Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/GZiWUqhQmid39X2b7ldrsMMpd2c.roa
File: GZiWUqhQmid39X2b7ldrsMMpd2c.roa (raw, json)
Hash identifier: QO2fpSyikx+5DP7+TLzJ9fwb0+9sTlPPkeq1k3BW8cE=
Subject key identifier: 19:98:96:52:A8:50:9A:27:77:F5:7D:9B:EE:57:6B:B0:C3:29:77:67
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6C84
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/GZiWUqhQmid39X2b7ldrsMMpd2c.roa
Signing time: Mon 16 Jun 2025 11:12:21 +0000
ROA not before: Mon 16 Jun 2025 11:12:21 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27780 (0x6c84)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 16 11:12:21 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=19989652A8509A2777F57D9BEE576BB0C3297767
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:64:69:79:16:1c:b8:3f:db:51:df:b0:f9:74:
be:c3:fb:a4:32:16:34:6b:3d:08:2f:1d:48:be:cd:
a4:1b:63:dd:3d:a9:d3:89:70:b6:cc:95:85:2c:ec:
d9:37:a6:d4:be:f4:0d:bf:e3:b3:ce:f2:9d:29:7c:
3d:6d:b7:e6:f5:62:e1:78:2b:f4:c2:62:7d:9c:26:
d9:d4:b6:06:88:f2:03:0a:96:5e:32:51:1d:ae:af:
8c:25:7e:4f:4f:5e:9d:af:a4:65:0f:76:15:76:74:
9e:fa:95:a2:08:f1:0b:14:c9:f1:64:99:99:fd:35:
a8:9e:7f:f6:73:66:32:40:e7:ba:0e:8a:ad:0e:68:
7f:73:b9:9d:60:e4:0f:9e:72:82:13:e3:c0:e1:f3:
e2:16:46:0d:37:7f:aa:59:17:e3:6a:28:50:a3:ad:
c7:0a:68:89:39:0f:e9:ef:56:c2:1f:94:88:3e:3e:
19:5a:0d:84:b7:85:47:2d:21:27:2c:05:ea:ca:d2:
57:5a:94:4e:0f:18:0b:eb:8b:e5:fb:34:e1:1c:f2:
f7:9b:95:ce:c7:9a:3a:a6:cd:f4:32:c0:9e:97:81:
39:06:ab:cc:5a:9e:bf:b5:61:07:94:5c:a9:f7:4f:
60:a7:04:99:43:13:c4:e4:eb:ea:04:a6:3c:6d:dd:
88:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:98:96:52:A8:50:9A:27:77:F5:7D:9B:EE:57:6B:B0:C3:29:77:67
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/GZiWUqhQmid39X2b7ldrsMMpd2c.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
25:33:e4:4b:07:23:cd:d7:7f:67:c6:37:93:27:fc:d0:91:91:
6f:db:a2:5d:d1:56:06:83:2b:ad:18:b6:ac:b6:e0:4e:60:48:
72:38:de:f0:9a:bf:da:b8:02:8b:43:70:16:d5:3c:4f:38:27:
0b:67:a8:e7:67:9f:37:7e:5c:81:40:7c:92:6e:61:f0:15:75:
89:fc:cc:a8:0c:ed:2c:bc:ce:f4:96:7c:8d:74:aa:06:a4:0d:
6f:a2:96:03:db:df:23:06:28:a5:66:05:64:a5:02:dc:8a:44:
f8:34:18:48:11:26:49:6f:8a:fa:b0:28:b8:42:2a:9d:e3:46:
16:85:e9:77:87:dc:4e:b3:0d:5a:bd:03:ae:26:d7:6b:29:14:
ed:e3:c6:1c:d3:79:35:6f:3b:01:e7:3f:8f:64:d6:d1:ad:41:
80:cd:41:e9:e5:44:00:65:ca:19:2f:39:af:d0:51:6e:f1:8c:
0d:94:23:80:3e:8e:72:0e:01:03:0d:cf:37:1d:86:5e:55:f9:
29:91:a6:f9:8b:0f:0e:41:1a:8a:ab:ba:93:d9:b5:03:6d:43:
47:ae:bc:54:12:c2:94:de:57:e1:e1:10:0a:b1:06:be:58:55:
c6:a1:b4:b7:c2:2c:49:6d:9e:a7:1e:15:b1:f7:c9:bb:11:40:
e2:4c:94:be
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbIQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTYx
MTEyMjFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDE5OTg5NjUyQTg1MDlB
Mjc3N0Y1N0Q5QkVFNTc2QkIwQzMyOTc3NjcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC1ZGl5Fhy4P9tR37D5dL7D+6QyFjRrPQgvHUi+zaQbY909qdOJ
cLbMlYUs7Nk3ptS+9A2/47PO8p0pfD1tt+b1YuF4K/TCYn2cJtnUtgaI8gMKll4y
UR2ur4wlfk9PXp2vpGUPdhV2dJ76laII8QsUyfFkmZn9Naief/ZzZjJA57oOiq0O
aH9zuZ1g5A+ecoIT48Dh8+IWRg03f6pZF+NqKFCjrccKaIk5D+nvVsIflIg+Phla
DYS3hUctIScsBerK0ldalE4PGAvri+X7NOEc8veblc7HmjqmzfQywJ6XgTkGq8xa
nr+1YQeUXKn3T2CnBJlDE8Tk6+oEpjxt3YgpAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUGZiWUqhQmid39X2b7ldrsMMpd2cwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0daaVdVcWhRbWlkMzlY
MmI3bGRyc01NcGQyYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAlM+RL
ByPN139nxjeTJ/zQkZFv26Jd0VYGgyutGLastuBOYEhyON7wmr/auAKLQ3AW1TxP
OCcLZ6jnZ583flyBQHySbmHwFXWJ/MyoDO0svM70lnyNdKoGpA1vopYD298jBiil
ZgVkpQLcikT4NBhIESZJb4r6sCi4Qiqd40YWhel3h9xOsw1avQOuJtdrKRTt48Yc
03k1bzsB5z+PZNbRrUGAzUHp5UQAZcoZLzmv0FFu8YwNlCOAPo5yDgEDDc83HYZe
Vfkpkab5iw8OQRqKq7qT2bUDbUNHrrxUEsKU3lfh4RAKsQa+WFXGobS3wixJbZ6n
HhWx98m7EUDiTJS+
-----END CERTIFICATE-----
Generated at Sun Jul 20 16:27:19 2025 by rpki-client