Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/HInqNLB50EOCnn1ZwAM3os81tNA.roa
File: HInqNLB50EOCnn1ZwAM3os81tNA.roa (raw, json)
Hash identifier: 7ii1YDoVhgWJSucJcf0gTmwexP4kyRGRu693SnQshvQ=
Subject key identifier: 1C:89:EA:34:B0:79:D0:43:82:9E:7D:59:C0:03:37:A2:CF:35:B4:D0
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7908
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/HInqNLB50EOCnn1ZwAM3os81tNA.roa
Signing time: Sun 20 Jul 2025 02:12:14 +0000
ROA not before: Sun 20 Jul 2025 02:12:14 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30984 (0x7908)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 20 02:12:14 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=1C89EA34B079D043829E7D59C00337A2CF35B4D0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:55:24:11:1c:4e:94:64:08:4f:54:a7:3a:d2:
ea:f8:cb:da:9a:5f:87:ce:b0:de:03:54:e5:8d:73:
e5:89:f3:06:5b:5c:1b:04:05:28:9f:cb:9b:96:1d:
6e:f1:fe:bc:5b:73:40:e5:73:37:3f:64:af:89:42:
0a:68:d3:ec:5a:bc:b9:69:00:54:e8:43:83:78:88:
55:e4:04:4f:52:e1:4a:c4:95:57:e7:ed:46:04:66:
95:0f:37:a3:8e:cc:a8:fc:5f:bd:5e:6a:0c:f0:18:
fb:b9:91:b3:e5:e6:ed:c1:6a:2a:e4:46:e8:a2:7f:
16:43:cf:54:90:e7:b3:b3:0f:e3:1a:5d:21:43:b6:
b2:c8:3e:c5:2b:e7:8f:c4:19:1b:4c:52:71:d2:8c:
73:e1:be:15:32:d7:4e:6d:1b:05:d5:75:21:55:0e:
b3:d5:0c:3e:36:eb:64:4d:bd:48:17:0b:61:03:f3:
e2:0c:2d:2b:1e:61:0d:61:a6:39:f7:99:e6:e7:70:
74:08:b2:49:00:17:f3:af:46:21:50:34:30:bd:e8:
56:b8:72:92:9c:82:1d:64:05:2f:f9:6d:e9:76:20:
14:57:42:a5:d5:4d:c6:57:75:8c:08:6d:8d:20:cc:
dd:8c:7a:57:52:90:31:3c:c3:67:b8:dd:33:14:b6:
fd:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:89:EA:34:B0:79:D0:43:82:9E:7D:59:C0:03:37:A2:CF:35:B4:D0
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/HInqNLB50EOCnn1ZwAM3os81tNA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
7d:8c:ca:4a:3e:c7:07:34:26:35:72:15:1d:ab:ba:6a:a8:3c:
9f:b4:88:89:82:a2:34:b7:22:09:78:4e:61:c2:54:c4:e5:33:
c6:75:cd:36:a5:5e:a4:f0:c9:0b:fa:de:4a:1b:d9:e2:20:95:
8d:70:99:fc:af:49:72:68:d7:7f:f3:4a:42:31:7a:c3:56:af:
85:0a:1a:b9:b4:27:ec:0d:95:b5:42:6f:09:32:44:b8:71:e1:
6e:16:92:14:5d:bb:de:d4:11:8a:44:c9:1c:a6:d4:27:60:03:
c4:ea:2f:d8:c4:bc:cf:c7:71:e1:82:80:75:89:34:db:0e:ca:
fd:ab:b0:e2:bf:e5:e6:93:4f:ca:94:71:e6:7c:2d:6c:81:46:
27:1c:26:4c:98:2f:4e:db:e7:9c:d5:19:c5:43:6b:4d:53:1b:
3b:52:df:00:9a:21:ea:f5:d7:b8:48:0f:59:e7:8f:c6:9a:26:
2d:69:5c:93:c7:61:51:c3:05:0c:24:4b:9f:fc:59:ee:4d:b6:
e1:ea:15:dc:e6:24:ee:b7:d0:ac:f3:4a:21:f4:e8:b6:fb:0e:
25:74:f8:9e:03:80:ef:e0:fc:84:72:a8:6b:e1:51:14:0b:cd:
6e:f4:64:3e:2b:44:a2:f4:a6:b7:c0:ef:63:4c:43:ea:04:7e:
c8:e3:d9:b9
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeQgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MjAw
MjEyMTRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDFDODlFQTM0QjA3OUQw
NDM4MjlFN0Q1OUMwMDMzN0EyQ0YzNUI0RDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCpVSQRHE6UZAhPVKc60ur4y9qaX4fOsN4DVOWNc+WJ8wZbXBsE
BSify5uWHW7x/rxbc0Dlczc/ZK+JQgpo0+xavLlpAFToQ4N4iFXkBE9S4UrElVfn
7UYEZpUPN6OOzKj8X71eagzwGPu5kbPl5u3BairkRuiifxZDz1SQ57OzD+MaXSFD
trLIPsUr54/EGRtMUnHSjHPhvhUy105tGwXVdSFVDrPVDD4262RNvUgXC2ED8+IM
LSseYQ1hpjn3mebncHQIskkAF/OvRiFQNDC96Fa4cpKcgh1kBS/5bel2IBRXQqXV
TcZXdYwIbY0gzN2MeldSkDE8w2e43TMUtv3bAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUHInqNLB50EOCnn1ZwAM3os81tNAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0hJbnFOTEI1MEVPQ25u
MVp3QU0zb3M4MXROQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB9jMpK
PscHNCY1chUdq7pqqDyftIiJgqI0tyIJeE5hwlTE5TPGdc02pV6k8MkL+t5KG9ni
IJWNcJn8r0lyaNd/80pCMXrDVq+FChq5tCfsDZW1Qm8JMkS4ceFuFpIUXbve1BGK
RMkcptQnYAPE6i/YxLzPx3HhgoB1iTTbDsr9q7Div+Xmk0/KlHHmfC1sgUYnHCZM
mC9O2+ec1RnFQ2tNUxs7Ut8AmiHq9de4SA9Z54/GmiYtaVyTx2FRwwUMJEuf/Fnu
Tbbh6hXc5iTut9Cs80oh9Oi2+w4ldPieA4Dv4PyEcqhr4VEUC81u9GQ+K0Si9Ka3
wO9jTEPqBH7I49m5
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:55:48 2025 by rpki-client