Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/I7FI3qxXDJ8kzFI800uMdXHgp6Y.roa
File: I7FI3qxXDJ8kzFI800uMdXHgp6Y.roa (raw, json)
Hash identifier: Kmh2Owj6gaADTNEaidJ746Ord4VeSY3w4KF0F3atfgA=
Subject key identifier: 23:B1:48:DE:AC:57:0C:9F:24:CC:52:3C:D3:4B:8C:75:71:E0:A7:A6
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 77C6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/I7FI3qxXDJ8kzFI800uMdXHgp6Y.roa
Signing time: Wed 16 Jul 2025 17:41:59 +0000
ROA not before: Wed 16 Jul 2025 17:41:59 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30662 (0x77c6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 16 17:41:59 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=23B148DEAC570C9F24CC523CD34B8C7571E0A7A6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:96:ce:a8:59:c9:9e:e9:2f:85:b3:87:70:50:
73:b1:f1:87:2a:75:4b:c9:52:f8:01:6d:fd:0b:cd:
41:b3:2d:41:55:e6:6a:7e:82:49:fd:96:2b:fc:c5:
07:42:74:24:9c:5c:aa:bc:0f:5e:2e:63:50:28:c4:
a0:bc:83:9d:82:6e:93:90:7a:61:83:d2:01:4c:68:
24:c6:f4:52:3d:9a:55:e2:26:34:67:a9:e9:b7:45:
c4:0b:51:5c:9e:af:dc:76:b2:1c:65:59:c3:73:55:
44:69:12:62:17:de:e5:5f:04:13:4a:76:43:87:e7:
36:c3:45:22:b5:62:d8:0f:08:67:30:cd:18:16:fa:
cc:ba:84:54:50:e8:8f:90:a5:6c:69:f3:1c:51:9e:
9a:55:c2:15:aa:b4:07:71:9b:98:15:e0:d8:ec:27:
9d:78:81:c2:83:2e:25:78:83:68:f4:20:60:e8:c5:
ac:1c:6c:e5:e5:da:3a:4a:22:00:4a:88:1e:9b:1f:
29:6b:42:77:6e:64:11:c5:a9:e1:9d:41:ef:d5:0c:
09:db:73:76:5e:b1:f3:a1:e3:22:24:df:4e:33:5e:
42:95:c8:17:cb:17:c6:62:52:33:96:0a:a7:0d:f9:
14:52:29:35:7c:d8:4c:c9:79:8f:a3:ca:9f:93:f3:
09:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:B1:48:DE:AC:57:0C:9F:24:CC:52:3C:D3:4B:8C:75:71:E0:A7:A6
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/I7FI3qxXDJ8kzFI800uMdXHgp6Y.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
86:fc:80:34:9b:d5:c3:9a:73:aa:90:1a:13:e8:a7:e2:aa:d7:
c9:51:71:9e:85:45:fd:3b:db:3c:39:42:bc:d7:2e:ad:ff:cc:
e5:74:64:89:5e:c4:76:d3:4f:cc:06:f9:0d:42:ac:e6:a9:0c:
1e:eb:4c:61:b4:59:5e:99:05:bc:b4:ba:d3:26:db:94:af:23:
c7:1b:b9:53:d5:f7:eb:b0:00:fd:f9:f0:0c:f0:1d:cc:5f:ba:
24:5d:61:0c:d3:27:5a:8c:48:64:bb:4f:46:0f:f3:80:6b:15:
e8:6c:39:94:2a:05:7f:50:fa:8f:a3:c7:bb:7a:5f:b9:3c:36:
b8:1b:3d:41:9b:40:42:c3:92:1e:59:bc:2e:07:48:aa:e7:34:
7d:af:a3:4c:f3:45:2c:e2:ea:64:a6:e2:f3:d0:86:7d:83:14:
a4:25:54:4a:2b:2d:09:19:29:ca:07:58:26:b8:e4:2a:74:e7:
d2:8f:85:00:c8:9e:be:11:35:27:27:c4:3c:4f:8c:1c:53:57:
0a:63:1e:5a:94:87:7a:be:33:40:2d:b8:61:74:ac:0e:a5:39:
c0:a9:4b:e5:6b:8c:8b:af:36:ee:11:35:f3:19:4e:34:a0:4c:
05:14:72:0a:3f:e3:77:f7:d3:e0:fe:97:9c:66:31:6f:38:ff:
bc:8d:e4:f3
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICd8YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTYx
NzQxNTlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDIzQjE0OERFQUM1NzBD
OUYyNENDNTIzQ0QzNEI4Qzc1NzFFMEE3QTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC0ls6oWcme6S+Fs4dwUHOx8YcqdUvJUvgBbf0LzUGzLUFV5mp+
gkn9liv8xQdCdCScXKq8D14uY1AoxKC8g52CbpOQemGD0gFMaCTG9FI9mlXiJjRn
qem3RcQLUVyer9x2shxlWcNzVURpEmIX3uVfBBNKdkOH5zbDRSK1YtgPCGcwzRgW
+sy6hFRQ6I+QpWxp8xxRnppVwhWqtAdxm5gV4NjsJ514gcKDLiV4g2j0IGDoxawc
bOXl2jpKIgBKiB6bHylrQnduZBHFqeGdQe/VDAnbc3ZesfOh4yIk304zXkKVyBfL
F8ZiUjOWCqcN+RRSKTV82EzJeY+jyp+T8wnnAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUI7FI3qxXDJ8kzFI800uMdXHgp6YwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0k3RkkzcXhYREo4a3pG
STgwMHVNZFhIZ3A2WS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCG/IA0
m9XDmnOqkBoT6KfiqtfJUXGehUX9O9s8OUK81y6t/8zldGSJXsR200/MBvkNQqzm
qQwe60xhtFlemQW8tLrTJtuUryPHG7lT1ffrsAD9+fAM8B3MX7okXWEM0ydajEhk
u09GD/OAaxXobDmUKgV/UPqPo8e7el+5PDa4Gz1Bm0BCw5IeWbwuB0iq5zR9r6NM
80Us4upkpuLz0IZ9gxSkJVRKKy0JGSnKB1gmuOQqdOfSj4UAyJ6+ETUnJ8Q8T4wc
U1cKYx5alId6vjNALbhhdKwOpTnAqUvla4yLrzbuETXzGU40oEwFFHIKP+N399Pg
/pecZjFvOP+8jeTz
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:54:45 2025 by rpki-client