Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/DIfLxfroiwrNm2Kcm78Umi28mJE.roa
File: DIfLxfroiwrNm2Kcm78Umi28mJE.roa (raw, json)
Hash identifier: fI1BRgmP2yiscvGyAM7P0mIOi2f3YKHOLDTvH8W2pTc=
Subject key identifier: 0C:87:CB:C5:FA:E8:8B:0A:CD:9B:62:9C:9B:BF:14:9A:2D:BC:98:91
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7332
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/DIfLxfroiwrNm2Kcm78Umi28mJE.roa
Signing time: Fri 04 Jul 2025 12:14:52 +0000
ROA not before: Fri 04 Jul 2025 12:14:52 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29490 (0x7332)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 4 12:14:52 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=0C87CBC5FAE88B0ACD9B629C9BBF149A2DBC9891
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:c5:0e:a7:41:a4:a5:d0:19:97:cc:9d:1e:d5:
d3:84:c7:c3:79:0c:12:77:c5:2f:64:06:2d:03:8b:
e9:93:c9:45:d2:a9:03:cd:72:f3:a9:eb:bf:c6:56:
8a:77:3d:45:36:01:01:5c:bf:47:b9:ad:5c:9c:85:
71:13:c5:9f:de:c0:d7:3d:09:fb:8e:3b:be:86:97:
96:fc:c1:00:25:f9:f6:58:71:b9:46:c1:c3:80:05:
41:5b:af:cc:e2:f3:6d:b1:63:97:98:af:ca:77:42:
6a:a0:e5:7c:4e:28:6f:e7:1b:8f:eb:67:17:d7:f9:
6c:6b:38:86:5f:fa:27:91:a0:35:77:ed:a3:68:f7:
d2:c6:33:bb:a5:45:b5:f2:d5:51:1f:67:19:47:66:
fd:c6:88:78:e5:47:64:25:ed:57:2d:bf:83:ef:cf:
25:19:be:e5:d6:59:bf:6e:05:a6:2f:3c:58:ad:b9:
71:f4:5b:43:46:41:fa:53:72:33:d7:00:2c:bf:f6:
77:23:b1:6f:0c:aa:f3:ed:2f:dd:21:15:77:40:52:
b4:d8:6b:33:6b:8f:13:2d:df:ac:27:fb:5b:f9:a1:
dc:ad:7c:b2:63:9e:02:39:96:9f:e9:b2:e1:3d:f7:
0f:38:80:02:a4:bd:7a:ec:37:f4:43:84:f2:60:fb:
fe:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:87:CB:C5:FA:E8:8B:0A:CD:9B:62:9C:9B:BF:14:9A:2D:BC:98:91
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/DIfLxfroiwrNm2Kcm78Umi28mJE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
84:99:4e:16:d0:9a:d4:89:03:df:b8:1e:3a:d4:8a:ae:59:b3:
74:00:8a:64:98:50:d2:d9:41:7a:8c:a0:88:3c:af:fb:a2:4a:
0f:7b:e3:2d:92:02:2d:fb:5c:14:62:1a:7e:ff:77:0d:9a:9d:
79:1b:90:7b:95:56:73:d4:7b:e3:18:84:8e:3f:35:00:a3:7c:
ab:5e:e5:82:71:b1:46:b7:ee:b8:e9:5f:a2:76:c7:24:f1:4e:
b0:9b:12:6c:ea:87:1b:1b:47:60:8a:bd:98:75:6d:9b:46:d2:
fd:d6:13:54:f0:e7:a6:19:e3:06:c9:53:0d:0e:3d:85:43:9b:
ff:db:5f:95:b5:3e:7c:74:45:39:b0:2d:dc:13:75:ce:5d:d9:
96:bb:7f:aa:f2:84:64:63:3c:ad:12:47:13:df:1f:08:81:d7:
d8:c3:7f:e2:5d:9e:57:fb:38:fa:66:4b:1c:09:63:91:7b:a7:
3e:b6:7b:39:0f:93:7e:3f:e8:2c:76:7c:83:23:96:33:cf:63:
c7:74:8c:ea:79:e1:63:89:46:86:d5:c7:15:45:1c:56:e5:e9:
ed:b8:0e:2e:2d:73:a9:0a:80:9f:dd:8d:89:58:42:65:70:9c:
71:02:21:ea:91:50:a1:b2:29:95:9e:70:0e:f1:ef:9e:b7:23:
ad:e1:40:e3
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICczIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDQx
MjE0NTJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDBDODdDQkM1RkFFODhC
MEFDRDlCNjI5QzlCQkYxNDlBMkRCQzk4OTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDbxQ6nQaSl0BmXzJ0e1dOEx8N5DBJ3xS9kBi0Di+mTyUXSqQPN
cvOp67/GVop3PUU2AQFcv0e5rVychXETxZ/ewNc9CfuOO76Gl5b8wQAl+fZYcblG
wcOABUFbr8zi822xY5eYr8p3Qmqg5XxOKG/nG4/rZxfX+WxrOIZf+ieRoDV37aNo
99LGM7ulRbXy1VEfZxlHZv3GiHjlR2Ql7Vctv4PvzyUZvuXWWb9uBaYvPFituXH0
W0NGQfpTcjPXACy/9ncjsW8MqvPtL90hFXdAUrTYazNrjxMt36wn+1v5odytfLJj
ngI5lp/psuE99w84gAKkvXrsN/RDhPJg+/5NAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUDIfLxfroiwrNm2Kcm78Umi28mJEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0RJZkx4ZnJvaXdyTm0y
S2NtNzhVbWkyOG1KRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCEmU4W
0JrUiQPfuB461IquWbN0AIpkmFDS2UF6jKCIPK/7okoPe+MtkgIt+1wUYhp+/3cN
mp15G5B7lVZz1HvjGISOPzUAo3yrXuWCcbFGt+646V+idsck8U6wmxJs6ocbG0dg
ir2YdW2bRtL91hNU8OemGeMGyVMNDj2FQ5v/21+VtT58dEU5sC3cE3XOXdmWu3+q
8oRkYzytEkcT3x8IgdfYw3/iXZ5X+zj6ZkscCWORe6c+tns5D5N+P+gsdnyDI5Yz
z2PHdIzqeeFjiUaG1ccVRRxW5entuA4uLXOpCoCf3Y2JWEJlcJxxAiHqkVChsimV
nnAO8e+etyOt4UDj
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:51:36 2025 by rpki-client