
Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/PU7QMJJ8u9TYFKFziAHgaNMyPvw.roa
File: PU7QMJJ8u9TYFKFziAHgaNMyPvw.roa (raw, json)
Hash identifier: rhbb3KE1seY7xiLdPA30to7rwwdwTlvwnaKQmG5aXf0=
Subject key identifier: 3D:4E:D0:30:92:7C:BB:D4:D8:14:A1:73:88:01:E0:68:D3:32:3E:FC
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 775E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PU7QMJJ8u9TYFKFziAHgaNMyPvw.roa
Signing time: Tue 15 Jul 2025 15:41:50 +0000
ROA not before: Tue 15 Jul 2025 15:41:50 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30558 (0x775e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 15 15:41:50 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=3D4ED030927CBBD4D814A1738801E068D3323EFC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:42:50:40:79:5f:e6:6c:53:b8:02:75:fa:cc:
44:57:ed:85:f7:2b:2b:75:e4:7f:34:3a:20:68:f0:
72:9b:24:15:c1:3c:ca:a4:ef:15:33:bb:fc:73:87:
b7:da:41:83:57:13:7c:58:78:33:24:34:e5:5c:2b:
ea:11:9f:8a:01:74:78:08:7d:a4:c2:8b:ca:25:3d:
a9:b3:7e:cc:2e:8f:0a:8c:e8:1a:31:70:fb:d0:23:
32:cb:1c:fd:e9:41:94:86:fb:31:35:85:51:f9:48:
5d:77:60:34:13:7e:b4:7e:f5:71:fd:38:66:26:60:
e9:73:8f:12:07:c2:af:04:69:08:a6:34:31:f3:95:
6a:0c:62:d3:4c:3c:03:a7:ac:51:88:7f:ff:d1:01:
64:19:ed:2f:23:87:4b:af:8c:1e:e9:3c:5f:06:90:
02:02:f7:d6:11:0c:85:9a:a4:c5:87:c7:e1:d5:b8:
39:36:81:e0:0c:f8:32:97:57:4e:2e:70:57:c9:07:
5c:ee:25:42:d6:a1:fe:1a:4f:2a:0b:09:94:49:dd:
c6:9a:8c:0c:bf:38:71:75:78:bc:f2:53:42:e8:8e:
80:78:6c:e7:73:93:df:f9:f6:ae:37:22:0c:bb:21:
78:06:cd:7b:fe:14:f4:75:24:29:f5:b5:2a:5e:3c:
b9:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:4E:D0:30:92:7C:BB:D4:D8:14:A1:73:88:01:E0:68:D3:32:3E:FC
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PU7QMJJ8u9TYFKFziAHgaNMyPvw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
46:13:2b:e9:7c:56:9a:59:95:22:79:39:7c:f5:d1:c4:16:56:
2c:dd:4b:8d:6d:a6:6a:fc:f6:5e:02:a2:1d:70:4c:69:94:73:
74:8a:10:b7:41:b5:78:a2:6e:ee:65:21:e9:d3:43:0c:e4:cb:
ac:59:7d:51:79:a8:5b:d8:b0:6f:05:8b:db:96:7f:a7:d6:9d:
a2:a7:ce:5b:67:da:3b:a2:2e:37:02:68:54:43:77:28:4e:b7:
d5:8b:f5:74:3f:5a:9f:3b:3d:1c:3d:65:86:45:80:93:24:47:
e8:78:54:7b:a6:73:8a:26:f7:cc:3b:56:0c:93:c3:85:a3:17:
c8:4c:4b:1e:2f:da:30:24:e9:b4:03:d3:a3:c2:f7:84:ad:f7:
82:2d:5f:8e:90:f5:a9:58:d1:bb:aa:9f:2d:fc:0f:58:a1:c5:
87:ba:f3:8f:b9:da:ff:09:41:48:8d:0c:1b:07:78:2c:b2:e8:
09:9d:f8:79:f1:6d:65:ab:c5:dc:be:68:27:2b:b2:08:a4:25:
c8:1f:dd:c8:d5:4b:b2:61:5e:5f:d9:b8:1d:0d:f1:17:89:f4:
02:d2:54:30:57:9b:53:f6:b6:4f:1e:2f:85:b5:e7:6c:5e:a6:
5d:5a:f8:95:30:34:a3:ec:cb:ad:97:bb:b6:7a:b5:7f:a0:d4:
d2:a1:fd:c0
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICd14wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTUx
NTQxNTBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDNENEVEMDMwOTI3Q0JC
RDREODE0QTE3Mzg4MDFFMDY4RDMzMjNFRkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDSQlBAeV/mbFO4AnX6zERX7YX3Kyt15H80OiBo8HKbJBXBPMqk
7xUzu/xzh7faQYNXE3xYeDMkNOVcK+oRn4oBdHgIfaTCi8olPamzfswujwqM6Box
cPvQIzLLHP3pQZSG+zE1hVH5SF13YDQTfrR+9XH9OGYmYOlzjxIHwq8EaQimNDHz
lWoMYtNMPAOnrFGIf//RAWQZ7S8jh0uvjB7pPF8GkAIC99YRDIWapMWHx+HVuDk2
geAM+DKXV04ucFfJB1zuJULWof4aTyoLCZRJ3caajAy/OHF1eLzyU0LojoB4bOdz
k9/59q43Igy7IXgGzXv+FPR1JCn1tSpePLlRAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUPU7QMJJ8u9TYFKFziAHgaNMyPvwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1BVN1FNSko4dTlUWUZL
RnppQUhnYU5NeVB2dy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBGEyvp
fFaaWZUieTl89dHEFlYs3UuNbaZq/PZeAqIdcExplHN0ihC3QbV4om7uZSHp00MM
5MusWX1Reahb2LBvBYvbln+n1p2ip85bZ9o7oi43AmhUQ3coTrfVi/V0P1qfOz0c
PWWGRYCTJEfoeFR7pnOKJvfMO1YMk8OFoxfITEseL9owJOm0A9OjwveErfeCLV+O
kPWpWNG7qp8t/A9YocWHuvOPudr/CUFIjQwbB3gssugJnfh58W1lq8XcvmgnK7II
pCXIH93I1UuyYV5f2bgdDfEXifQC0lQwV5tT9rZPHi+FtedsXqZdWviVMDSj7Mut
l7u2erV/oNTSof3A
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:48:48 2025 by rpki-client