Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/HVAQuy1j6JZ-9i5IWyvHjf-JmVM.roa
File: HVAQuy1j6JZ-9i5IWyvHjf-JmVM.roa (raw, json)
Hash identifier: EU8WxNEPUlIZ/bDZERqy7fnk8EGYfwnIvBY+NUV7Nus=
Subject key identifier: 1D:50:10:BB:2D:63:E8:96:7E:F6:2E:48:5B:2B:C7:8D:FF:89:99:53
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7802
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/HVAQuy1j6JZ-9i5IWyvHjf-JmVM.roa
Signing time: Thu 17 Jul 2025 08:42:33 +0000
ROA not before: Thu 17 Jul 2025 08:42:33 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30722 (0x7802)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 17 08:42:33 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=1D5010BB2D63E8967EF62E485B2BC78DFF899953
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:63:de:0c:6a:6c:c9:bd:55:69:00:91:31:69:
70:68:fc:16:04:95:57:2a:bd:45:d9:cd:41:60:1b:
4a:ec:0e:2e:de:c5:43:2c:bf:52:19:67:4e:1b:02:
87:1a:a9:0a:34:7a:c9:d1:b1:4f:95:59:a2:f4:0e:
a9:65:f4:7f:07:09:4e:dc:86:65:88:64:89:bb:fe:
ab:cf:4d:03:a2:ef:d7:c3:91:82:6b:d9:2b:b5:af:
83:38:d9:f9:88:c2:b0:d0:2c:9e:8d:f2:63:5b:94:
de:a3:20:ac:51:48:e5:37:bd:5e:96:8b:54:8a:89:
6b:f4:d5:1d:b8:61:8c:9c:aa:94:ae:0d:9c:16:e8:
23:53:63:70:e4:15:c0:ea:62:54:60:c0:db:2b:59:
c1:d1:65:dd:07:fc:f9:5d:9c:01:f3:bc:97:28:5d:
98:d1:b1:13:d6:61:80:c4:5f:79:da:86:99:21:c2:
67:0a:2c:20:4d:c6:22:15:ab:68:50:0d:df:8e:32:
cb:17:49:c7:05:25:45:82:a2:49:37:bf:81:3d:ee:
8f:3c:da:60:39:67:9a:d4:a7:1b:95:85:83:c4:4b:
5f:c9:61:d3:a3:c4:60:b0:31:bf:6a:20:08:1b:bd:
3e:a1:bd:7e:ca:19:0e:06:ff:af:79:86:be:dc:42:
c7:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:50:10:BB:2D:63:E8:96:7E:F6:2E:48:5B:2B:C7:8D:FF:89:99:53
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/HVAQuy1j6JZ-9i5IWyvHjf-JmVM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
2e:f8:60:d5:66:97:4d:ff:e1:88:c2:ce:fb:da:d8:48:9f:31:
1d:0e:c9:51:3f:cb:f4:90:09:2b:7a:58:d2:45:b9:c6:41:ad:
ba:fa:4a:ed:d2:c5:9a:70:a7:42:61:cf:98:a4:15:f5:01:e7:
33:ef:be:65:01:3f:7f:ce:da:73:88:1b:c6:58:1a:8f:16:97:
64:e0:69:5a:c7:0d:d2:b1:88:46:d0:bc:76:a1:ca:3c:b6:fe:
b3:77:8c:d8:e3:e1:cd:8e:09:39:cb:54:02:9a:d3:a2:b5:c2:
d8:43:71:23:30:85:27:02:0f:f4:ca:41:a6:dc:f0:6c:30:f7:
d4:cd:33:59:7a:3f:e5:0b:46:3e:27:43:c9:24:7d:15:0b:57:
8a:9f:dd:6c:43:a3:fb:e5:49:cd:72:e2:3f:48:20:6a:09:82:
d2:d5:36:35:e2:7a:52:c6:d0:5d:17:0f:fd:5d:c8:92:e1:90:
99:6a:c4:14:c8:37:3b:bc:b7:e5:e2:60:6e:5b:bb:fc:d3:24:
90:be:70:09:55:82:d6:59:9f:a8:81:ba:04:13:3e:42:39:2f:
70:da:ae:05:52:0d:22:e5:bc:e3:cd:ba:58:e7:c8:e1:6d:6d:
50:b2:07:db:56:52:d1:1c:b5:8a:f9:92:9e:ee:d6:48:48:ba:
34:8c:87:36
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeAIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTcw
ODQyMzNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDFENTAxMEJCMkQ2M0U4
OTY3RUY2MkU0ODVCMkJDNzhERkY4OTk5NTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCYY94MamzJvVVpAJExaXBo/BYElVcqvUXZzUFgG0rsDi7exUMs
v1IZZ04bAocaqQo0esnRsU+VWaL0Dqll9H8HCU7chmWIZIm7/qvPTQOi79fDkYJr
2Su1r4M42fmIwrDQLJ6N8mNblN6jIKxRSOU3vV6Wi1SKiWv01R24YYycqpSuDZwW
6CNTY3DkFcDqYlRgwNsrWcHRZd0H/PldnAHzvJcoXZjRsRPWYYDEX3nahpkhwmcK
LCBNxiIVq2hQDd+OMssXSccFJUWCokk3v4E97o882mA5Z5rUpxuVhYPES1/JYdOj
xGCwMb9qIAgbvT6hvX7KGQ4G/695hr7cQsfZAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUHVAQuy1j6JZ+9i5IWyvHjf+JmVMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0hWQVF1eTFqNkpaLTlp
NUlXeXZIamYtSm1WTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAu+GDV
ZpdN/+GIws772thInzEdDslRP8v0kAkreljSRbnGQa26+krt0sWacKdCYc+YpBX1
Aecz775lAT9/ztpziBvGWBqPFpdk4Glaxw3SsYhG0Lx2oco8tv6zd4zY4+HNjgk5
y1QCmtOitcLYQ3EjMIUnAg/0ykGm3PBsMPfUzTNZej/lC0Y+J0PJJH0VC1eKn91s
Q6P75UnNcuI/SCBqCYLS1TY14npSxtBdFw/9XciS4ZCZasQUyDc7vLfl4mBuW7v8
0ySQvnAJVYLWWZ+ogboEEz5COS9w2q4FUg0i5bzjzbpY58jhbW1QsgfbVlLRHLWK
+ZKe7tZISLo0jIc2
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:33:56 2025 by rpki-client