Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/BX9wG0805u76ftfukqenIS-IJ38.roa
File: BX9wG0805u76ftfukqenIS-IJ38.roa (raw, json)
Hash identifier: Zk+piA/dUPstRkgieu2FD6Gv3/CeeLfeKpMYk11LEFE=
Subject key identifier: 05:7F:70:1B:4F:34:E6:EE:FA:7E:D7:EE:92:A7:A7:21:2F:88:27:7F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 791C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/BX9wG0805u76ftfukqenIS-IJ38.roa
Signing time: Sun 20 Jul 2025 07:12:06 +0000
ROA not before: Sun 20 Jul 2025 07:12:06 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 31004 (0x791c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 20 07:12:06 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=057F701B4F34E6EEFA7ED7EE92A7A7212F88277F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:cf:0c:83:b8:53:a8:bf:d7:ae:c0:78:9c:5c:
16:fd:54:35:2f:1b:d8:45:56:55:50:36:06:cc:0b:
6f:e6:2e:d0:1d:fe:93:ed:9b:4f:88:21:fe:03:91:
1b:75:fb:e5:89:fb:94:19:e7:55:07:47:9d:d2:26:
5e:66:74:66:e4:59:db:75:52:ff:1d:09:33:8a:ba:
ec:9d:d8:8d:2d:91:56:83:c0:4b:b5:08:8a:f3:dc:
4d:53:89:f6:6c:ff:ad:fd:e6:14:10:6a:d0:fc:d8:
ef:22:67:8d:0e:e7:98:1d:4f:06:83:97:4c:a3:f0:
6b:9e:fb:29:03:1a:fb:00:3a:a4:64:d0:18:cb:a1:
42:95:64:cd:c3:2b:66:1f:20:0b:3f:f1:2b:c6:f1:
5b:a2:f4:b6:be:14:88:eb:f3:75:c7:51:92:5c:26:
11:10:b5:ac:40:c0:dc:1d:4c:d9:03:2b:af:3d:d1:
ad:94:4d:7c:93:62:12:2f:7a:5e:82:21:f9:e9:7a:
62:c8:14:30:c5:89:ec:72:bf:38:13:85:57:82:80:
22:d6:0a:33:94:88:20:12:e6:ef:39:9f:15:60:7d:
b1:58:f7:32:f8:8c:69:48:23:25:30:4a:8d:bd:c5:
12:a0:7b:9a:d0:ab:ce:53:ab:43:dd:1d:94:98:33:
46:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:7F:70:1B:4F:34:E6:EE:FA:7E:D7:EE:92:A7:A7:21:2F:88:27:7F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/BX9wG0805u76ftfukqenIS-IJ38.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
13:48:b0:51:c9:04:d5:86:b4:d6:da:58:06:11:cd:85:e1:7d:
65:52:7b:42:a6:d2:f4:6d:75:4d:6a:b7:a5:9c:4c:b0:a1:e3:
98:f0:9a:f6:26:55:34:8d:d4:58:3e:15:ee:79:bf:7e:9a:93:
b5:4b:fa:3d:0a:56:7b:7f:59:03:36:d7:46:3d:40:a2:06:7d:
22:f9:f1:fe:75:28:de:94:25:27:1e:36:72:f4:e8:08:c2:b2:
e3:bf:5a:c7:f4:a9:32:4e:90:f9:02:18:ff:54:bf:ea:98:88:
d1:be:ff:ab:fc:5c:4f:e4:57:ed:87:49:56:80:ed:c3:0d:ac:
84:c0:d8:2b:31:98:e9:13:40:3e:84:db:a4:39:1d:e1:da:17:
48:f8:a9:c0:1d:cc:2e:1f:f7:26:cb:12:35:9c:a0:2e:44:40:
19:da:36:32:64:9b:bc:bd:65:a6:45:62:7f:b0:08:56:64:ea:
d9:04:7d:fa:3a:60:db:9d:1f:13:f3:96:a5:22:7d:6a:82:c1:
49:47:3b:eb:fd:43:44:0b:82:a5:28:a3:6d:d0:7b:d4:a6:b2:
35:20:c5:f7:fa:bb:c2:46:a0:a4:00:65:4c:11:1b:f1:44:b3:
17:d0:d7:d8:44:4a:93:fb:ff:9f:36:33:b4:a4:9a:79:dd:48:
e9:c6:cf:cf
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeRwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MjAw
NzEyMDZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDA1N0Y3MDFCNEYzNEU2
RUVGQTdFRDdFRTkyQTdBNzIxMkY4ODI3N0YwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDHzwyDuFOov9euwHicXBb9VDUvG9hFVlVQNgbMC2/mLtAd/pPt
m0+IIf4DkRt1++WJ+5QZ51UHR53SJl5mdGbkWdt1Uv8dCTOKuuyd2I0tkVaDwEu1
CIrz3E1TifZs/6395hQQatD82O8iZ40O55gdTwaDl0yj8Gue+ykDGvsAOqRk0BjL
oUKVZM3DK2YfIAs/8SvG8Vui9La+FIjr83XHUZJcJhEQtaxAwNwdTNkDK6890a2U
TXyTYhIvel6CIfnpemLIFDDFiexyvzgThVeCgCLWCjOUiCAS5u85nxVgfbFY9zL4
jGlIIyUwSo29xRKge5rQq85Tq0PdHZSYM0Z3AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUBX9wG0805u76ftfukqenIS+IJ38wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0JYOXdHMDgwNXU3NmZ0
ZnVrcWVuSVMtSUozOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQATSLBR
yQTVhrTW2lgGEc2F4X1lUntCptL0bXVNarelnEywoeOY8Jr2JlU0jdRYPhXueb9+
mpO1S/o9ClZ7f1kDNtdGPUCiBn0i+fH+dSjelCUnHjZy9OgIwrLjv1rH9KkyTpD5
Ahj/VL/qmIjRvv+r/FxP5Ffth0lWgO3DDayEwNgrMZjpE0A+hNukOR3h2hdI+KnA
HcwuH/cmyxI1nKAuREAZ2jYyZJu8vWWmRWJ/sAhWZOrZBH36OmDbnR8T85alIn1q
gsFJRzvr/UNEC4KlKKNt0HvUprI1IMX3+rvCRqCkAGVMERvxRLMX0NfYREqT+/+f
NjO0pJp53Ujpxs/P
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:51:29 2025 by rpki-client