Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/R_cPQdr37CXo4Y0nvPA3MEIeSf8.roa
File: R_cPQdr37CXo4Y0nvPA3MEIeSf8.roa (raw, json)
Hash identifier: Bt7rnEM8XfzXcQjyzy6TrYd2IZR+rcnNm32TgVT1bOw=
Subject key identifier: 47:F7:0F:41:DA:F7:EC:25:E8:E1:8D:27:BC:F0:37:30:42:1E:49:FF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 78A4
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/R_cPQdr37CXo4Y0nvPA3MEIeSf8.roa
Signing time: Sat 19 Jul 2025 01:12:17 +0000
ROA not before: Sat 19 Jul 2025 01:12:17 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30884 (0x78a4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 19 01:12:17 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=47F70F41DAF7EC25E8E18D27BCF03730421E49FF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:be:6a:34:e5:0d:5c:9d:50:12:b7:66:85:c1:
54:ad:92:3c:ad:47:6e:67:23:2b:ab:60:7f:a3:40:
bb:d0:96:04:d6:cb:5c:5b:7b:5d:68:ad:e1:56:c7:
e5:b2:db:12:ce:59:0a:6b:c0:d6:3a:4c:16:aa:e4:
4d:9f:31:e7:65:27:ec:33:57:08:24:42:59:56:36:
65:32:6f:f8:00:e7:e3:e9:af:78:08:8b:d1:54:2b:
5f:71:cb:06:ec:41:31:57:71:83:a6:05:bc:b9:78:
12:cf:b6:95:84:3b:3c:ec:a6:7a:94:84:dc:9a:76:
ce:3d:05:aa:12:fa:76:d4:dd:12:d6:3f:0a:2a:8d:
da:88:52:f7:9b:47:0c:53:a3:c5:bd:d1:20:45:03:
aa:1f:45:c4:e1:c9:d2:68:64:c2:0d:2d:b8:5f:86:
33:f0:5a:a2:84:6a:9f:58:5e:7b:35:f5:bc:74:3e:
13:1f:ff:07:ad:59:75:fd:f7:61:cf:a5:96:a9:07:
8f:04:d4:f5:b4:ef:57:2c:d2:ff:9a:70:ad:2a:99:
36:04:b6:e6:d6:ac:98:57:7b:d0:f9:07:af:2d:f4:
df:46:9c:60:51:04:de:8d:1c:99:47:eb:cc:e7:a8:
68:31:9e:51:43:99:2f:30:c9:bb:7b:d0:70:f7:da:
90:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
47:F7:0F:41:DA:F7:EC:25:E8:E1:8D:27:BC:F0:37:30:42:1E:49:FF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/R_cPQdr37CXo4Y0nvPA3MEIeSf8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
80:be:ac:34:75:2c:4f:d3:d8:8a:23:98:ec:d5:86:0b:2d:bd:
41:10:a1:69:89:9e:87:a8:53:3c:33:26:73:1c:34:fd:20:c6:
d5:ea:50:5a:30:07:2f:86:b2:9c:37:6f:08:8e:cb:3e:9d:83:
c8:03:04:b6:43:40:dd:50:7a:32:69:fb:6c:58:60:ed:04:5f:
a2:ea:4c:68:33:47:00:e9:69:41:d6:64:20:0c:ed:ae:2d:d9:
b0:18:87:ce:d8:bf:ca:d4:fd:93:20:0a:1f:af:c3:17:d5:5d:
69:5d:14:0d:78:d3:6f:08:e9:8a:54:6e:4d:03:81:be:de:c6:
68:2b:a1:52:3c:37:9f:a5:a1:50:a0:de:08:d7:a1:40:65:9a:
1a:59:22:21:20:2d:dd:0e:7d:0f:e1:1c:90:15:5e:31:80:14:
33:0f:07:a5:f4:11:77:c0:85:4f:1d:8d:e9:63:64:67:3d:71:
68:e8:2b:01:4b:0e:63:47:8e:68:5d:65:a7:ba:f6:43:56:3b:
f4:04:4c:ff:39:17:aa:cf:be:41:18:26:30:1e:c0:52:05:3e:
a8:e3:02:6e:64:bf:f8:a8:14:39:c5:d0:10:c0:64:4c:3a:4f:
eb:34:e9:a8:a4:b7:db:6e:5a:4c:ae:0f:f2:52:0d:b2:64:c1:
c5:73:b1:90
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeKQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTkw
MTEyMTdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDQ3RjcwRjQxREFGN0VD
MjVFOEUxOEQyN0JDRjAzNzMwNDIxRTQ5RkYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDrvmo05Q1cnVASt2aFwVStkjytR25nIyurYH+jQLvQlgTWy1xb
e11oreFWx+Wy2xLOWQprwNY6TBaq5E2fMedlJ+wzVwgkQllWNmUyb/gA5+Ppr3gI
i9FUK19xywbsQTFXcYOmBby5eBLPtpWEOzzspnqUhNyads49BaoS+nbU3RLWPwoq
jdqIUvebRwxTo8W90SBFA6ofRcThydJoZMINLbhfhjPwWqKEap9YXns19bx0PhMf
/wetWXX992HPpZapB48E1PW071cs0v+acK0qmTYEtubWrJhXe9D5B68t9N9GnGBR
BN6NHJlH68znqGgxnlFDmS8wybt70HD32pD5AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUR/cPQdr37CXo4Y0nvPA3MEIeSf8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1JfY1BRZHIzN0NYbzRZ
MG52UEEzTUVJZVNmOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCAvqw0
dSxP09iKI5js1YYLLb1BEKFpiZ6HqFM8MyZzHDT9IMbV6lBaMAcvhrKcN28Ijss+
nYPIAwS2Q0DdUHoyaftsWGDtBF+i6kxoM0cA6WlB1mQgDO2uLdmwGIfO2L/K1P2T
IAofr8MX1V1pXRQNeNNvCOmKVG5NA4G+3sZoK6FSPDefpaFQoN4I16FAZZoaWSIh
IC3dDn0P4RyQFV4xgBQzDwel9BF3wIVPHY3pY2RnPXFo6CsBSw5jR45oXWWnuvZD
Vjv0BEz/OReqz75BGCYwHsBSBT6o4wJuZL/4qBQ5xdAQwGRMOk/rNOmopLfbblpM
rg/yUg2yZMHFc7GQ
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:39:05 2025 by rpki-client