Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/HweKPj7EKKdic7Qs6XhZk2avkxw.roa
File: HweKPj7EKKdic7Qs6XhZk2avkxw.roa (raw, json)
Hash identifier: 6ssZLABRL9yo5uTFF6/GZwx/FpO/SFg1K2OoeZJIyvk=
Subject key identifier: 1F:07:8A:3E:3E:C4:28:A7:62:73:B4:2C:E9:78:59:93:66:AF:93:1C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7606
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/HweKPj7EKKdic7Qs6XhZk2avkxw.roa
Signing time: Sat 12 Jul 2025 01:41:34 +0000
ROA not before: Sat 12 Jul 2025 01:41:34 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30214 (0x7606)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 12 01:41:34 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=1F078A3E3EC428A76273B42CE978599366AF931C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:bc:07:82:12:cd:17:b3:33:2e:96:b3:0e:4d:
c3:26:8f:fb:a3:24:1e:a3:cd:96:6f:a7:0e:bb:34:
d3:82:ad:9a:1a:7d:03:d4:3c:15:55:d1:3a:62:be:
65:f1:ba:f1:30:95:59:11:9a:4e:aa:38:fb:c5:b8:
85:19:1c:47:e6:92:ee:fe:f5:c2:53:74:e8:86:5d:
76:db:df:9c:d7:b1:89:2c:aa:12:4d:b9:72:10:24:
70:a3:a0:1b:da:50:3f:02:3c:58:6f:55:be:ee:25:
ea:18:3f:7e:ce:91:7d:91:7b:80:7b:d4:52:7a:9e:
fb:01:cc:b4:7e:85:70:dd:36:1c:2e:b2:1a:6d:9e:
4c:45:e7:ea:c0:76:93:10:92:4b:ba:b1:79:61:55:
f8:62:d3:37:7b:99:82:8d:0f:eb:cf:d2:e4:43:96:
a3:2e:9d:be:a5:95:11:f1:57:c0:15:21:78:4a:8e:
ea:60:6e:86:b5:27:b4:18:d3:61:6e:e7:64:5b:30:
6d:ed:9e:d5:29:da:cd:4b:52:04:3d:4a:a9:83:39:
d4:9a:f9:29:91:75:4f:53:d7:74:78:64:c8:82:64:
4a:18:7f:05:71:3e:79:31:35:c7:f1:a8:be:e2:cf:
0e:16:d8:d1:05:68:8d:8f:4a:48:00:aa:b9:38:71:
46:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:07:8A:3E:3E:C4:28:A7:62:73:B4:2C:E9:78:59:93:66:AF:93:1C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/HweKPj7EKKdic7Qs6XhZk2avkxw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
76:55:30:03:70:23:10:02:96:d7:79:80:c3:39:2e:f6:8c:ee:
8a:34:35:2b:86:73:14:1b:01:f6:dc:c2:40:ab:4f:f7:83:a2:
5d:ba:aa:cb:4e:21:3f:94:c7:1b:56:b1:48:9f:67:7a:44:a6:
b8:6d:f4:4e:6b:fb:cb:f3:33:c4:ba:07:ee:b5:73:d3:25:d8:
ab:e8:96:ef:6d:ee:4b:f0:60:0d:7d:9a:26:9d:38:e0:2d:11:
e5:23:8d:a0:83:1b:24:94:0c:61:38:bf:7e:2d:dc:2c:3b:13:
01:2e:74:9f:70:6e:b2:20:28:d4:72:2f:53:ca:c3:fd:95:dd:
08:7f:27:ca:31:33:a5:c3:44:18:b0:15:16:e6:14:4c:ae:e0:
e6:e1:9e:b8:6b:d2:25:3d:f1:9c:08:be:5b:01:73:48:34:a7:
7d:91:e2:39:fb:97:3c:41:e9:57:b0:7b:cb:a7:64:77:1d:06:
01:30:c2:c4:de:4e:ca:e3:26:36:3c:79:8a:de:1d:dd:1a:ba:
97:a9:1a:6c:68:f3:fa:16:2f:43:7d:91:d9:00:19:12:15:87:
94:7d:33:54:21:b0:d8:22:2b:5d:73:b3:04:b9:ab:38:50:ae:
65:ae:89:b0:0f:96:11:13:7e:1c:37:c1:35:28:4d:8e:23:52:
69:f2:5c:b7
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdgYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTIw
MTQxMzRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDFGMDc4QTNFM0VDNDI4
QTc2MjczQjQyQ0U5Nzg1OTkzNjZBRjkzMUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKvAeCEs0XszMulrMOTcMmj/ujJB6jzZZvpw67NNOCrZoafQPU
PBVV0TpivmXxuvEwlVkRmk6qOPvFuIUZHEfmku7+9cJTdOiGXXbb35zXsYksqhJN
uXIQJHCjoBvaUD8CPFhvVb7uJeoYP37OkX2Re4B71FJ6nvsBzLR+hXDdNhwushpt
nkxF5+rAdpMQkku6sXlhVfhi0zd7mYKND+vP0uRDlqMunb6llRHxV8AVIXhKjupg
boa1J7QY02Fu52RbMG3tntUp2s1LUgQ9SqmDOdSa+SmRdU9T13R4ZMiCZEoYfwVx
PnkxNcfxqL7izw4W2NEFaI2PSkgAqrk4cUb5AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUHweKPj7EKKdic7Qs6XhZk2avkxwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0h3ZUtQajdFS0tkaWM3
UXM2WGhaazJhdmt4dy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB2VTAD
cCMQApbXeYDDOS72jO6KNDUrhnMUGwH23MJAq0/3g6JduqrLTiE/lMcbVrFIn2d6
RKa4bfROa/vL8zPEugfutXPTJdir6Jbvbe5L8GANfZomnTjgLRHlI42ggxsklAxh
OL9+LdwsOxMBLnSfcG6yICjUci9TysP9ld0IfyfKMTOlw0QYsBUW5hRMruDm4Z64
a9IlPfGcCL5bAXNINKd9keI5+5c8QelXsHvLp2R3HQYBMMLE3k7K4yY2PHmK3h3d
GrqXqRpsaPP6Fi9DfZHZABkSFYeUfTNUIbDYIitdc7MEuas4UK5lromwD5YRE34c
N8E1KE2OI1Jp8ly3
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:47:39 2025 by rpki-client