Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/HZadE0GHVbBPGz_KLBmP1J9RXDk.roa
File: HZadE0GHVbBPGz_KLBmP1J9RXDk.roa (raw, json)
Hash identifier: alxmxgpUxk+kPGMpKTaqkJkRbuJeOajO5788M863G48=
Subject key identifier: 1D:96:9D:13:41:87:55:B0:4F:1B:3F:CA:2C:19:8F:D4:9F:51:5C:39
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7724
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/HZadE0GHVbBPGz_KLBmP1J9RXDk.roa
Signing time: Tue 15 Jul 2025 01:12:42 +0000
ROA not before: Tue 15 Jul 2025 01:12:42 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30500 (0x7724)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 15 01:12:42 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=1D969D13418755B04F1B3FCA2C198FD49F515C39
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:41:49:06:b2:36:2d:e4:40:05:91:3a:a2:48:
ae:f5:c3:31:84:f9:b6:8f:a8:8e:ed:7c:23:4d:75:
c0:cd:fc:ed:0d:46:56:e0:ac:83:ac:69:b7:9c:ea:
04:e6:ca:97:4a:87:f8:29:d5:2c:da:9c:62:c0:35:
88:ac:6c:e2:66:76:4e:9e:b0:12:b7:15:aa:af:97:
12:52:a3:0c:30:8c:c4:93:04:92:03:d6:76:20:52:
b5:36:f0:51:d5:c5:a4:2f:40:e6:a6:aa:8b:74:a4:
1f:85:4a:75:d3:0f:56:f9:61:5e:0c:ee:e4:4c:ef:
42:da:31:0d:b1:a8:ae:65:7a:d0:6f:c1:a4:68:65:
dd:61:c8:d8:56:1a:6b:27:77:74:e5:8a:5c:2a:87:
b4:a2:a1:ca:2a:78:cf:b9:e8:69:ed:75:e4:2b:37:
91:a4:3a:60:5c:37:b9:42:2d:a1:cc:9d:7d:68:51:
82:08:e4:a7:83:b8:63:5c:6f:ad:58:0b:55:07:6c:
5e:c9:6c:99:93:2b:e2:3d:95:fc:19:ed:4e:47:ab:
2a:3d:0a:f8:31:d4:9c:ae:16:bf:cc:eb:17:27:06:
09:de:70:de:25:78:76:cb:5a:1e:f6:ba:27:e0:00:
a0:d2:5d:d7:31:af:64:1b:e0:d5:62:78:d2:80:25:
17:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:96:9D:13:41:87:55:B0:4F:1B:3F:CA:2C:19:8F:D4:9F:51:5C:39
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/HZadE0GHVbBPGz_KLBmP1J9RXDk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
a8:10:8f:02:fc:c9:05:78:c7:bc:bf:e5:65:92:b9:e9:81:5d:
63:1a:7f:90:8f:1f:ec:96:17:71:36:38:6c:1a:7e:64:19:dc:
38:58:e7:0b:73:0c:47:6b:7d:71:8f:ad:c3:1d:35:46:66:4a:
f0:5f:f8:55:44:a2:74:da:c6:12:bc:66:a6:66:58:6a:0d:e3:
a9:c0:fe:78:e8:0a:14:89:41:ff:0f:6c:a3:25:2d:94:81:5f:
f3:88:09:b5:4e:1d:e9:86:ea:b6:3a:74:aa:07:93:14:da:89:
3e:49:09:b3:56:6d:e4:c0:d7:e1:08:99:ba:99:a5:f9:69:8d:
8d:d4:c8:9a:46:ad:68:b0:95:a3:a7:91:ee:7b:3c:66:ee:92:
39:28:dc:1d:08:b9:f0:86:b7:8a:66:0d:f5:8d:ad:c2:1e:75:
6a:1a:ef:8a:26:da:98:41:6b:cc:00:d6:17:28:f9:f6:1c:8d:
4f:d5:d4:d7:5a:d8:01:fe:46:41:e4:bc:11:ac:04:eb:c9:f2:
e5:b4:b6:a3:92:fc:4a:3a:23:9a:27:df:0a:3b:53:18:7d:90:
a8:d1:a5:75:ea:b8:3e:0f:d0:ac:11:0a:45:57:b9:20:fb:e9:
02:92:08:48:30:73:3b:45:35:75:6b:fd:55:b6:be:86:bf:b5:
f7:b3:ba:82
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdyQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTUw
MTEyNDJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDFEOTY5RDEzNDE4NzU1
QjA0RjFCM0ZDQTJDMTk4RkQ0OUY1MTVDMzkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCrQUkGsjYt5EAFkTqiSK71wzGE+baPqI7tfCNNdcDN/O0NRlbg
rIOsabec6gTmypdKh/gp1SzanGLANYisbOJmdk6esBK3FaqvlxJSowwwjMSTBJID
1nYgUrU28FHVxaQvQOamqot0pB+FSnXTD1b5YV4M7uRM70LaMQ2xqK5letBvwaRo
Zd1hyNhWGmsnd3Tlilwqh7SiocoqeM+56GntdeQrN5GkOmBcN7lCLaHMnX1oUYII
5KeDuGNcb61YC1UHbF7JbJmTK+I9lfwZ7U5Hqyo9Cvgx1JyuFr/M6xcnBgnecN4l
eHbLWh72uifgAKDSXdcxr2Qb4NVieNKAJRdrAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUHZadE0GHVbBPGz/KLBmP1J9RXDkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0haYWRFMEdIVmJCUEd6
X0tMQm1QMUo5UlhEay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCoEI8C
/MkFeMe8v+VlkrnpgV1jGn+Qjx/slhdxNjhsGn5kGdw4WOcLcwxHa31xj63DHTVG
ZkrwX/hVRKJ02sYSvGamZlhqDeOpwP546AoUiUH/D2yjJS2UgV/ziAm1Th3phuq2
OnSqB5MU2ok+SQmzVm3kwNfhCJm6maX5aY2N1MiaRq1osJWjp5Huezxm7pI5KNwd
CLnwhreKZg31ja3CHnVqGu+KJtqYQWvMANYXKPn2HI1P1dTXWtgB/kZB5LwRrATr
yfLltLajkvxKOiOaJ98KO1MYfZCo0aV16rg+D9CsEQpFV7kg++kCkghIMHM7RTV1
a/1Vtr6Gv7X3s7qC
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:52:30 2025 by rpki-client