Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/AIQs9_dwS6YT_3A9Ex-7CmDgRYk.roa
File: AIQs9_dwS6YT_3A9Ex-7CmDgRYk.roa (raw, json)
Hash identifier: 3SSwx0VC7+rC1cMEY2TwqUleRtk5FKjf142lra21+LY=
Subject key identifier: 00:84:2C:F7:F7:70:4B:A6:13:FF:70:3D:13:1F:BB:0A:60:E0:45:89
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7674
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/AIQs9_dwS6YT_3A9Ex-7CmDgRYk.roa
Signing time: Sun 13 Jul 2025 05:11:40 +0000
ROA not before: Sun 13 Jul 2025 05:11:40 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30324 (0x7674)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 13 05:11:40 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=00842CF7F7704BA613FF703D131FBB0A60E04589
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:ae:f6:3b:13:52:9d:49:e2:ee:cc:48:39:f1:
cb:1b:98:b6:d5:fb:2a:4e:66:84:07:74:f5:e3:04:
8e:43:c5:b8:12:7c:2a:fe:1f:14:ed:d9:10:e0:21:
0b:be:70:f6:7d:0c:63:da:fe:7b:25:a8:b6:84:f0:
f8:32:d9:16:d6:10:17:5e:1f:8d:fd:bc:9c:cb:ed:
aa:b8:e6:70:9d:3c:f9:7f:34:71:3b:db:a8:0e:2c:
fd:ab:4c:ac:6b:fc:4b:e8:72:91:7e:80:78:9f:89:
53:13:b3:26:a1:90:7c:65:bd:f0:7b:ac:8c:e6:6f:
fc:80:e5:52:c7:c0:fd:54:3b:b5:fc:40:e9:d4:04:
cb:4d:e7:06:8f:78:1c:93:62:fe:29:bc:b6:b5:e6:
1b:18:f2:89:c6:53:95:27:88:34:84:4b:12:09:c7:
55:bc:57:36:7b:b6:b0:43:2b:b1:06:0b:52:56:4e:
de:91:ed:53:0f:30:e6:7e:65:1e:a5:14:70:f7:ff:
91:94:46:46:18:a1:64:f1:fc:e4:fd:98:95:2e:fb:
a3:85:f5:3c:bb:fd:b9:4f:fc:ca:b3:15:ce:3d:e3:
6d:cc:85:be:b9:35:03:83:b2:7f:c1:ee:f9:f3:fa:
19:ab:a1:af:e8:5a:ef:6d:28:eb:c7:8e:01:c4:95:
5c:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:84:2C:F7:F7:70:4B:A6:13:FF:70:3D:13:1F:BB:0A:60:E0:45:89
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/AIQs9_dwS6YT_3A9Ex-7CmDgRYk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
b0:d3:dd:32:32:f1:33:a6:16:d3:51:8a:35:43:f3:7f:4e:ce:
7a:da:25:e1:ce:64:b7:ca:29:f6:59:ee:07:86:ae:6a:61:03:
5f:bf:97:04:62:1f:b2:56:6b:b3:8d:28:da:21:96:00:79:1d:
0f:7f:c1:d4:13:85:c0:ee:9f:fa:2d:3d:03:91:05:cb:fe:5b:
22:32:e2:b2:79:fd:8f:5a:f4:9b:f2:ce:36:a2:3f:50:36:31:
4f:db:88:81:ad:bc:54:85:75:13:9c:ad:51:9f:71:eb:0c:35:
32:29:5b:24:83:f3:f6:52:37:43:1a:e7:ab:3b:b4:f1:ff:0c:
18:64:69:c3:4f:16:9f:25:08:cb:7a:7e:e6:4e:02:a0:3c:13:
3e:e3:0d:70:c1:58:3e:83:17:95:72:65:ef:78:53:27:0a:c5:
f6:d9:9f:0d:9d:12:de:b4:d6:ce:74:6f:9f:0a:3d:7e:47:12:
1f:5c:62:1a:84:7e:bd:c0:3c:93:ca:8d:49:bc:6f:0d:b9:ee:
67:f4:b7:78:81:a4:21:60:b9:78:07:2f:8b:a5:8a:05:e1:1c:
81:7b:0b:3e:ba:bb:14:0c:0e:8a:a1:d7:c1:f6:bd:a8:a1:5d:
c5:0a:e8:ff:99:db:88:6b:e4:e1:60:50:f7:1b:15:af:b6:91:
29:d1:bf:e4
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdnQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTMw
NTExNDBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDAwODQyQ0Y3Rjc3MDRC
QTYxM0ZGNzAzRDEzMUZCQjBBNjBFMDQ1ODkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC4rvY7E1KdSeLuzEg58csbmLbV+ypOZoQHdPXjBI5DxbgSfCr+
HxTt2RDgIQu+cPZ9DGPa/nslqLaE8Pgy2RbWEBdeH439vJzL7aq45nCdPPl/NHE7
26gOLP2rTKxr/EvocpF+gHifiVMTsyahkHxlvfB7rIzmb/yA5VLHwP1UO7X8QOnU
BMtN5waPeByTYv4pvLa15hsY8onGU5UniDSESxIJx1W8VzZ7trBDK7EGC1JWTt6R
7VMPMOZ+ZR6lFHD3/5GURkYYoWTx/OT9mJUu+6OF9Ty7/blP/MqzFc49423Mhb65
NQODsn/B7vnz+hmroa/oWu9tKOvHjgHElVxzAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUAIQs9/dwS6YT/3A9Ex+7CmDgRYkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0FJUXM5X2R3UzZZVF8z
QTlFeC03Q21EZ1JZay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCw090y
MvEzphbTUYo1Q/N/Ts562iXhzmS3yin2We4Hhq5qYQNfv5cEYh+yVmuzjSjaIZYA
eR0Pf8HUE4XA7p/6LT0DkQXL/lsiMuKyef2PWvSb8s42oj9QNjFP24iBrbxUhXUT
nK1Rn3HrDDUyKVskg/P2UjdDGuerO7Tx/wwYZGnDTxafJQjLen7mTgKgPBM+4w1w
wVg+gxeVcmXveFMnCsX22Z8NnRLetNbOdG+fCj1+RxIfXGIahH69wDyTyo1JvG8N
ue5n9Ld4gaQhYLl4By+LpYoF4RyBews+ursUDA6KodfB9r2ooV3FCuj/mduIa+Th
YFD3GxWvtpEp0b/k
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:55:55 2025 by rpki-client