Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/PLb8c4Yq64ZqiWcYGhQYSkNEwFQ.roa
File: PLb8c4Yq64ZqiWcYGhQYSkNEwFQ.roa (raw, json)
Hash identifier: /VXCTjTwfd4ttSNFLIvY/bvIbXlI5hCUgSkdh/yEAuQ=
Subject key identifier: 3C:B6:FC:73:86:2A:EB:86:6A:89:67:18:1A:14:18:4A:43:44:C0:54
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 768C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PLb8c4Yq64ZqiWcYGhQYSkNEwFQ.roa
Signing time: Sun 13 Jul 2025 11:11:46 +0000
ROA not before: Sun 13 Jul 2025 11:11:46 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30348 (0x768c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 13 11:11:46 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=3CB6FC73862AEB866A8967181A14184A4344C054
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:44:4a:91:f7:fc:b7:83:79:60:57:f8:5e:43:
d8:32:20:5b:7b:b6:f4:78:bc:04:70:fb:44:b1:b7:
c0:ca:e4:2a:d1:3e:f3:25:e1:2c:f9:78:a5:3d:02:
09:b4:5d:00:74:b3:c7:a9:7c:4a:77:e4:39:43:bf:
b5:65:db:fb:91:84:5f:64:4b:59:4b:d1:83:a3:43:
80:92:23:f2:0a:7f:38:2e:75:63:9b:19:1b:95:4e:
1b:d7:17:ed:76:de:68:d9:c2:05:66:88:02:55:1d:
a9:65:bd:7c:4f:ce:98:af:cb:40:8e:4e:ce:78:68:
33:ff:57:a0:50:82:44:37:6b:da:c4:11:af:2e:2f:
48:9d:5e:19:5d:e4:7c:4b:a1:55:72:84:c3:36:c0:
81:0f:da:f5:d4:6e:3c:cd:f5:e5:81:2c:af:01:17:
06:4c:0d:97:0c:3d:72:a9:54:e3:6e:0b:8d:29:38:
6a:23:42:49:7f:3c:96:36:e4:3a:f3:54:e2:87:72:
ad:e6:74:6c:9c:4f:0d:ef:e9:89:81:c4:6a:96:87:
28:cc:98:74:6d:80:e3:9f:30:fb:ac:c2:c7:b4:da:
98:b3:df:c1:4e:e8:ed:5d:a3:16:8f:77:75:ff:82:
25:77:6a:37:a7:9f:5c:f6:50:82:4f:7c:cd:6e:d9:
3c:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:B6:FC:73:86:2A:EB:86:6A:89:67:18:1A:14:18:4A:43:44:C0:54
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PLb8c4Yq64ZqiWcYGhQYSkNEwFQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
0b:22:38:9b:9d:e2:f7:9f:ff:49:b1:b4:7b:c5:fc:19:ef:88:
25:97:a0:53:8a:f8:d2:31:d5:34:21:74:b3:c8:54:ad:36:68:
95:e4:01:3a:40:e7:79:8d:b2:ac:14:59:55:8c:bc:35:f9:7a:
93:4a:2a:89:3a:45:6e:8a:0d:9f:bd:b4:34:77:e8:57:2f:47:
d6:bf:27:8d:20:62:fe:64:4f:9a:b3:fd:40:4b:80:70:40:b2:
17:cb:7d:b5:d4:93:fd:c3:d3:ec:d4:1e:55:ab:e4:7d:09:25:
64:dc:bd:bf:cb:9a:78:98:5b:d3:79:2b:5d:ee:ba:08:97:ad:
c6:ff:5e:fe:5a:fe:2f:0d:85:d1:e8:0e:6a:ef:8b:a2:d2:ea:
4a:76:90:54:c0:14:57:04:3a:d3:aa:02:95:f6:4f:fd:2d:41:
be:13:82:11:d3:bb:71:67:fc:17:37:1c:26:b6:3d:a0:61:90:
9a:88:cf:79:00:5c:f4:17:35:b4:b6:d4:97:72:66:df:81:66:
ac:21:31:4b:81:2c:b8:58:e4:15:30:7e:ac:6c:6a:d8:ca:c6:
07:ca:21:c3:96:84:0e:e7:55:e1:7c:47:9b:28:68:94:1e:16:
9e:ed:e7:b8:11:9d:0c:f5:26:4b:81:7e:60:60:e2:17:06:29:
5b:87:c4:c6
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdowwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTMx
MTExNDZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDNDQjZGQzczODYyQUVC
ODY2QTg5NjcxODFBMTQxODRBNDM0NEMwNTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDFREqR9/y3g3lgV/heQ9gyIFt7tvR4vARw+0Sxt8DK5CrRPvMl
4Sz5eKU9Agm0XQB0s8epfEp35DlDv7Vl2/uRhF9kS1lL0YOjQ4CSI/IKfzgudWOb
GRuVThvXF+123mjZwgVmiAJVHallvXxPzpivy0COTs54aDP/V6BQgkQ3a9rEEa8u
L0idXhld5HxLoVVyhMM2wIEP2vXUbjzN9eWBLK8BFwZMDZcMPXKpVONuC40pOGoj
Qkl/PJY25DrzVOKHcq3mdGycTw3v6YmBxGqWhyjMmHRtgOOfMPuswse02piz38FO
6O1doxaPd3X/giV3ajenn1z2UIJPfM1u2Tw9AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUPLb8c4Yq64ZqiWcYGhQYSkNEwFQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1BMYjhjNFlxNjRacWlX
Y1lHaFFZU2tORXdGUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQALIjib
neL3n/9JsbR7xfwZ74gll6BTivjSMdU0IXSzyFStNmiV5AE6QOd5jbKsFFlVjLw1
+XqTSiqJOkVuig2fvbQ0d+hXL0fWvyeNIGL+ZE+as/1AS4BwQLIXy3211JP9w9Ps
1B5Vq+R9CSVk3L2/y5p4mFvTeStd7roIl63G/17+Wv4vDYXR6A5q74ui0upKdpBU
wBRXBDrTqgKV9k/9LUG+E4IR07txZ/wXNxwmtj2gYZCaiM95AFz0FzW0ttSXcmbf
gWasITFLgSy4WOQVMH6sbGrYysYHyiHDloQO51XhfEebKGiUHhae7ee4EZ0M9SZL
gX5gYOIXBilbh8TG
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:46:35 2025 by rpki-client