Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/DZqdQJwsKKOVSMmEA4f2PW5kpbk.roa
File: DZqdQJwsKKOVSMmEA4f2PW5kpbk.roa (raw, json)
Hash identifier: AnP4qf8vXOoVBiafw+FMUWG/1pmt39elflgtcFyMHH4=
Subject key identifier: 0D:9A:9D:40:9C:2C:28:A3:95:48:C9:84:03:87:F6:3D:6E:64:A5:B9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 784A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/DZqdQJwsKKOVSMmEA4f2PW5kpbk.roa
Signing time: Fri 18 Jul 2025 02:42:01 +0000
ROA not before: Fri 18 Jul 2025 02:42:01 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30794 (0x784a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 18 02:42:01 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=0D9A9D409C2C28A39548C9840387F63D6E64A5B9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:37:99:f4:1f:60:b7:0b:5d:1d:0e:9d:b7:90:
7a:6b:1b:79:1a:fc:3d:7d:49:2f:45:09:af:a3:ac:
1a:55:a7:b6:34:19:a2:bb:d7:69:5e:dd:be:de:9b:
86:ba:fa:cc:bd:a3:2d:2d:64:ed:3a:a1:0b:39:a3:
57:c6:30:09:19:ef:2f:1b:9f:f1:25:07:7a:fa:92:
60:78:d9:f8:5f:de:72:ed:b8:c0:8a:7b:42:99:5c:
c5:f5:68:f9:b8:f1:50:51:c9:38:28:b0:18:96:01:
26:e2:d6:dc:16:df:a6:5d:77:cd:4b:ce:a8:a7:60:
b0:44:03:be:51:ee:25:c5:d8:85:38:7b:61:fe:43:
ab:2f:d0:1e:83:db:a5:da:c5:2b:c6:a6:df:74:a1:
68:f4:e8:60:17:34:9f:b3:1b:ae:b6:48:95:06:63:
81:2c:91:d7:45:60:2f:6a:36:c9:86:6f:5f:7c:bd:
bc:c3:b1:43:38:fa:89:78:50:43:9e:e4:6d:e7:68:
d8:b8:fb:b4:63:52:01:78:7d:e3:09:ff:79:66:ae:
85:90:25:13:0b:33:7d:46:4d:27:84:ee:52:0b:42:
cd:0f:6b:99:29:5b:e2:c0:fd:e0:25:9c:2d:ac:52:
28:ee:4c:25:62:95:2b:64:52:fe:9d:94:47:fb:ed:
2f:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:9A:9D:40:9C:2C:28:A3:95:48:C9:84:03:87:F6:3D:6E:64:A5:B9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/DZqdQJwsKKOVSMmEA4f2PW5kpbk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
66:49:90:5e:4f:99:46:cd:b4:90:1f:c4:8b:9f:b5:32:b8:08:
6a:70:19:05:ba:72:7b:f2:7f:62:fc:57:fc:c9:ed:cd:39:40:
c7:63:f6:ab:54:d3:b6:ae:69:db:c1:0f:fa:3b:c8:33:e4:ce:
95:0f:43:6d:38:ab:f0:c2:77:0e:c7:8a:17:a8:fa:8b:a6:30:
26:c5:ab:5f:8f:d1:1a:60:e5:0c:c8:1f:11:a2:36:84:c9:ae:
c4:3f:c9:c4:85:e7:01:12:0d:1f:24:c1:ce:4d:89:52:08:8d:
70:53:82:03:84:7e:45:b7:20:4a:d1:03:1f:ca:6a:f2:4b:e2:
83:ee:d8:fb:e0:31:48:be:aa:4d:3a:3a:a5:f8:53:6a:06:e1:
80:6a:1b:f4:8d:01:53:02:f4:4f:a6:f7:6d:42:f8:85:f4:55:
81:67:30:81:02:a0:71:88:09:c0:6a:d3:1d:fa:40:aa:c1:ae:
ea:0e:8e:dd:8d:1a:c8:c8:22:b4:57:13:72:70:c6:74:2d:c6:
fe:7f:69:71:5c:78:40:24:ff:8e:b7:4f:da:ec:1f:37:f4:5e:
7c:76:98:92:78:3b:72:8c:32:8c:ec:1d:39:87:b0:11:71:17:
41:3b:23:6e:7d:57:30:78:1e:63:d2:cd:cb:61:c9:de:a2:0e:
76:2f:6b:0e
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeEowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTgw
MjQyMDFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDBEOUE5RDQwOUMyQzI4
QTM5NTQ4Qzk4NDAzODdGNjNENkU2NEE1QjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDaN5n0H2C3C10dDp23kHprG3ka/D19SS9FCa+jrBpVp7Y0GaK7
12le3b7em4a6+sy9oy0tZO06oQs5o1fGMAkZ7y8bn/ElB3r6kmB42fhf3nLtuMCK
e0KZXMX1aPm48VBRyTgosBiWASbi1twW36Zdd81LzqinYLBEA75R7iXF2IU4e2H+
Q6sv0B6D26XaxSvGpt90oWj06GAXNJ+zG662SJUGY4EskddFYC9qNsmGb198vbzD
sUM4+ol4UEOe5G3naNi4+7RjUgF4feMJ/3lmroWQJRMLM31GTSeE7lILQs0Pa5kp
W+LA/eAlnC2sUijuTCVilStkUv6dlEf77S8nAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUDZqdQJwsKKOVSMmEA4f2PW5kpbkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0RacWRRSndzS0tPVlNN
bUVBNGYyUFc1a3Biay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBmSZBe
T5lGzbSQH8SLn7UyuAhqcBkFunJ78n9i/Ff8ye3NOUDHY/arVNO2rmnbwQ/6O8gz
5M6VD0NtOKvwwncOx4oXqPqLpjAmxatfj9EaYOUMyB8RojaEya7EP8nEhecBEg0f
JMHOTYlSCI1wU4IDhH5FtyBK0QMfymryS+KD7tj74DFIvqpNOjql+FNqBuGAahv0
jQFTAvRPpvdtQviF9FWBZzCBAqBxiAnAatMd+kCqwa7qDo7djRrIyCK0VxNycMZ0
Lcb+f2lxXHhAJP+Ot0/a7B839F58dpiSeDtyjDKM7B05h7ARcRdBOyNufVcweB5j
0s3LYcneog52L2sO
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:50:51 2025 by rpki-client