Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/DVLaFr6z7shYuICX8I0BmsSx82M.roa
File: DVLaFr6z7shYuICX8I0BmsSx82M.roa (raw, json)
Hash identifier: nZuYRQXNkYV24NTrdFF0prmUesq9Ot9e94tkyMF4vAE=
Subject key identifier: 0D:52:DA:16:BE:B3:EE:C8:58:B8:80:97:F0:8D:01:9A:C4:B1:F3:63
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7760
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/DVLaFr6z7shYuICX8I0BmsSx82M.roa
Signing time: Tue 15 Jul 2025 16:11:58 +0000
ROA not before: Tue 15 Jul 2025 16:11:58 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30560 (0x7760)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 15 16:11:58 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=0D52DA16BEB3EEC858B88097F08D019AC4B1F363
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:ea:10:78:5b:7d:47:80:51:6c:11:6a:bb:ae:
0b:64:79:f9:61:67:91:cf:6a:19:7d:17:e2:4e:f6:
ff:3f:07:df:3b:85:3f:ae:6a:67:14:a3:3d:51:12:
3c:7c:4b:53:40:32:09:2e:ee:28:28:2a:86:b2:e7:
68:7c:90:39:e9:65:af:e9:8c:44:47:3f:49:e5:79:
64:fb:45:3b:50:4e:da:2f:d4:ef:33:b4:1a:aa:ff:
01:e3:57:b9:17:21:41:07:3e:8e:3a:63:1e:ed:41:
56:77:ab:23:5d:65:79:27:25:b7:06:9e:4d:7e:6c:
7f:19:10:67:3b:b6:77:bd:fd:8f:a1:a3:23:71:0c:
9c:4d:bb:9b:42:e5:2b:e2:3c:ee:9a:ac:0a:5e:06:
b3:c0:a6:49:8d:23:cb:19:88:9c:95:0a:6f:68:54:
84:64:82:dd:41:4e:b3:63:34:21:a7:e7:16:a2:7e:
f0:37:9b:0a:af:72:b5:a1:ee:a3:cf:2c:6a:a7:40:
b9:ff:00:a9:48:d8:90:8d:0e:13:0f:95:99:34:ca:
82:db:43:11:28:20:82:5f:34:86:27:f4:d2:6a:e5:
0e:8e:7c:d7:77:68:a6:5c:13:49:f8:1b:bf:f2:19:
36:cc:97:13:19:49:f1:b1:12:32:9f:4c:32:9b:27:
82:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:52:DA:16:BE:B3:EE:C8:58:B8:80:97:F0:8D:01:9A:C4:B1:F3:63
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/DVLaFr6z7shYuICX8I0BmsSx82M.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
91:94:dd:7e:59:12:a9:1d:c3:76:15:f3:06:9d:5b:62:46:e0:
10:52:49:73:2a:09:29:47:49:18:92:5b:d4:a9:2d:6a:68:1f:
9c:7b:12:6f:14:b6:5d:4b:d0:44:f7:01:b3:a0:05:98:26:74:
2d:d1:e0:33:91:0a:d0:be:12:5c:dc:bc:48:4d:1d:dc:af:7b:
8a:69:72:99:98:75:18:9b:1a:0e:58:e0:66:a7:83:bd:85:6e:
f4:92:09:a8:fb:d6:7f:dc:51:a7:98:22:44:e1:97:c5:e6:5c:
21:b7:29:b9:ec:3e:6b:04:88:6c:a0:d5:70:87:75:ef:42:ba:
f6:5a:9d:a6:4a:62:78:b5:78:1f:c9:ad:7a:db:47:56:e2:e9:
a4:49:cd:24:aa:98:2e:1f:87:d6:cb:05:b1:a4:c3:bd:cb:a9:
1b:2e:63:b0:5f:6b:3a:1c:93:b3:38:43:08:fd:0a:af:39:2f:
9e:bf:67:3d:48:04:7e:ef:7d:ec:b7:da:cf:42:08:40:7d:7b:
2a:fe:34:87:3a:ab:d9:e8:ec:00:cf:de:03:c0:43:db:b3:32:
63:8e:0e:15:72:a6:6e:df:85:65:86:a0:89:cf:86:d2:23:c5:
15:ea:2d:34:90:24:81:52:ee:d8:0d:10:d6:58:df:f1:0c:4b:
0f:9e:76:c2
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICd2AwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTUx
NjExNThaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDBENTJEQTE2QkVCM0VF
Qzg1OEI4ODA5N0YwOEQwMTlBQzRCMUYzNjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCv6hB4W31HgFFsEWq7rgtkeflhZ5HPahl9F+JO9v8/B987hT+u
amcUoz1REjx8S1NAMgku7igoKoay52h8kDnpZa/pjERHP0nleWT7RTtQTtov1O8z
tBqq/wHjV7kXIUEHPo46Yx7tQVZ3qyNdZXknJbcGnk1+bH8ZEGc7tne9/Y+hoyNx
DJxNu5tC5SviPO6arApeBrPApkmNI8sZiJyVCm9oVIRkgt1BTrNjNCGn5xaifvA3
mwqvcrWh7qPPLGqnQLn/AKlI2JCNDhMPlZk0yoLbQxEoIIJfNIYn9NJq5Q6OfNd3
aKZcE0n4G7/yGTbMlxMZSfGxEjKfTDKbJ4JvAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUDVLaFr6z7shYuICX8I0BmsSx82MwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0RWTGFGcjZ6N3NoWXVJ
Q1g4STBCbXNTeDgyTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCRlN1+
WRKpHcN2FfMGnVtiRuAQUklzKgkpR0kYklvUqS1qaB+cexJvFLZdS9BE9wGzoAWY
JnQt0eAzkQrQvhJc3LxITR3cr3uKaXKZmHUYmxoOWOBmp4O9hW70kgmo+9Z/3FGn
mCJE4ZfF5lwhtym57D5rBIhsoNVwh3XvQrr2Wp2mSmJ4tXgfya1620dW4umkSc0k
qpguH4fWywWxpMO9y6kbLmOwX2s6HJOzOEMI/QqvOS+ev2c9SAR+733st9rPQghA
fXsq/jSHOqvZ6OwAz94DwEPbszJjjg4VcqZu34VlhqCJz4bSI8UV6i00kCSBUu7Y
DRDWWN/xDEsPnnbC
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:46:45 2025 by rpki-client