Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/I5X5HAfJ31GFNAglCAML4Hx_02U.roa
File: I5X5HAfJ31GFNAglCAML4Hx_02U.roa (raw, json)
Hash identifier: NYfIMJf2nemmkVhcGS1i+a1YhG2FoBQ1Vh/TBjrE6RY=
Subject key identifier: 23:95:F9:1C:07:C9:DF:51:85:34:08:25:08:03:0B:E0:7C:7F:D3:65
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 76A8
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/I5X5HAfJ31GFNAglCAML4Hx_02U.roa
Signing time: Sun 13 Jul 2025 18:15:06 +0000
ROA not before: Sun 13 Jul 2025 18:15:06 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30376 (0x76a8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 13 18:15:06 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=2395F91C07C9DF518534082508030BE07C7FD365
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:55:84:e7:0e:61:0f:68:96:31:c3:14:ed:f8:
f0:2c:1c:b1:47:df:f5:db:87:ce:df:0b:f8:95:3f:
f7:95:94:8d:5b:0b:78:cb:1b:fe:d1:63:16:fc:d5:
a4:3e:14:e5:09:47:99:0b:fa:1a:c1:0a:a2:68:ce:
59:ad:25:91:d1:70:06:2d:23:16:d2:48:d3:d3:4a:
fc:f1:f4:39:87:2c:3f:3e:c6:97:6b:11:65:d4:19:
c2:26:1a:4a:81:07:17:46:06:84:62:7c:f4:f0:a0:
0d:92:9d:9b:0c:8b:72:1c:72:35:c2:d4:b8:df:48:
6d:79:34:32:20:06:de:88:49:b4:62:fb:1c:ad:21:
7e:29:e5:c1:87:2b:3b:2f:71:92:b7:bc:b5:25:0b:
2a:9a:3d:4f:5a:f1:64:c3:17:c8:17:56:d5:fd:fe:
68:7f:21:74:98:75:f4:60:ed:8d:05:7e:51:2a:5c:
4e:b8:c6:44:b9:e2:16:24:78:ff:32:4b:ea:65:db:
99:0e:d8:c8:57:5f:e5:6e:5a:ca:7f:24:7b:67:e3:
7d:7b:5c:0e:e1:89:8f:00:ca:fc:60:c5:1a:dd:1f:
96:45:eb:93:9f:fb:43:aa:f6:34:f5:46:4e:24:24:
e9:96:1c:3d:21:c4:be:e8:13:61:54:14:f9:e6:3b:
12:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:95:F9:1C:07:C9:DF:51:85:34:08:25:08:03:0B:E0:7C:7F:D3:65
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/I5X5HAfJ31GFNAglCAML4Hx_02U.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
4b:b2:92:f0:6d:4f:bc:51:c8:b0:e6:af:1e:ad:1f:ee:15:20:
31:db:2e:23:2b:0c:7b:11:cf:be:43:0c:8a:d5:b3:dc:72:7a:
a5:e5:2e:82:f3:33:d3:e5:68:f8:d8:78:cd:3c:31:65:68:78:
30:6f:8e:c6:48:29:de:b0:40:58:05:38:1f:d8:47:56:0c:ab:
3a:9b:f6:54:58:47:78:b6:3b:be:97:5c:a1:37:7e:03:29:a5:
e6:80:d6:b5:e2:c8:cc:a5:0a:79:d2:58:19:f7:b2:ac:15:f7:
2b:06:73:46:64:44:26:09:88:22:fc:3e:6b:17:62:73:3e:6d:
1b:51:04:c5:6a:b3:87:5e:49:53:0c:ae:39:55:1b:67:94:b5:
ad:14:23:e1:07:42:84:05:06:57:ad:b3:12:50:16:36:98:25:
e4:6f:7f:7f:e5:c8:21:3c:aa:b5:b3:67:52:bd:50:76:11:5c:
83:fa:e4:76:05:03:d6:0d:43:f6:21:03:8d:8b:1a:7f:52:ee:
bc:85:95:ae:ba:e4:9e:24:af:f2:6d:5d:f6:94:d0:04:86:31:
5d:d6:94:58:db:35:50:32:1e:64:8d:cc:7e:eb:ce:3b:fc:0b:
c5:43:d3:d8:ea:71:47:47:1b:51:86:ea:cf:a2:80:31:7c:d6:
4f:17:20:67
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdqgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTMx
ODE1MDZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDIzOTVGOTFDMDdDOURG
NTE4NTM0MDgyNTA4MDMwQkUwN0M3RkQzNjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+VYTnDmEPaJYxwxTt+PAsHLFH3/Xbh87fC/iVP/eVlI1bC3jL
G/7RYxb81aQ+FOUJR5kL+hrBCqJozlmtJZHRcAYtIxbSSNPTSvzx9DmHLD8+xpdr
EWXUGcImGkqBBxdGBoRifPTwoA2SnZsMi3IccjXC1LjfSG15NDIgBt6ISbRi+xyt
IX4p5cGHKzsvcZK3vLUlCyqaPU9a8WTDF8gXVtX9/mh/IXSYdfRg7Y0FflEqXE64
xkS54hYkeP8yS+pl25kO2MhXX+VuWsp/JHtn4317XA7hiY8AyvxgxRrdH5ZF65Of
+0Oq9jT1Rk4kJOmWHD0hxL7oE2FUFPnmOxI5AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUI5X5HAfJ31GFNAglCAML4Hx/02UwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0k1WDVIQWZKMzFHRk5B
Z2xDQU1MNEh4XzAyVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBLspLw
bU+8Uciw5q8erR/uFSAx2y4jKwx7Ec++QwyK1bPccnql5S6C8zPT5Wj42HjNPDFl
aHgwb47GSCnesEBYBTgf2EdWDKs6m/ZUWEd4tju+l1yhN34DKaXmgNa14sjMpQp5
0lgZ97KsFfcrBnNGZEQmCYgi/D5rF2JzPm0bUQTFarOHXklTDK45VRtnlLWtFCPh
B0KEBQZXrbMSUBY2mCXkb39/5cghPKq1s2dSvVB2EVyD+uR2BQPWDUP2IQONixp/
Uu68hZWuuuSeJK/ybV32lNAEhjFd1pRY2zVQMh5kjcx+6847/AvFQ9PY6nFHRxtR
hurPooAxfNZPFyBn
-----END CERTIFICATE-----
Generated at Sun Jul 20 16:33:40 2025 by rpki-client