Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Edm29I0OKkyC7tpPgHAUmGm_73g.roa
File: Edm29I0OKkyC7tpPgHAUmGm_73g.roa (raw, json)
Hash identifier: lSkDIjoIWzHfW7OCTRuwwODSdox2aS97LRu00RsgSy4=
Subject key identifier: 11:D9:B6:F4:8D:0E:2A:4C:82:EE:DA:4F:80:70:14:98:69:BF:EF:78
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6FD0
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Edm29I0OKkyC7tpPgHAUmGm_73g.roa
Signing time: Wed 25 Jun 2025 11:44:34 +0000
ROA not before: Wed 25 Jun 2025 11:44:34 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28624 (0x6fd0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 25 11:44:34 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=11D9B6F48D0E2A4C82EEDA4F8070149869BFEF78
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:ee:9f:8e:43:13:70:ba:e8:32:9c:01:13:bd:
fa:78:6f:f9:da:9f:ca:d7:65:62:6d:45:98:52:69:
9d:c1:6c:af:3f:4c:5c:72:89:19:fa:ac:27:79:95:
27:90:4b:a0:d3:04:21:5b:f9:e9:30:28:ab:41:ea:
7c:78:ff:25:ad:ef:b4:6c:8d:d5:cd:90:6e:b8:1f:
fe:fd:f9:18:a0:3c:23:e8:d4:ad:0e:59:73:0b:82:
f1:a2:2f:26:5f:8a:a9:a2:7e:f6:31:b4:6c:76:c7:
25:a2:65:7f:f5:0e:7c:eb:a1:1b:0a:4b:c2:16:11:
6d:76:69:43:4a:48:1e:53:65:5c:73:17:05:7a:b7:
d0:35:a0:c4:14:a3:f5:1d:b8:ab:46:21:36:a5:4b:
b8:ad:31:2e:de:80:27:77:fd:42:90:54:28:e2:65:
50:8a:9b:40:91:89:26:9a:63:22:49:f5:47:21:63:
95:f2:a7:01:c6:6c:f9:6f:62:64:dd:ad:31:a7:b7:
4f:8d:58:cd:5a:99:2c:05:92:43:bb:25:9d:36:b8:
67:b9:9b:2f:6c:a5:21:54:72:9f:69:84:6c:6a:24:
0d:36:da:1a:f9:7a:da:d2:a2:c3:9b:e6:00:b5:3e:
e8:f5:dd:a0:f6:8e:f5:2c:80:ce:09:57:0e:10:cd:
59:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
11:D9:B6:F4:8D:0E:2A:4C:82:EE:DA:4F:80:70:14:98:69:BF:EF:78
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Edm29I0OKkyC7tpPgHAUmGm_73g.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
74:33:09:ea:3e:24:75:36:94:64:51:48:98:20:3b:c0:4c:90:
6f:71:4e:11:19:af:fa:9c:e9:87:d9:d2:32:1e:0f:65:ef:06:
ca:a1:10:53:f8:14:ec:7e:0a:47:bb:a2:78:4f:d1:28:0c:75:
a0:c6:24:de:30:14:81:e8:46:4e:a4:46:7b:02:64:bd:b9:6d:
a4:1e:e4:c1:3a:15:bc:fd:4e:1f:0c:32:81:53:f6:a3:c9:43:
8e:4a:86:ed:3f:ea:05:42:11:99:a5:4d:e1:50:0b:aa:76:2f:
e9:65:1d:94:d5:10:cf:b7:37:b6:37:f1:ed:67:46:66:db:4c:
34:13:eb:6f:5d:bc:47:8b:4c:44:86:04:43:6c:af:87:1b:f8:
b9:7d:e0:3d:f2:8e:29:26:fc:c7:1b:cd:a1:77:30:3c:98:bd:
93:6c:e1:b2:97:ba:d2:70:e9:29:d0:e6:09:be:99:66:d2:de:
72:bb:c1:a4:ba:02:8b:65:89:a6:25:ea:34:df:ab:61:24:36:
03:87:fd:95:58:f6:70:1d:97:45:ad:84:60:63:e8:7f:6a:e6:
96:0c:79:40:74:04:4b:f9:dc:23:d0:0b:1e:fb:51:ab:9d:69:
45:1d:27:ff:05:4a:c0:33:f7:8b:77:cf:c4:43:27:31:4f:e6:
58:5d:18:8a
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICb9AwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjUx
MTQ0MzRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDExRDlCNkY0OEQwRTJB
NEM4MkVFREE0RjgwNzAxNDk4NjlCRkVGNzgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC67p+OQxNwuugynAETvfp4b/nan8rXZWJtRZhSaZ3BbK8/TFxy
iRn6rCd5lSeQS6DTBCFb+ekwKKtB6nx4/yWt77RsjdXNkG64H/79+RigPCPo1K0O
WXMLgvGiLyZfiqmifvYxtGx2xyWiZX/1DnzroRsKS8IWEW12aUNKSB5TZVxzFwV6
t9A1oMQUo/UduKtGITalS7itMS7egCd3/UKQVCjiZVCKm0CRiSaaYyJJ9UchY5Xy
pwHGbPlvYmTdrTGnt0+NWM1amSwFkkO7JZ02uGe5my9spSFUcp9phGxqJA022hr5
etrSosOb5gC1Puj13aD2jvUsgM4JVw4QzVlxAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUEdm29I0OKkyC7tpPgHAUmGm/73gwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0VkbTI5STBPS2t5Qzd0
cFBnSEFVbUdtXzczZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB0Mwnq
PiR1NpRkUUiYIDvATJBvcU4RGa/6nOmH2dIyHg9l7wbKoRBT+BTsfgpHu6J4T9Eo
DHWgxiTeMBSB6EZOpEZ7AmS9uW2kHuTBOhW8/U4fDDKBU/ajyUOOSobtP+oFQhGZ
pU3hUAuqdi/pZR2U1RDPtze2N/HtZ0Zm20w0E+tvXbxHi0xEhgRDbK+HG/i5feA9
8o4pJvzHG82hdzA8mL2TbOGyl7rScOkp0OYJvplm0t5yu8GkugKLZYmmJeo036th
JDYDh/2VWPZwHZdFrYRgY+h/auaWDHlAdARL+dwj0Ase+1GrnWlFHSf/BUrAM/eL
d8/EQycxT+ZYXRiK
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:39:03 2025 by rpki-client