Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/N3z8Fs3E7KASQXYanLkBgEq1wQU.roa
File: N3z8Fs3E7KASQXYanLkBgEq1wQU.roa (raw, json)
Hash identifier: MtGlg+g5baJ8MnMmkli41tz42e3GIAePcJsKgC+VODw=
Subject key identifier: 37:7C:FC:16:CD:C4:EC:A0:12:41:76:1A:9C:B9:01:80:4A:B5:C1:05
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7730
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/N3z8Fs3E7KASQXYanLkBgEq1wQU.roa
Signing time: Tue 15 Jul 2025 04:11:45 +0000
ROA not before: Tue 15 Jul 2025 04:11:45 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30512 (0x7730)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 15 04:11:45 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=377CFC16CDC4ECA01241761A9CB901804AB5C105
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:74:05:1f:69:a8:66:87:de:8e:31:03:df:c3:
59:5d:9f:94:ba:6d:9a:5d:98:f2:b4:91:90:76:fe:
2e:3c:01:20:ff:83:dd:1b:22:f6:0a:64:6c:ab:9f:
3b:62:bc:e0:ae:5c:d2:ae:b7:7f:65:9c:98:04:0a:
eb:2b:97:5d:21:46:cc:4c:45:97:d0:85:d9:d8:f2:
19:95:33:ce:46:8a:11:d0:a1:2a:b8:f4:f9:f9:e7:
93:78:a3:6d:14:1b:51:ad:de:32:7a:3b:ed:0f:eb:
f3:fb:14:7e:eb:50:1b:a1:ef:d9:20:59:51:ad:20:
8a:f6:49:70:f8:01:c1:c1:76:4c:5d:94:8c:e7:18:
66:82:17:37:9d:ba:c6:97:8a:05:e0:80:d5:1a:90:
e8:31:f0:ca:0b:03:aa:7b:af:83:10:3c:48:28:02:
27:d0:b1:01:e2:1c:d4:8f:da:c2:eb:60:fa:e4:a5:
3f:82:f9:e8:d5:22:f6:a6:07:a3:11:be:84:4b:d6:
35:7d:31:2c:72:6e:8a:fe:c1:89:5a:8f:37:9b:49:
49:e8:cf:1a:9d:7b:b4:67:6c:85:15:93:e3:fe:43:
a9:97:7d:dc:79:7f:2d:25:10:7a:b8:e7:17:48:89:
91:45:a5:7f:ff:53:b5:f3:26:0c:03:9c:2b:89:2f:
38:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:7C:FC:16:CD:C4:EC:A0:12:41:76:1A:9C:B9:01:80:4A:B5:C1:05
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/N3z8Fs3E7KASQXYanLkBgEq1wQU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
11:63:94:70:c4:7d:83:b1:bc:01:3c:2c:6a:3c:27:b9:f4:46:
dc:f3:c3:e0:8c:e9:c9:69:59:65:7b:72:e5:b2:d7:4c:19:63:
a7:dc:78:81:34:d0:0e:dd:86:c7:e6:49:55:c6:ce:59:67:5e:
3d:91:03:71:b8:50:f5:c2:aa:02:29:de:d5:c5:1a:f3:37:3d:
48:6d:34:f7:e5:40:25:87:5e:f4:97:f8:46:7f:4c:7d:99:8e:
cc:ce:ca:ff:fa:04:40:22:c4:75:ff:9c:db:95:c9:59:25:57:
b9:60:1f:24:9e:ab:94:7f:83:d1:04:11:28:66:6d:f1:0b:e4:
3a:68:64:d5:84:28:8d:1d:c5:c8:33:df:c8:81:cc:6a:8b:92:
cc:38:93:34:47:6d:44:cc:f0:6f:fd:11:36:3d:fd:4a:b0:e3:
d0:de:34:b4:e8:43:49:c8:a8:60:16:72:43:81:f6:15:a6:94:
c3:9a:8f:8f:07:9c:0f:02:60:b7:68:46:d6:60:bd:53:a6:c9:
84:30:49:bb:b7:86:65:2b:4e:d5:f5:ea:ce:4e:13:11:fc:28:
46:20:e1:ce:d5:ef:72:bc:ff:d0:4a:e9:84:d7:4c:36:03:21:
f0:8d:96:22:2b:6c:1a:84:5e:7e:11:0e:ac:a7:28:e6:d2:7e:
5f:26:de:c8
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdzAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTUw
NDExNDVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM3N0NGQzE2Q0RDNEVD
QTAxMjQxNzYxQTlDQjkwMTgwNEFCNUMxMDUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDfdAUfaahmh96OMQPfw1ldn5S6bZpdmPK0kZB2/i48ASD/g90b
IvYKZGyrnztivOCuXNKut39lnJgECusrl10hRsxMRZfQhdnY8hmVM85GihHQoSq4
9Pn555N4o20UG1Gt3jJ6O+0P6/P7FH7rUBuh79kgWVGtIIr2SXD4AcHBdkxdlIzn
GGaCFzedusaXigXggNUakOgx8MoLA6p7r4MQPEgoAifQsQHiHNSP2sLrYPrkpT+C
+ejVIvamB6MRvoRL1jV9MSxybor+wYlajzebSUnozxqde7RnbIUVk+P+Q6mXfdx5
fy0lEHq45xdIiZFFpX//U7XzJgwDnCuJLzjFAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUN3z8Fs3E7KASQXYanLkBgEq1wQUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L04zejhGczNFN0tBU1FY
WWFuTGtCZ0VxMXdRVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQARY5Rw
xH2DsbwBPCxqPCe59Ebc88PgjOnJaVlle3LlstdMGWOn3HiBNNAO3YbH5klVxs5Z
Z149kQNxuFD1wqoCKd7VxRrzNz1IbTT35UAlh170l/hGf0x9mY7Mzsr/+gRAIsR1
/5zblclZJVe5YB8knquUf4PRBBEoZm3xC+Q6aGTVhCiNHcXIM9/Igcxqi5LMOJM0
R21EzPBv/RE2Pf1KsOPQ3jS06ENJyKhgFnJDgfYVppTDmo+PB5wPAmC3aEbWYL1T
psmEMEm7t4ZlK07V9erOThMR/ChGIOHO1e9yvP/QSumE10w2AyHwjZYiK2wahF5+
EQ6spyjm0n5fJt7I
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:37:54 2025 by rpki-client