Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/PH4yJpWAVooNNjOivGl-TBybi2s.roa
File: PH4yJpWAVooNNjOivGl-TBybi2s.roa (raw, json)
Hash identifier: yyf5Sau7WMvJeGLAyednW1chrSIDs05V3dznupAaQy0=
Subject key identifier: 3C:7E:32:26:95:80:56:8A:0D:36:33:A2:BC:69:7E:4C:1C:9B:8B:6B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 765C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PH4yJpWAVooNNjOivGl-TBybi2s.roa
Signing time: Sat 12 Jul 2025 23:15:04 +0000
ROA not before: Sat 12 Jul 2025 23:15:04 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30300 (0x765c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 12 23:15:04 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=3C7E32269580568A0D3633A2BC697E4C1C9B8B6B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:ac:5a:43:2a:4f:ec:37:d7:34:6f:e9:70:3c:
83:b0:dc:ae:81:07:d0:d7:bf:93:89:86:e3:2d:8f:
cb:f2:6c:cb:c4:e2:8b:40:09:49:eb:69:b7:38:1f:
b7:41:c4:72:d0:af:a0:f4:88:6b:0d:b8:01:4d:fe:
85:2e:d3:9e:07:84:4e:2e:c0:34:37:3e:79:d3:0c:
c7:6a:74:f7:69:38:6e:fe:ff:9d:52:d3:c8:92:74:
8e:67:ad:cb:83:5c:d2:64:da:f4:0a:71:ec:a1:c1:
49:40:e7:4e:21:29:70:dc:ed:6d:78:36:84:72:32:
1f:0e:c6:24:ec:19:f4:c4:10:3a:61:9b:67:78:fa:
28:d2:bb:18:6d:71:9c:0f:c1:13:66:92:73:ab:a2:
13:f9:31:10:6a:29:50:a6:8f:8c:a3:1b:d0:2e:ea:
6f:f8:bd:f6:97:49:64:19:fe:d7:de:73:65:64:62:
41:25:86:d2:78:c1:85:a3:b4:e6:b1:69:c1:60:b7:
dc:ee:3d:e4:9c:39:3c:c8:6f:56:b2:e0:35:62:14:
f7:a0:69:a4:5d:2f:a7:47:0e:a4:33:81:65:59:2a:
a7:5f:b9:85:de:6e:93:13:fa:64:09:fd:10:62:60:
37:e0:98:52:2c:c5:7a:0c:64:b0:21:26:08:26:47:
ba:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:7E:32:26:95:80:56:8A:0D:36:33:A2:BC:69:7E:4C:1C:9B:8B:6B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PH4yJpWAVooNNjOivGl-TBybi2s.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
41:6e:74:e5:3f:a1:84:7d:9c:a8:75:f1:39:ef:fa:57:a9:aa:
dc:3e:0c:e6:b1:89:82:9a:05:ad:00:8a:84:f6:b1:87:d3:d0:
c4:c8:74:a9:ab:af:6c:0f:88:ea:55:53:71:1b:1e:8c:6e:51:
f8:5e:f1:d5:ec:21:00:f1:f3:4e:1d:fb:b8:e8:db:25:d4:dc:
db:c1:1b:d7:4e:1d:c6:61:38:ca:30:84:59:ca:3e:6c:fc:42:
d8:d9:03:8a:14:3d:47:d3:d4:66:cf:6b:85:7b:be:88:ab:fd:
ac:42:7a:ab:71:49:3f:94:57:cc:c2:9c:30:33:28:ce:64:2d:
2b:c6:ed:2c:03:96:bb:7b:37:da:40:3a:c0:28:e4:84:2b:6b:
0d:7b:15:c3:b5:c1:4e:33:ff:55:fe:92:c3:fe:24:fa:d1:a4:
84:c3:79:b9:f3:56:fe:29:29:03:df:ed:11:b4:83:be:1f:33:
07:f7:9a:d1:78:ad:f4:bf:b6:dc:41:68:3f:32:e5:48:2a:ef:
8f:aa:b9:40:e1:40:47:82:cf:76:a9:30:16:e3:f1:f3:79:e4:
8d:66:49:60:fa:d4:ac:99:c0:e1:af:c9:54:a4:c7:87:c7:ed:
01:e1:be:c5:2a:cd:02:5f:41:9c:06:16:4a:e6:5c:8e:d1:41:
79:93:f9:1d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdlwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTIy
MzE1MDRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDNDN0UzMjI2OTU4MDU2
OEEwRDM2MzNBMkJDNjk3RTRDMUM5QjhCNkIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCxrFpDKk/sN9c0b+lwPIOw3K6BB9DXv5OJhuMtj8vybMvE4otA
CUnrabc4H7dBxHLQr6D0iGsNuAFN/oUu054HhE4uwDQ3PnnTDMdqdPdpOG7+/51S
08iSdI5nrcuDXNJk2vQKceyhwUlA504hKXDc7W14NoRyMh8OxiTsGfTEEDphm2d4
+ijSuxhtcZwPwRNmknOrohP5MRBqKVCmj4yjG9Au6m/4vfaXSWQZ/tfec2VkYkEl
htJ4wYWjtOaxacFgt9zuPeScOTzIb1ay4DViFPegaaRdL6dHDqQzgWVZKqdfuYXe
bpMT+mQJ/RBiYDfgmFIsxXoMZLAhJggmR7qNAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUPH4yJpWAVooNNjOivGl+TBybi2swHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1BINHlKcFdBVm9vTk5q
T2l2R2wtVEJ5Ymkycy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBBbnTl
P6GEfZyodfE57/pXqarcPgzmsYmCmgWtAIqE9rGH09DEyHSpq69sD4jqVVNxGx6M
blH4XvHV7CEA8fNOHfu46Nsl1NzbwRvXTh3GYTjKMIRZyj5s/ELY2QOKFD1H09Rm
z2uFe76Iq/2sQnqrcUk/lFfMwpwwMyjOZC0rxu0sA5a7ezfaQDrAKOSEK2sNexXD
tcFOM/9V/pLD/iT60aSEw3m581b+KSkD3+0RtIO+HzMH95rReK30v7bcQWg/MuVI
Ku+PqrlA4UBHgs92qTAW4/HzeeSNZklg+tSsmcDhr8lUpMeHx+0B4b7FKs0CX0Gc
BhZK5lyO0UF5k/kd
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:35:15 2025 by rpki-client