Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/SD3rH0bj7d15-ofxLbDbgcqsqnM.roa
File: SD3rH0bj7d15-ofxLbDbgcqsqnM.roa (raw, json)
Hash identifier: m6ergTSs7SknBJmctp4uNNPTVpgdGPuQ3WBWHZ1HTU4=
Subject key identifier: 48:3D:EB:1F:46:E3:ED:DD:79:FA:87:F1:2D:B0:DB:81:CA:AC:AA:73
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 76C4
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/SD3rH0bj7d15-ofxLbDbgcqsqnM.roa
Signing time: Mon 14 Jul 2025 01:12:26 +0000
ROA not before: Mon 14 Jul 2025 01:12:26 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30404 (0x76c4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 14 01:12:26 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=483DEB1F46E3EDDD79FA87F12DB0DB81CAACAA73
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f7:51:4c:33:9e:81:99:47:c4:06:ff:14:4f:f6:
6d:40:9a:e4:f6:7e:f1:f5:fa:eb:94:60:fd:44:61:
1e:de:a0:da:18:31:91:06:76:f6:34:56:10:8b:f3:
5f:14:5b:a3:23:0b:6d:c0:52:82:a7:59:14:7e:e6:
05:95:f3:53:66:3d:6d:ba:c2:fe:b0:0d:ad:de:b0:
b3:f2:ca:f1:f4:4f:1e:7a:5f:0c:23:15:38:26:0b:
d9:c5:78:ec:cc:61:2a:73:ab:eb:dd:34:af:9d:81:
e4:5a:a9:fa:65:f4:27:77:38:7e:24:79:77:7c:09:
58:8a:c2:8d:1f:e8:7d:fb:c1:c4:ce:91:b0:22:e9:
87:08:01:8c:87:16:76:25:38:78:3e:d3:2b:42:d9:
fb:a1:44:e5:0a:ed:5b:07:d3:d8:26:08:11:3b:d9:
1c:5d:33:48:7e:93:b0:ae:0a:bb:b7:de:71:29:2c:
c1:74:e8:b7:d2:82:4d:43:a0:fb:28:dc:d3:59:5a:
19:9e:5e:0f:d0:d6:77:76:07:db:4a:96:98:94:91:
ad:cf:3a:5b:52:4b:86:31:32:cf:fc:21:d1:89:67:
cf:3d:57:70:32:78:aa:a9:3a:88:6d:4e:44:b5:c2:
26:64:aa:d5:43:46:98:7b:f3:02:1e:04:79:2b:98:
06:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
48:3D:EB:1F:46:E3:ED:DD:79:FA:87:F1:2D:B0:DB:81:CA:AC:AA:73
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/SD3rH0bj7d15-ofxLbDbgcqsqnM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
82:fd:99:9a:90:58:8d:32:12:7f:94:db:9f:c4:4c:ae:af:12:
3d:39:ee:5e:8e:5f:c1:38:5c:cb:2f:58:87:95:d4:1b:7f:82:
49:01:e9:5b:e4:a3:37:5f:16:be:74:c3:93:ff:8e:5b:18:2a:
2b:0b:c9:b8:61:f9:22:34:64:86:c3:d9:21:55:43:57:b4:c2:
6a:3c:6d:3a:0e:42:33:36:d5:0c:7e:37:b0:dc:5e:2f:b4:10:
76:39:99:86:39:2d:d3:39:ba:58:6b:13:53:5f:1b:ff:ac:0d:
53:37:99:c2:04:5b:f8:e8:8c:df:2d:2a:ba:06:e1:37:96:c8:
08:31:67:77:a6:cf:9e:a5:2b:25:f9:78:8e:42:0f:2c:6d:b0:
a5:04:ca:e8:44:ac:6a:08:bb:f8:1c:74:9f:75:57:01:17:bc:
b8:6a:1e:77:b1:58:af:50:39:e8:b6:8f:6d:f6:e4:f4:2d:61:
00:9a:5e:53:14:f0:5a:62:d6:0b:13:50:c0:77:0e:a0:89:43:
18:af:c7:d7:e9:22:ff:cd:5a:a5:8a:6e:95:02:c4:32:d4:c8:
e6:ac:85:ed:b1:d7:36:6e:c0:f9:be:cf:1c:ab:e8:75:60:9e:
4a:2f:1e:f6:2b:84:15:eb:89:04:7d:0a:41:fe:5b:bd:ef:4d:
e9:29:a0:9f
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdsQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTQw
MTEyMjZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDQ4M0RFQjFGNDZFM0VE
REQ3OUZBODdGMTJEQjBEQjgxQ0FBQ0FBNzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD3UUwznoGZR8QG/xRP9m1AmuT2fvH1+uuUYP1EYR7eoNoYMZEG
dvY0VhCL818UW6MjC23AUoKnWRR+5gWV81NmPW26wv6wDa3esLPyyvH0Tx56Xwwj
FTgmC9nFeOzMYSpzq+vdNK+dgeRaqfpl9Cd3OH4keXd8CViKwo0f6H37wcTOkbAi
6YcIAYyHFnYlOHg+0ytC2fuhROUK7VsH09gmCBE72RxdM0h+k7CuCru33nEpLMF0
6LfSgk1DoPso3NNZWhmeXg/Q1nd2B9tKlpiUka3POltSS4YxMs/8IdGJZ889V3Ay
eKqpOohtTkS1wiZkqtVDRph78wIeBHkrmAYdAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUSD3rH0bj7d15+ofxLbDbgcqsqnMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1NEM3JIMGJqN2QxNS1v
ZnhMYkRiZ2Nxc3FuTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCC/Zma
kFiNMhJ/lNufxEyurxI9Oe5ejl/BOFzLL1iHldQbf4JJAelb5KM3Xxa+dMOT/45b
GCorC8m4YfkiNGSGw9khVUNXtMJqPG06DkIzNtUMfjew3F4vtBB2OZmGOS3TObpY
axNTXxv/rA1TN5nCBFv46IzfLSq6BuE3lsgIMWd3ps+epSsl+XiOQg8sbbClBMro
RKxqCLv4HHSfdVcBF7y4ah53sVivUDnoto9t9uT0LWEAml5TFPBaYtYLE1DAdw6g
iUMYr8fX6SL/zVqlim6VAsQy1MjmrIXtsdc2bsD5vs8cq+h1YJ5KLx72K4QV64kE
fQpB/lu9703pKaCf
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:39:18 2025 by rpki-client