Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/DtCXFdJkpvIu_euxJTd7-rn0UHQ.roa
File: DtCXFdJkpvIu_euxJTd7-rn0UHQ.roa (raw, json)
Hash identifier: W8Vri/vAMkngdUC/RaeX03Olx69elrbcyTGSBV1lioY=
Subject key identifier: 0E:D0:97:15:D2:64:A6:F2:2E:FD:EB:B1:25:37:7B:FA:B9:F4:50:74
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 75AE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/DtCXFdJkpvIu_euxJTd7-rn0UHQ.roa
Signing time: Fri 11 Jul 2025 03:15:31 +0000
ROA not before: Fri 11 Jul 2025 03:15:31 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30126 (0x75ae)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 11 03:15:31 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=0ED09715D264A6F22EFDEBB125377BFAB9F45074
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:65:3c:cc:bb:83:c7:de:33:0c:32:96:63:d9:
be:27:d8:19:d0:5f:fc:2e:da:01:95:cd:3a:f8:b9:
8c:f3:ed:64:c1:2d:81:e0:f6:55:02:88:d8:37:4b:
82:ed:6c:dc:86:b5:83:c2:0c:88:49:3b:cb:d2:9f:
1c:40:59:ae:57:66:aa:2a:78:48:63:7e:06:61:57:
78:36:fc:ab:2e:cb:b5:9b:65:d7:2d:a8:eb:6b:15:
88:cd:32:d3:00:4d:7e:9b:35:c5:33:63:d8:52:a3:
66:98:a6:6e:83:6d:a0:2e:c0:2f:88:5d:e1:82:0d:
79:3a:ee:ee:7c:ea:14:57:5c:13:77:31:a7:ca:0c:
1b:06:6d:da:5b:c9:af:33:9e:76:b7:95:b2:fa:d7:
df:c8:80:6f:11:33:38:2b:64:5a:6a:37:61:7c:63:
84:d6:68:c9:35:32:ac:f4:34:27:2b:4b:d3:32:02:
d7:e4:08:48:ba:34:8f:bf:e3:53:95:6e:dc:84:f6:
b4:89:18:e2:55:1e:45:63:cb:4d:a5:19:00:ee:19:
bd:a5:2a:90:56:f5:16:31:fc:14:28:05:de:a7:ec:
46:7c:43:33:3d:90:de:1d:45:de:f1:7b:bd:36:90:
eb:2c:0c:ef:b1:3e:d6:93:bc:b8:93:d2:62:34:fc:
93:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:D0:97:15:D2:64:A6:F2:2E:FD:EB:B1:25:37:7B:FA:B9:F4:50:74
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/DtCXFdJkpvIu_euxJTd7-rn0UHQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
1b:cd:b8:e1:d6:ac:69:1f:a2:c0:58:98:05:51:a0:07:a9:7e:
62:ed:6d:05:8b:3c:17:77:da:17:d7:1b:11:a9:01:12:5c:2d:
23:9f:93:f6:5b:7c:da:00:a7:d7:24:84:db:47:e7:72:88:72:
12:a2:41:a7:a5:14:4c:f1:3b:d1:bd:77:ad:3b:50:bc:f7:74:
0e:e6:81:15:12:90:ca:fe:31:e2:e4:82:ab:db:fa:8c:58:6c:
a2:6d:c7:01:b9:97:fe:d0:83:ba:1d:07:4f:d2:36:e2:85:5f:
65:9a:ff:53:28:c6:47:2d:74:c6:96:d8:d7:8c:d3:01:fe:1d:
c4:a0:5e:f7:f0:76:c2:9d:83:ac:bd:e5:21:1e:40:0f:8d:78:
83:cc:3b:40:45:ef:b1:49:5f:8a:94:eb:10:0f:07:6c:3c:f7:
79:ee:3b:5e:dc:01:63:d3:77:af:9f:5f:7b:c6:4f:9b:e1:86:
cd:e6:52:89:96:03:b2:ca:29:61:55:8d:60:7f:0c:79:21:e6:
f8:3c:90:5a:57:51:5a:67:af:bd:93:0b:40:b9:0b:56:b0:50:
ee:7c:7a:ed:fd:7a:f8:b4:cf:3c:01:02:f4:09:4b:8c:3d:5c:
56:e2:fc:fa:17:d6:e1:1e:67:6e:6e:c1:16:44:24:9a:2f:83:
29:d1:3c:99
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICda4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTEw
MzE1MzFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDBFRDA5NzE1RDI2NEE2
RjIyRUZERUJCMTI1Mzc3QkZBQjlGNDUwNzQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDcZTzMu4PH3jMMMpZj2b4n2BnQX/wu2gGVzTr4uYzz7WTBLYHg
9lUCiNg3S4LtbNyGtYPCDIhJO8vSnxxAWa5XZqoqeEhjfgZhV3g2/Ksuy7WbZdct
qOtrFYjNMtMATX6bNcUzY9hSo2aYpm6DbaAuwC+IXeGCDXk67u586hRXXBN3MafK
DBsGbdpbya8znna3lbL619/IgG8RMzgrZFpqN2F8Y4TWaMk1Mqz0NCcrS9MyAtfk
CEi6NI+/41OVbtyE9rSJGOJVHkVjy02lGQDuGb2lKpBW9RYx/BQoBd6n7EZ8QzM9
kN4dRd7xe702kOssDO+xPtaTvLiT0mI0/JPVAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUDtCXFdJkpvIu/euxJTd7+rn0UHQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0R0Q1hGZEprcHZJdV9l
dXhKVGQ3LXJuMFVIUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAbzbjh
1qxpH6LAWJgFUaAHqX5i7W0FizwXd9oX1xsRqQESXC0jn5P2W3zaAKfXJITbR+dy
iHISokGnpRRM8TvRvXetO1C893QO5oEVEpDK/jHi5IKr2/qMWGyibccBuZf+0IO6
HQdP0jbihV9lmv9TKMZHLXTGltjXjNMB/h3EoF738HbCnYOsveUhHkAPjXiDzDtA
Re+xSV+KlOsQDwdsPPd57jte3AFj03evn197xk+b4YbN5lKJlgOyyilhVY1gfwx5
Ieb4PJBaV1FaZ6+9kwtAuQtWsFDufHrt/Xr4tM88AQL0CUuMPVxW4vz6F9bhHmdu
bsEWRCSaL4Mp0TyZ
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:38:42 2025 by rpki-client