Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/H7vNVzWjlQdTJohZkSjMvPxKUAw.roa
File: H7vNVzWjlQdTJohZkSjMvPxKUAw.roa (raw, json)
Hash identifier: QbyPKcCv3mNLK4V4FztIRHy7eqE4eyEiAnbxWoZXs/k=
Subject key identifier: 1F:BB:CD:57:35:A3:95:07:53:26:88:59:91:28:CC:BC:FC:4A:50:0C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6DD6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/H7vNVzWjlQdTJohZkSjMvPxKUAw.roa
Signing time: Fri 20 Jun 2025 11:14:07 +0000
ROA not before: Fri 20 Jun 2025 11:14:07 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28118 (0x6dd6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 20 11:14:07 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=1FBBCD5735A39507532688599128CCBCFC4A500C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:ed:e8:66:c3:a3:56:ab:e0:0d:c4:a6:32:40:
a5:4c:a7:6f:66:da:c8:69:66:56:15:02:cb:55:e9:
ab:29:10:6e:a9:35:56:d4:16:d5:5e:8a:6c:b4:38:
61:70:d5:67:cb:de:06:09:eb:9f:f8:3a:0d:c1:02:
85:bd:41:1a:ef:c8:39:88:4b:57:7b:4d:6d:86:be:
ec:d6:97:d0:fe:0e:f4:e2:27:15:6e:29:4c:5f:55:
8b:fc:eb:d6:14:76:5c:2d:7a:69:93:ef:4b:ee:e5:
d2:94:17:e9:5a:ad:47:42:8e:e6:de:58:b5:70:74:
91:8e:a4:cc:39:f0:70:59:af:5a:0c:44:4a:a3:d6:
cb:3c:5c:cb:a4:1e:48:66:da:2d:f0:e2:53:99:0d:
28:49:86:dd:6f:0a:2a:bd:a5:99:23:fe:06:38:97:
0a:f8:02:ab:b1:30:a2:de:ca:94:c1:b9:c0:9e:04:
2a:0f:42:38:ee:d9:96:b0:74:fe:57:59:80:b5:fb:
fb:7b:7b:b5:3e:54:72:e8:1a:08:cd:fd:78:8d:39:
b1:86:7d:42:55:77:03:1c:fa:6c:83:fd:ea:db:aa:
f9:d9:fb:41:f1:61:b1:11:d6:e4:6f:d4:fc:7b:71:
a9:bd:80:b7:10:82:a6:64:e6:f1:c0:f3:cf:ec:08:
be:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:BB:CD:57:35:A3:95:07:53:26:88:59:91:28:CC:BC:FC:4A:50:0C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/H7vNVzWjlQdTJohZkSjMvPxKUAw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
81:89:58:58:c4:b6:6c:27:12:db:59:46:05:1c:08:ef:88:6c:
f8:4a:a7:40:83:16:bf:04:4b:c1:13:66:79:f6:cf:9c:6b:b7:
79:e9:5b:c2:37:dd:bf:69:07:05:76:98:c4:4f:59:e8:48:69:
0b:38:f1:af:19:54:4c:5c:88:d1:53:c6:ee:48:98:a4:b7:f2:
52:91:45:68:b4:91:c5:6c:2d:fc:12:53:47:e1:e1:ac:a1:d4:
55:41:4a:db:ee:d6:e5:43:49:fc:8b:0d:12:7d:4e:7b:57:16:
11:e7:c9:7b:1f:dc:0f:cc:7b:73:cd:72:dd:55:80:e0:d6:fc:
9b:1b:f9:fe:57:b5:31:9e:09:4a:71:32:e2:c5:4d:c4:4b:fb:
ea:2c:8c:12:57:0e:6c:63:2c:c7:0f:23:99:e3:d2:3d:9f:21:
fa:1e:ce:ac:4d:55:1b:a7:41:c8:03:e0:35:b0:23:74:84:d8:
c9:b1:24:fb:95:ec:12:5a:7e:8a:84:f7:2d:9a:46:2b:4c:55:
39:df:0c:db:cd:f0:74:8f:59:44:38:a2:f7:d2:0a:fd:9e:44:
d9:6e:67:54:53:14:c9:ea:51:1b:c6:cf:bc:0c:72:37:93:b7:
8a:ee:54:f2:50:67:37:15:96:3c:7a:dc:2b:b9:fd:66:97:f0:
62:32:ee:c5
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbdYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjAx
MTE0MDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDFGQkJDRDU3MzVBMzk1
MDc1MzI2ODg1OTkxMjhDQ0JDRkM0QTUwMEMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCm7ehmw6NWq+ANxKYyQKVMp29m2shpZlYVAstV6aspEG6pNVbU
FtVeimy0OGFw1WfL3gYJ65/4Og3BAoW9QRrvyDmIS1d7TW2GvuzWl9D+DvTiJxVu
KUxfVYv869YUdlwtemmT70vu5dKUF+larUdCjubeWLVwdJGOpMw58HBZr1oMREqj
1ss8XMukHkhm2i3w4lOZDShJht1vCiq9pZkj/gY4lwr4AquxMKLeypTBucCeBCoP
Qjju2ZawdP5XWYC1+/t7e7U+VHLoGgjN/XiNObGGfUJVdwMc+myD/erbqvnZ+0Hx
YbER1uRv1Px7cam9gLcQgqZk5vHA88/sCL4pAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUH7vNVzWjlQdTJohZkSjMvPxKUAwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0g3dk5WeldqbFFkVEpv
aFprU2pNdlB4S1VBdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCBiVhY
xLZsJxLbWUYFHAjviGz4SqdAgxa/BEvBE2Z59s+ca7d56VvCN92/aQcFdpjET1no
SGkLOPGvGVRMXIjRU8buSJikt/JSkUVotJHFbC38ElNH4eGsodRVQUrb7tblQ0n8
iw0SfU57VxYR58l7H9wPzHtzzXLdVYDg1vybG/n+V7UxnglKcTLixU3ES/vqLIwS
Vw5sYyzHDyOZ49I9nyH6Hs6sTVUbp0HIA+A1sCN0hNjJsST7lewSWn6KhPctmkYr
TFU53wzbzfB0j1lEOKL30gr9nkTZbmdUUxTJ6lEbxs+8DHI3k7eK7lTyUGc3FZY8
etwruf1ml/BiMu7F
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:51:28 2025 by rpki-client