Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/BmVay3PubKZBLj5uCWbxJKrzpdY.roa
File: BmVay3PubKZBLj5uCWbxJKrzpdY.roa (raw, json)
Hash identifier: 95bYeq1A22R3HAXgfPO64v8a6/rs6+oSGoTKhnWZ0LA=
Subject key identifier: 06:65:5A:CB:73:EE:6C:A6:41:2E:3E:6E:09:66:F1:24:AA:F3:A5:D6
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7098
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/BmVay3PubKZBLj5uCWbxJKrzpdY.roa
Signing time: Fri 27 Jun 2025 13:44:52 +0000
ROA not before: Fri 27 Jun 2025 13:44:52 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28824 (0x7098)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 27 13:44:52 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=06655ACB73EE6CA6412E3E6E0966F124AAF3A5D6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:45:ac:78:a5:52:b1:12:38:ae:a7:0b:bd:59:
97:bc:32:6d:94:97:d0:c6:24:cd:92:0d:d2:f9:e7:
0a:c6:84:33:b7:83:43:54:9a:88:73:82:6e:94:11:
d1:4e:54:6d:22:c1:b8:8e:64:bc:7a:0d:26:68:92:
68:7a:b7:2d:3f:91:f5:d3:78:4d:17:4e:c5:e9:73:
f5:e8:74:11:a0:1f:6a:d6:88:c5:d1:d0:95:6f:87:
e2:b5:09:25:11:27:a0:4e:27:f6:84:94:84:fc:b3:
fd:e2:8f:2f:9c:fb:fe:f8:b8:61:c6:95:26:b7:45:
56:3b:87:ad:9f:8f:a3:54:7c:a7:9d:0b:19:b8:2c:
af:e2:a3:4b:07:2f:2c:2e:1f:83:04:cb:f8:86:e3:
9d:a0:54:57:d8:57:95:0b:92:d7:e8:4c:b9:ce:26:
5c:26:61:f5:e4:47:03:a9:be:cd:24:17:8d:92:78:
d2:3a:0d:34:f5:0c:ba:4a:59:15:3a:ee:d1:2a:d0:
e8:07:08:19:11:e8:da:b3:03:89:d8:f2:55:4d:b3:
bd:cf:ca:1c:2b:31:f5:2d:48:05:f5:ee:a3:b5:18:
9f:70:64:6a:2b:b6:80:e6:74:52:0c:44:4f:8a:68:
a1:26:2f:28:d7:4b:2d:07:27:de:76:2c:58:74:f4:
86:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:65:5A:CB:73:EE:6C:A6:41:2E:3E:6E:09:66:F1:24:AA:F3:A5:D6
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/BmVay3PubKZBLj5uCWbxJKrzpdY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
11:bc:99:d8:40:dc:b1:cc:54:ab:77:9d:71:53:93:b7:0f:62:
7f:d4:6a:97:30:49:5e:95:80:38:58:d9:37:d2:a7:4c:64:4c:
f0:56:c1:23:d1:fa:4e:9b:e6:a4:9e:3b:e6:8d:5c:f7:c5:45:
bd:74:22:a3:fa:c3:ba:29:ea:b5:27:4f:7d:bc:a8:3d:1e:ed:
c5:c0:4c:ac:89:8e:a4:22:f9:98:8b:70:25:ba:96:ae:ab:a1:
fa:cb:de:1d:75:50:41:16:7b:a7:9b:29:6d:79:b6:4b:c9:30:
15:2f:66:3a:04:2b:30:40:54:20:35:79:81:68:47:90:7c:7c:
59:78:01:d8:c2:fb:5c:54:25:87:26:e7:3f:ec:26:1a:99:40:
6e:11:f4:f7:07:fa:4a:d2:bd:1e:3e:09:c1:62:35:9d:fc:8f:
e3:7a:b4:5a:45:93:86:ce:5f:07:62:a1:ad:e8:5d:53:71:d2:
22:7a:2b:3d:fd:d6:dd:a2:9c:01:40:e1:67:35:49:79:65:d4:
e9:06:36:a0:17:ff:b6:27:57:71:fb:38:c7:8c:f4:bc:9a:99:
2f:67:6b:06:99:49:da:d5:7d:84:c7:92:8d:1c:52:d9:8c:8b:
e4:c6:93:82:f7:24:d1:39:ee:39:07:a5:cd:28:2c:15:7c:98:
6e:b8:6c:61
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcJgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2Mjcx
MzQ0NTJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDA2NjU1QUNCNzNFRTZD
QTY0MTJFM0U2RTA5NjZGMTI0QUFGM0E1RDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDERax4pVKxEjiupwu9WZe8Mm2Ul9DGJM2SDdL55wrGhDO3g0NU
mohzgm6UEdFOVG0iwbiOZLx6DSZokmh6ty0/kfXTeE0XTsXpc/XodBGgH2rWiMXR
0JVvh+K1CSURJ6BOJ/aElIT8s/3ijy+c+/74uGHGlSa3RVY7h62fj6NUfKedCxm4
LK/io0sHLywuH4MEy/iG452gVFfYV5ULktfoTLnOJlwmYfXkRwOpvs0kF42SeNI6
DTT1DLpKWRU67tEq0OgHCBkR6NqzA4nY8lVNs73PyhwrMfUtSAX17qO1GJ9wZGor
toDmdFIMRE+KaKEmLyjXSy0HJ952LFh09IZ3AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUBmVay3PubKZBLj5uCWbxJKrzpdYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0JtVmF5M1B1YktaQkxq
NXVDV2J4SktyenBkWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQARvJnY
QNyxzFSrd51xU5O3D2J/1GqXMElelYA4WNk30qdMZEzwVsEj0fpOm+aknjvmjVz3
xUW9dCKj+sO6Keq1J099vKg9Hu3FwEysiY6kIvmYi3Alupauq6H6y94ddVBBFnun
myltebZLyTAVL2Y6BCswQFQgNXmBaEeQfHxZeAHYwvtcVCWHJuc/7CYamUBuEfT3
B/pK0r0ePgnBYjWd/I/jerRaRZOGzl8HYqGt6F1TcdIieis9/dbdopwBQOFnNUl5
ZdTpBjagF/+2J1dx+zjHjPS8mpkvZ2sGmUna1X2Ex5KNHFLZjIvkxpOC9yTROe45
B6XNKCwVfJhuuGxh
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:52:31 2025 by rpki-client