e3:4d:59:be:b5:b5:75:1e:
e9:bf:26:f9:e4:f3:d3:d0:cf:e3:51:fa:d0:19:ca:
ef:33:b8:f5:42:06:8c:5c:95:7f:0c:04:f2:b5:fc:
43:45:48:17:89:d1:18:c2:c2:ef:1f:9a:a7:8a:72:
10:08:4e:c7:df:fd:88:28:89:ad:0b:66:36:1a:d1:
84:d7:5c:4c:9e:5f:2f:c1:cd:82:5b:43:69:7f:f6:
0d:1b:57:26:74:3e:13:ca:4c:f0:ac:92:37:b1:2d:
c0:c0:00:40:48:68:f9:06:05:a1:bc:9f:9d:cc:ff:
8a:54:c6:97:27:85:8e:d0:07:b2:4e:bd:d4:b6:a0:
46:36:33:97:fd:09:e8:51:41:09:07:79:c6:97:c5:
bd:34:3a:35:fa:77:17:0c:e0:c3:13:74:af:08:dc:
2a:d7:46:78:ea:0b:b1:38:f7:9c:ba:ba:ab:66:0b:
c0:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:57:E5:E3:6B:49:75:71:EB:14:88:32:D3:3C:ED:FB:D5:16:5F:E4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/91fl42tJdXHrFIgy0zzt-9UWX-Q.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
2e:0f:c8:df:34:0c:1f:a8:12:55:df:59:0d:26:a7:10:47:dc:
2e:c5:89:f9:16:64:a3:34:9e:cf:8d:04:8e:21:fe:73:34:7e:
17:96:21:e1:2a:42:4f:44:f2:53:4e:37:cd:aa:5d:45:09:b4:
a2:f4:de:d6:b3:c7:a3:a3:af:ea:d2:c2:ac:55:43:91:c7:cb:
7d:f7:84:67:2d:76:9f:1d:70:7e:46:e9:c2:a4:7e:6c:68:77:
08:03:0f:bd:93:4e:c1:f2:04:2d:16:67:11:f3:2e:3b:1e:7f:
31:0a:b9:31:cd:9a:76:66:f5:72:b8:ca:11:2d:fc:f7:81:03:
b0:e1:06:77:17:b5:92:87:29:20:24:76:77:1f:ce:be:4e:ae:
82:3e:56:d2:73:98:e8:9b:a1:9c:03:b3:a8:cb:4f:e2:a3:fa:
6a:8c:74:6d:2e:0f:0e:45:eb:e4:00:af:cd:24:3f:fe:a1:ee:
04:cb:30:31:79:0f:b9:7d:c4:f4:96:45:2d:fa:53:95:5d:de:
c8:6a:1d:16:2e:b5:50:fc:17:a2:6d:bd:df:08:94:dc:06:57:
f4:c9:6a:7c:32:bb:39:38:16:01:1e:6b:5a:e7:67:1a:aa:7c:
c9:14:5f:3e:a1:31:cf:51:ed:00:3c:0d:25:97:56:ed:e3:63:
57:87:9d:6a
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdVwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTAw
NjQ4MTVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEY3NTdFNUUzNkI0OTc1
NzFFQjE0ODgzMkQzM0NFREZCRDUxNjVGRTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDnVGq4vh0WyTkY13z7gEV0isge4l/RR/YnO7YZ3nwso2zkcH04
84hQU6SayfAnoPKiL+hxD99ktY5NlCrgxl8UdfvEcrQeG51GiiJLLF8BOlnjTVm+
tbV1Hum/Jvnk89PQz+NR+tAZyu8zuPVCBoxclX8MBPK1/ENFSBeJ0RjCwu8fmqeK
chAITsff/Ygoia0LZjYa0YTXXEyeXy/BzYJbQ2l/9g0bVyZ0PhPKTPCskjexLcDA
AEBIaPkGBaG8n53M/4pUxpcnhY7QB7JOvdS2oEY2M5f9CehRQQkHecaXxb00OjX6
dxcM4MMTdK8I3CrXRnjqC7E495y6uqtmC8CRAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU91fl42tJdXHrFIgy0zzt+9UWX+QwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzkxZmw0MnRKZFhIckZJ
Z3kwenp0LTlVV1gtUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAuD8jf
NAwfqBJV31kNJqcQR9wuxYn5FmSjNJ7PjQSOIf5zNH4XliHhKkJPRPJTTjfNql1F
CbSi9N7Ws8ejo6/q0sKsVUORx8t994RnLXafHXB+RunCpH5saHcIAw+9k07B8gQt
FmcR8y47Hn8xCrkxzZp2ZvVyuMoRLfz3gQOw4QZ3F7WShykgJHZ3H86+Tq6CPlbS
c5jom6GcA7Ooy0/io/pqjHRtLg8ORevkAK/NJD/+oe4EyzAxeQ+5fcT0lkUt+lOV
Xd7Iah0WLrVQ/Beibb3fCJTcBlf0yWp8Mrs5OBYBHmta52caqnzJFF8+oTHPUe0A
PA0ll1bt42NXh51q
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:54:43 2025 by rpki-client