Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/EWh-fd0utABm9iIhyhehltpE7q8.roa
File: EWh-fd0utABm9iIhyhehltpE7q8.roa (raw, json)
Hash identifier: fUycwVKtSb2JzKVG4Q8Ie7L0HjbjQFXUmBNKMJKRXKY=
Subject key identifier: 11:68:7E:7D:DD:2E:B4:00:66:F6:22:21:CA:17:A1:96:DA:44:EE:AF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 78BE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/EWh-fd0utABm9iIhyhehltpE7q8.roa
Signing time: Sat 19 Jul 2025 07:42:15 +0000
ROA not before: Sat 19 Jul 2025 07:42:15 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30910 (0x78be)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 19 07:42:15 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=11687E7DDD2EB40066F62221CA17A196DA44EEAF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:03:b4:69:a1:46:57:2e:cd:ab:08:74:00:6b:
68:ed:42:cd:95:27:b3:6f:42:75:0a:9c:4c:c8:6d:
55:00:fa:ec:30:4a:eb:92:0b:2a:ff:5c:99:86:00:
e1:87:3e:04:33:0e:76:3d:b6:3b:e9:2b:23:2b:ea:
1f:5b:27:d7:33:05:00:ce:16:de:f5:76:01:2a:e0:
79:cc:c8:c3:72:99:cf:84:4b:8d:a8:b6:da:7d:cc:
10:01:d9:11:e5:6a:71:09:b5:3b:2e:b7:a0:d9:f9:
d5:0b:6e:6c:d2:0c:cd:15:60:a6:fc:39:82:08:0e:
16:45:b6:20:88:93:31:3e:00:b4:dd:8e:4c:16:17:
8a:b4:28:c6:8a:c2:cc:2d:d4:1d:34:12:7d:8e:df:
19:3d:a8:9c:4b:3a:14:8b:92:7a:ca:40:30:f5:d7:
64:3e:cf:7d:e4:6e:4a:11:55:92:52:c2:0b:bf:13:
02:ee:dd:16:68:cc:b2:f5:bf:8a:4b:2a:71:5a:77:
b9:19:f2:f1:34:fb:be:6c:af:5b:f8:f5:ad:3c:5f:
c6:0b:2d:31:d8:18:51:e3:d2:15:35:c8:c3:ac:5e:
5c:4a:06:3f:4e:3b:58:c2:0f:e0:2f:dc:06:14:4a:
4e:8f:04:a9:21:cc:a7:0e:64:83:f6:85:1f:c8:60:
12:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
11:68:7E:7D:DD:2E:B4:00:66:F6:22:21:CA:17:A1:96:DA:44:EE:AF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/EWh-fd0utABm9iIhyhehltpE7q8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
53:5a:fe:30:53:83:b1:f7:67:5b:20:9a:59:be:a8:82:e9:f9:
b2:2f:98:e9:75:82:f6:ab:e0:c8:f7:be:c6:bc:f0:6a:3d:47:
7a:aa:96:6e:15:4c:fb:6d:d3:f4:32:76:41:23:7d:5c:91:05:
20:b1:63:41:d6:43:96:ba:96:12:d7:c1:ec:20:a1:d9:c0:f3:
2d:b9:dd:e2:42:55:85:c3:b8:61:3b:25:57:63:9b:12:32:3c:
0d:76:09:b6:bf:08:91:a9:bb:f9:af:cd:ec:2a:27:31:05:1d:
90:9a:e0:7c:b2:93:88:b5:a4:31:42:67:c5:ea:a5:ea:75:2b:
f4:67:74:14:93:24:f8:4e:fe:87:a2:51:6c:c7:3d:b0:07:b8:
45:d3:8f:c6:01:47:20:30:59:a7:ff:89:03:06:81:42:ef:a6:
88:93:fe:eb:d9:2a:28:9a:7a:fe:06:b0:a2:27:9e:39:62:81:
07:89:18:90:38:18:6b:be:12:50:e1:59:6b:57:8d:94:8e:f0:
91:1f:48:6d:d3:24:12:f2:a6:e8:6d:b7:85:6b:3c:85:84:28:
e4:03:06:c6:ec:9f:f3:d5:69:8c:4b:19:3a:43:80:81:19:18:
98:64:8b:db:8a:86:16:40:f5:36:f4:60:a0:e5:56:6a:18:23:
e9:e2:83:fb
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeL4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTkw
NzQyMTVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDExNjg3RTdEREQyRUI0
MDA2NkY2MjIyMUNBMTdBMTk2REE0NEVFQUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDVA7RpoUZXLs2rCHQAa2jtQs2VJ7NvQnUKnEzIbVUA+uwwSuuS
Cyr/XJmGAOGHPgQzDnY9tjvpKyMr6h9bJ9czBQDOFt71dgEq4HnMyMNymc+ES42o
ttp9zBAB2RHlanEJtTsut6DZ+dULbmzSDM0VYKb8OYIIDhZFtiCIkzE+ALTdjkwW
F4q0KMaKwswt1B00En2O3xk9qJxLOhSLknrKQDD112Q+z33kbkoRVZJSwgu/EwLu
3RZozLL1v4pLKnFad7kZ8vE0+75sr1v49a08X8YLLTHYGFHj0hU1yMOsXlxKBj9O
O1jCD+Av3AYUSk6PBKkhzKcOZIP2hR/IYBJDAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUEWh+fd0utABm9iIhyhehltpE7q8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0VXaC1mZDB1dEFCbTlp
SWh5aGVobHRwRTdxOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBTWv4w
U4Ox92dbIJpZvqiC6fmyL5jpdYL2q+DI977GvPBqPUd6qpZuFUz7bdP0MnZBI31c
kQUgsWNB1kOWupYS18HsIKHZwPMtud3iQlWFw7hhOyVXY5sSMjwNdgm2vwiRqbv5
r83sKicxBR2QmuB8spOItaQxQmfF6qXqdSv0Z3QUkyT4Tv6HolFsxz2wB7hF04/G
AUcgMFmn/4kDBoFC76aIk/7r2Soomnr+BrCiJ545YoEHiRiQOBhrvhJQ4VlrV42U
jvCRH0ht0yQS8qbobbeFazyFhCjkAwbG7J/z1WmMSxk6Q4CBGRiYZIvbioYWQPU2
9GCg5VZqGCPp4oP7
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:40:15 2025 by rpki-client