Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/BcnwIZIP9JTuWckR83o2gYVKYKQ.roa
File: BcnwIZIP9JTuWckR83o2gYVKYKQ.roa (raw, json)
Hash identifier: qAWA8NXTZidCMJjn2A3N+o74zyckgqxhMidrapGUffs=
Subject key identifier: 05:C9:F0:21:92:0F:F4:94:EE:59:C9:11:F3:7A:36:81:85:4A:60:A4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 78E6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/BcnwIZIP9JTuWckR83o2gYVKYKQ.roa
Signing time: Sat 19 Jul 2025 17:42:15 +0000
ROA not before: Sat 19 Jul 2025 17:42:15 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30950 (0x78e6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 19 17:42:15 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=05C9F021920FF494EE59C911F37A3681854A60A4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:d5:ed:e0:4d:1c:ec:fd:3c:69:ff:e2:3e:ef:
54:48:dd:1a:21:e7:42:ce:3f:bc:54:0e:fc:b4:9d:
3f:42:c4:03:0d:a9:4e:34:af:e3:d0:8e:79:12:f2:
c5:61:b2:fa:a0:17:9b:03:68:c1:55:4f:88:78:b3:
c3:fc:40:80:1d:1b:b1:8d:67:1b:f6:f1:a4:ba:fc:
00:9b:7c:b9:12:85:8b:a2:b5:78:df:df:ac:86:da:
2e:26:f7:43:eb:b9:d3:e6:98:41:8e:31:0d:36:bf:
6b:32:de:a6:a3:8b:05:55:dd:94:bc:68:7c:a9:54:
ff:b9:39:5e:db:e2:6d:78:c1:e7:e2:23:8e:11:e4:
29:03:95:82:20:d1:c4:a8:21:e3:a4:f5:fa:5c:85:
56:10:93:d5:55:13:c8:46:cc:69:e9:c0:ca:65:98:
eb:59:98:48:ac:47:a5:5c:00:5d:3a:8c:e5:47:91:
9b:50:e5:a5:f9:cf:13:a6:4c:62:63:1f:86:a4:61:
ef:9c:98:3e:54:28:75:2b:84:2c:dd:cd:b5:b3:2b:
bf:31:ea:20:98:1a:3b:66:59:42:80:a9:1f:9c:52:
11:8b:cc:df:c3:b2:4e:60:2a:b5:a2:e3:08:54:0e:
b9:42:54:14:8d:22:b1:eb:af:d9:44:19:2e:69:2c:
a4:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:C9:F0:21:92:0F:F4:94:EE:59:C9:11:F3:7A:36:81:85:4A:60:A4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/BcnwIZIP9JTuWckR83o2gYVKYKQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
67:49:a6:77:76:98:ce:12:cb:cc:74:13:8b:cb:5c:11:cf:76:
c9:27:c8:24:48:62:0d:f0:67:56:ea:26:26:4b:bd:31:97:9c:
dd:bc:2b:90:27:34:bf:13:f5:55:7e:d7:c6:c3:6b:20:47:b6:
a4:e7:7a:da:30:22:b6:b3:62:59:8d:81:7d:b7:33:51:81:bf:
5a:52:9e:d1:10:87:38:bd:b7:6b:3d:d0:67:2c:5e:6f:27:ed:
27:32:bc:b1:d4:df:3f:6e:b3:51:0b:94:b3:06:d5:02:19:8f:
31:29:9e:4e:66:35:44:f3:06:25:c4:c4:24:35:0e:cd:05:a4:
96:f7:c4:79:de:0e:bb:07:9e:e7:73:92:dd:80:bb:ea:9a:3f:
13:28:ae:2d:f1:24:f4:af:0d:24:82:72:bb:74:9b:af:25:b5:
15:70:86:07:16:d2:ae:3c:bc:d2:14:61:57:0d:2f:2e:a3:c9:
bf:e7:28:06:5b:29:3f:cb:d2:6c:9b:27:b7:78:64:c2:3a:7f:
d5:6c:1d:cb:cb:d0:0c:68:c0:e9:ad:35:f5:e8:25:62:5b:57:
e2:d2:32:a5:b5:8d:37:83:81:bf:3d:5e:01:60:b9:9d:25:55:
2f:a8:e3:d2:7f:0d:fa:c1:47:0e:fc:ff:21:2b:2c:48:42:54:
67:9e:44:4d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeOYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTkx
NzQyMTVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDA1QzlGMDIxOTIwRkY0
OTRFRTU5QzkxMUYzN0EzNjgxODU0QTYwQTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCv1e3gTRzs/Txp/+I+71RI3Roh50LOP7xUDvy0nT9CxAMNqU40
r+PQjnkS8sVhsvqgF5sDaMFVT4h4s8P8QIAdG7GNZxv28aS6/ACbfLkShYuitXjf
36yG2i4m90PrudPmmEGOMQ02v2sy3qajiwVV3ZS8aHypVP+5OV7b4m14wefiI44R
5CkDlYIg0cSoIeOk9fpchVYQk9VVE8hGzGnpwMplmOtZmEisR6VcAF06jOVHkZtQ
5aX5zxOmTGJjH4akYe+cmD5UKHUrhCzdzbWzK78x6iCYGjtmWUKAqR+cUhGLzN/D
sk5gKrWi4whUDrlCVBSNIrHrr9lEGS5pLKSjAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUBcnwIZIP9JTuWckR83o2gYVKYKQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0JjbndJWklQOUpUdVdj
a1I4M28yZ1lWS1lLUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBnSaZ3
dpjOEsvMdBOLy1wRz3bJJ8gkSGIN8GdW6iYmS70xl5zdvCuQJzS/E/VVftfGw2sg
R7ak53raMCK2s2JZjYF9tzNRgb9aUp7REIc4vbdrPdBnLF5vJ+0nMryx1N8/brNR
C5SzBtUCGY8xKZ5OZjVE8wYlxMQkNQ7NBaSW98R53g67B57nc5LdgLvqmj8TKK4t
8ST0rw0kgnK7dJuvJbUVcIYHFtKuPLzSFGFXDS8uo8m/5ygGWyk/y9Jsmye3eGTC
On/VbB3Ly9AMaMDprTX16CViW1fi0jKltY03g4G/PV4BYLmdJVUvqOPSfw36wUcO
/P8hKyxIQlRnnkRN
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:38:32 2025 by rpki-client