Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/K7tjIS3rgaJfv6Dkh5L-AYm5B0c.roa
File: K7tjIS3rgaJfv6Dkh5L-AYm5B0c.roa (raw, json)
Hash identifier: LVlZmDqVDdrskY/lHWW8dA1USF6Mjz/rdooVbpB4sn0=
Subject key identifier: 2B:BB:63:21:2D:EB:81:A2:5F:BF:A0:E4:87:92:FE:01:89:B9:07:47
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 73D6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/K7tjIS3rgaJfv6Dkh5L-AYm5B0c.roa
Signing time: Sun 06 Jul 2025 05:14:56 +0000
ROA not before: Sun 06 Jul 2025 05:14:56 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29654 (0x73d6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 6 05:14:56 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=2BBB63212DEB81A25FBFA0E48792FE0189B90747
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:fe:9f:df:2f:69:e3:fa:f3:a2:fd:71:34:33:
dc:ff:5f:b4:90:31:0f:c0:cc:93:f1:f0:72:ae:df:
36:45:c5:95:0c:08:1e:15:1b:0d:78:23:30:a3:09:
42:e1:89:8c:86:15:2e:f9:25:22:ac:5b:bf:f5:ed:
92:92:68:07:d0:88:cf:45:b9:96:c6:89:de:26:32:
55:51:04:36:80:d3:d9:53:6e:c4:7c:b8:74:82:ba:
c9:7b:42:ab:a6:89:84:fd:91:4f:24:69:88:33:66:
19:12:6c:37:22:bb:6e:42:8f:ef:36:8c:f2:f4:53:
02:5d:13:c4:1d:d9:78:12:35:3e:f4:9c:b1:22:f5:
26:0b:0c:31:a2:70:8c:b2:1c:6b:a0:e3:0e:1b:5e:
56:e2:4a:63:fb:d7:f0:98:37:75:7f:d3:01:09:5f:
cb:46:e0:24:8d:fe:a7:a5:59:ba:82:0d:d9:e1:61:
1a:86:2c:bf:02:24:02:21:9f:20:93:ee:e8:1a:33:
42:db:7d:22:07:9d:2d:ff:c8:49:27:dc:37:89:1d:
91:00:9b:31:d9:b0:e2:37:a5:67:ec:e7:88:d6:e9:
f0:86:1f:75:8b:cb:81:47:a7:9b:8d:f7:7e:3e:70:
5d:90:43:1a:a0:ca:96:0e:96:b5:25:ee:c6:02:7b:
40:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:BB:63:21:2D:EB:81:A2:5F:BF:A0:E4:87:92:FE:01:89:B9:07:47
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/K7tjIS3rgaJfv6Dkh5L-AYm5B0c.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
84:17:56:af:c2:ff:70:97:59:85:48:e5:27:47:83:a4:a7:23:
40:8d:9c:28:77:26:6c:71:22:c6:30:44:76:b5:f1:fc:b1:8a:
6c:c6:9a:94:96:67:71:48:34:fe:27:98:0e:ed:b9:a8:bb:b4:
72:e6:a7:8d:eb:65:d8:89:5c:e4:11:86:05:d7:aa:4f:f1:79:
dc:84:14:be:c5:81:e1:8c:6e:cc:dc:0c:dc:ff:6e:95:47:4e:
5b:65:dc:f4:41:ec:8c:24:14:7f:71:76:87:41:67:ec:21:1e:
99:e4:8f:1e:e4:0f:c4:77:fa:35:31:7e:e8:42:51:5f:44:17:
55:d9:6e:89:c8:f7:5f:73:eb:68:e1:3e:90:a8:1e:ca:e9:0f:
fb:53:fc:f2:16:75:23:9b:8a:94:ec:67:77:20:65:04:bf:56:
30:42:ef:ea:c6:f3:07:45:9b:19:e6:50:a2:01:79:fc:01:35:
ad:0d:f2:18:61:9b:8b:db:2e:02:81:f7:d1:d6:d9:b5:af:c3:
05:5b:14:ed:78:64:dd:90:f0:a6:60:25:42:57:d4:f5:a9:d3:
1b:90:0f:cf:11:df:09:6f:da:5f:20:40:6d:a4:2c:45:0d:82:
ad:c6:23:77:29:17:6d:74:5e:bf:99:d6:1e:ef:5c:de:9f:8d:
55:cd:bf:11
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICc9YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDYw
NTE0NTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDJCQkI2MzIxMkRFQjgx
QTI1RkJGQTBFNDg3OTJGRTAxODlCOTA3NDcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDk/p/fL2nj+vOi/XE0M9z/X7SQMQ/AzJPx8HKu3zZFxZUMCB4V
Gw14IzCjCULhiYyGFS75JSKsW7/17ZKSaAfQiM9FuZbGid4mMlVRBDaA09lTbsR8
uHSCusl7QqumiYT9kU8kaYgzZhkSbDciu25Cj+82jPL0UwJdE8Qd2XgSNT70nLEi
9SYLDDGicIyyHGug4w4bXlbiSmP71/CYN3V/0wEJX8tG4CSN/qelWbqCDdnhYRqG
LL8CJAIhnyCT7ugaM0LbfSIHnS3/yEkn3DeJHZEAmzHZsOI3pWfs54jW6fCGH3WL
y4FHp5uN934+cF2QQxqgypYOlrUl7sYCe0CzAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUK7tjIS3rgaJfv6Dkh5L+AYm5B0cwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0s3dGpJUzNyZ2FKZnY2
RGtoNUwtQVltNUIwYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCEF1av
wv9wl1mFSOUnR4OkpyNAjZwodyZscSLGMER2tfH8sYpsxpqUlmdxSDT+J5gO7bmo
u7Ry5qeN62XYiVzkEYYF16pP8XnchBS+xYHhjG7M3Azc/26VR05bZdz0QeyMJBR/
cXaHQWfsIR6Z5I8e5A/Ed/o1MX7oQlFfRBdV2W6JyPdfc+to4T6QqB7K6Q/7U/zy
FnUjm4qU7Gd3IGUEv1YwQu/qxvMHRZsZ5lCiAXn8ATWtDfIYYZuL2y4CgffR1tm1
r8MFWxTteGTdkPCmYCVCV9T1qdMbkA/PEd8Jb9pfIEBtpCxFDYKtxiN3KRdtdF6/
mdYe71zen41Vzb8R
-----END CERTIFICATE-----
Generated at Sun Jul 20 20:46:10 2025 by rpki-client