Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/G-k7VK7S_3canG7VLhRCXbNQEbQ.roa
File: G-k7VK7S_3canG7VLhRCXbNQEbQ.roa (raw, json)
Hash identifier: QK7PnVkBZjrFq7/+b4MngV05wBCJ7Pa6xv11xGhe/F0=
Subject key identifier: 1B:E9:3B:54:AE:D2:FF:77:1A:9C:6E:D5:2E:14:42:5D:B3:50:11:B4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 73EC
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/G-k7VK7S_3canG7VLhRCXbNQEbQ.roa
Signing time: Sun 06 Jul 2025 10:48:06 +0000
ROA not before: Sun 06 Jul 2025 10:48:06 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29676 (0x73ec)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 6 10:48:06 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=1BE93B54AED2FF771A9C6ED52E14425DB35011B4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:ea:e1:fe:e1:4b:c8:45:59:92:18:bb:0f:a9:
8f:13:80:1d:c5:45:d2:42:1d:5e:db:10:7f:c5:b3:
f9:e2:c3:3d:d9:d6:3d:15:57:ca:ef:db:cf:2f:a8:
fd:44:6c:be:31:41:29:b0:a4:ed:9d:65:08:d6:c0:
61:33:5d:80:39:03:d7:0f:5f:af:90:6c:1d:3e:de:
8b:54:0c:59:ec:03:5c:1a:40:7f:34:84:0b:19:4a:
53:ee:93:47:bf:83:d9:d3:b0:15:c8:03:9a:7a:e0:
1b:13:4a:77:14:91:ca:4a:01:3f:86:ec:03:5f:c3:
05:a8:7c:80:9e:ae:68:7e:b3:65:3d:d8:03:46:d0:
54:01:e8:83:e4:c2:f2:70:51:a3:8a:6b:36:eb:18:
15:b9:8c:43:55:8e:01:06:1c:f1:2d:20:cb:7e:bb:
80:aa:0a:fb:c6:6e:47:75:24:5c:da:6a:1d:44:14:
c7:ee:7f:60:ed:e0:58:c0:ad:cc:03:28:a4:94:ae:
ed:bf:c2:05:35:6c:7c:97:22:01:aa:a5:92:f7:61:
89:75:33:68:33:52:36:ec:78:fe:91:56:a9:2f:01:
9d:43:1f:1b:d9:c0:ec:40:b1:cf:de:b9:9b:23:88:
d7:7d:db:ec:4c:56:c6:0c:c8:47:cd:8d:39:44:a3:
c3:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:E9:3B:54:AE:D2:FF:77:1A:9C:6E:D5:2E:14:42:5D:B3:50:11:B4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/G-k7VK7S_3canG7VLhRCXbNQEbQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
0f:eb:58:26:04:a7:b7:ad:db:89:69:b7:53:1a:ef:33:46:8b:
f9:6d:14:56:b5:55:6b:3a:d5:da:47:30:b4:45:82:8f:f6:b5:
fb:aa:cb:b9:d0:e6:3b:0b:9b:fc:83:d5:65:24:9b:6b:31:4e:
3b:ef:cd:98:3a:20:62:21:e0:18:f3:d9:e6:d4:8b:73:6a:29:
88:35:bd:c0:1f:4e:b9:73:75:2b:f9:9c:98:1c:c3:bf:a6:0c:
3c:59:f9:d1:af:bf:c2:51:05:bd:7f:fe:1a:7b:cb:b3:b6:5b:
0d:dc:a6:aa:ba:74:01:ec:07:5c:07:80:b1:2c:14:cf:81:ed:
1a:b2:69:46:5c:91:b4:32:b8:cf:65:ff:d9:b3:50:a4:b1:76:
b3:d5:fa:69:0c:96:ed:5e:e4:ea:2f:94:0a:86:b7:cb:91:fe:
ac:52:0b:4e:84:b4:34:00:d3:bb:e7:6e:41:01:83:68:5a:71:
c3:26:91:3b:b0:2c:e8:c5:62:d1:b7:f0:a1:8c:cd:90:c1:e8:
4b:ab:8b:2c:08:f2:ee:53:40:29:4e:c5:c4:42:bc:de:6e:ac:
b6:8f:e4:75:11:3d:dd:b1:53:ef:4d:f1:5f:5c:d0:e6:50:f4:
78:a4:ab:bc:ce:c0:a8:08:5f:4f:69:a8:37:ea:a9:ad:05:3f:
77:71:5b:1e
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICc+wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDYx
MDQ4MDZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDFCRTkzQjU0QUVEMkZG
NzcxQTlDNkVENTJFMTQ0MjVEQjM1MDExQjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC16uH+4UvIRVmSGLsPqY8TgB3FRdJCHV7bEH/Fs/niwz3Z1j0V
V8rv288vqP1EbL4xQSmwpO2dZQjWwGEzXYA5A9cPX6+QbB0+3otUDFnsA1waQH80
hAsZSlPuk0e/g9nTsBXIA5p64BsTSncUkcpKAT+G7ANfwwWofICermh+s2U92ANG
0FQB6IPkwvJwUaOKazbrGBW5jENVjgEGHPEtIMt+u4CqCvvGbkd1JFzaah1EFMfu
f2Dt4FjArcwDKKSUru2/wgU1bHyXIgGqpZL3YYl1M2gzUjbseP6RVqkvAZ1DHxvZ
wOxAsc/euZsjiNd92+xMVsYMyEfNjTlEo8ONAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUG+k7VK7S/3canG7VLhRCXbNQEbQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0ctazdWSzdTXzNjYW5H
N1ZMaFJDWGJOUUViUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAP61gm
BKe3rduJabdTGu8zRov5bRRWtVVrOtXaRzC0RYKP9rX7qsu50OY7C5v8g9VlJJtr
MU47782YOiBiIeAY89nm1ItzaimINb3AH065c3Ur+ZyYHMO/pgw8WfnRr7/CUQW9
f/4ae8uztlsN3KaqunQB7AdcB4CxLBTPge0asmlGXJG0MrjPZf/Zs1CksXaz1fpp
DJbtXuTqL5QKhrfLkf6sUgtOhLQ0ANO7525BAYNoWnHDJpE7sCzoxWLRt/ChjM2Q
wehLq4ssCPLuU0ApTsXEQrzebqy2j+R1ET3dsVPvTfFfXNDmUPR4pKu8zsCoCF9P
aag36qmtBT93cVse
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:51:35 2025 by rpki-client