Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Axfce3upNfvAa1bQ3Neq7OPaARM.roa
File: Axfce3upNfvAa1bQ3Neq7OPaARM.roa (raw, json)
Hash identifier: yfrI9mTNu1x3eBkke9QBkKrj3l5CHoVTEZbHa6hNYGk=
Subject key identifier: 03:17:DC:7B:7B:A9:35:FB:C0:6B:56:D0:DC:D7:AA:EC:E3:DA:01:13
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7702
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Axfce3upNfvAa1bQ3Neq7OPaARM.roa
Signing time: Mon 14 Jul 2025 16:41:56 +0000
ROA not before: Mon 14 Jul 2025 16:41:56 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30466 (0x7702)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 14 16:41:56 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=0317DC7B7BA935FBC06B56D0DCD7AAECE3DA0113
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f0:72:b1:14:a6:7c:51:39:bc:2b:b9:6b:23:29:
fa:48:dc:f2:62:e6:61:00:dd:ca:ee:56:d7:c0:81:
26:d4:58:22:d0:09:09:fa:c2:8f:26:6e:e5:54:3a:
5f:32:fd:50:3b:d8:c0:1a:bf:c3:19:9c:d0:db:46:
bc:bc:1a:1e:29:ef:50:be:d9:f8:00:ee:49:da:e9:
a8:29:6d:43:fc:1f:22:e7:03:da:06:27:12:69:03:
eb:b2:e7:83:f1:b0:b0:18:0e:9b:0e:d3:5d:22:72:
7c:97:1c:d4:a2:4b:1a:01:75:d7:0f:7b:02:dd:a6:
c9:3f:a4:3c:6d:a8:6f:a7:ab:dd:3f:3a:07:0d:c0:
59:86:f2:a1:6d:72:a8:a9:45:f7:93:0a:13:ab:a0:
f1:82:41:30:a4:8e:d9:5f:ec:77:83:68:02:18:c9:
c2:03:45:7b:28:99:f9:13:4b:8a:bf:9a:26:24:44:
22:1f:51:d9:a5:1f:63:d4:2f:6b:9a:55:70:cd:92:
25:d8:dd:0e:0a:b4:ab:2d:c3:3f:51:c0:8e:07:31:
96:a1:da:6b:1a:fc:57:ce:1a:75:9d:5d:52:7c:b1:
01:b2:f4:9b:4c:82:55:af:81:96:2a:a7:f6:e7:ea:
17:7e:75:b0:dd:b0:3b:28:b1:0a:3a:8c:a4:0f:32:
3a:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:17:DC:7B:7B:A9:35:FB:C0:6B:56:D0:DC:D7:AA:EC:E3:DA:01:13
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Axfce3upNfvAa1bQ3Neq7OPaARM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
17:f3:8f:28:4a:2f:b5:69:3a:70:1e:48:fc:96:05:dc:42:c4:
1e:b1:49:63:f7:46:2d:66:48:65:36:d0:0d:53:4b:aa:c0:71:
3f:5f:63:88:98:9f:a6:70:5e:0c:18:c4:8a:08:f9:36:fa:db:
94:9c:71:71:e1:50:7b:63:d4:b3:45:f3:d2:23:31:aa:ce:7f:
56:02:a3:c6:72:85:68:7d:28:9f:11:ad:5f:c0:60:b8:a9:08:
44:dd:ba:7b:0c:28:2d:e1:75:70:6a:e6:18:17:7e:9c:68:f8:
0d:2b:4f:25:c6:e4:cf:99:6f:23:82:2b:ad:43:5c:0c:27:fd:
b6:0d:49:d7:32:d7:d4:4b:1d:b9:89:b3:2d:64:24:03:7c:5d:
81:bd:4b:a0:83:c2:b6:bb:91:ef:c0:84:fc:fd:80:f0:c4:5d:
01:48:fc:52:6e:ff:29:24:34:dd:55:58:e5:c8:f9:69:42:26:
bb:e3:ed:27:2d:bc:bd:63:e3:6f:d9:cf:48:fa:7f:93:3f:f4:
3d:21:40:21:86:b0:b3:9d:82:f5:8d:97:a5:af:aa:63:47:0f:
85:fb:fa:34:ee:8f:36:45:a3:39:59:a1:66:11:75:fb:f0:6f:
f7:65:6b:13:22:ff:c6:07:a6:6a:ca:57:7e:8f:6f:5a:fe:ef:
f5:05:ad:27
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdwIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTQx
NjQxNTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDAzMTdEQzdCN0JBOTM1
RkJDMDZCNTZEMERDRDdBQUVDRTNEQTAxMTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDwcrEUpnxRObwruWsjKfpI3PJi5mEA3cruVtfAgSbUWCLQCQn6
wo8mbuVUOl8y/VA72MAav8MZnNDbRry8Gh4p71C+2fgA7kna6agpbUP8HyLnA9oG
JxJpA+uy54PxsLAYDpsO010icnyXHNSiSxoBddcPewLdpsk/pDxtqG+nq90/OgcN
wFmG8qFtcqipRfeTChOroPGCQTCkjtlf7HeDaAIYycIDRXsomfkTS4q/miYkRCIf
UdmlH2PUL2uaVXDNkiXY3Q4KtKstwz9RwI4HMZah2msa/FfOGnWdXVJ8sQGy9JtM
glWvgZYqp/bn6hd+dbDdsDsosQo6jKQPMjo7AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUAxfce3upNfvAa1bQ3Neq7OPaARMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0F4ZmNlM3VwTmZ2QWEx
YlEzTmVxN09QYUFSTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAX848o
Si+1aTpwHkj8lgXcQsQesUlj90YtZkhlNtANU0uqwHE/X2OImJ+mcF4MGMSKCPk2
+tuUnHFx4VB7Y9SzRfPSIzGqzn9WAqPGcoVofSifEa1fwGC4qQhE3bp7DCgt4XVw
auYYF36caPgNK08lxuTPmW8jgiutQ1wMJ/22DUnXMtfUSx25ibMtZCQDfF2BvUug
g8K2u5HvwIT8/YDwxF0BSPxSbv8pJDTdVVjlyPlpQia74+0nLby9Y+Nv2c9I+n+T
P/Q9IUAhhrCznYL1jZelr6pjRw+F+/o07o82RaM5WaFmEXX78G/3ZWsTIv/GB6Zq
yld+j29a/u/1Ba0n
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:32:05 2025 by rpki-client