Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/SHQmrfWX4pZejmh964NaY2PU58s.roa
File: SHQmrfWX4pZejmh964NaY2PU58s.roa (raw, json)
Hash identifier: CPrLb4h3s129I0z6lVkUX/CTW8OtFcTzz8uZ1QOk1Vo=
Subject key identifier: 48:74:26:AD:F5:97:E2:96:5E:8E:68:7D:EB:83:5A:63:63:D4:E7:CB
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 78FC
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/SHQmrfWX4pZejmh964NaY2PU58s.roa
Signing time: Sat 19 Jul 2025 23:12:05 +0000
ROA not before: Sat 19 Jul 2025 23:12:05 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30972 (0x78fc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 19 23:12:05 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=487426ADF597E2965E8E687DEB835A6363D4E7CB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:f0:41:ab:4a:7c:51:54:c7:2c:ea:ee:0f:1c:
5a:38:40:d1:0f:ea:a8:ff:4a:a4:e0:66:43:00:09:
c2:0c:c0:08:c1:73:f7:e7:a9:3f:b5:81:94:7d:e7:
b8:8e:df:a8:0e:4f:c3:54:41:ea:37:28:07:7f:8c:
8a:e0:f8:2f:ae:9a:41:c3:aa:05:bf:0e:7d:57:dd:
46:1d:9b:f0:ab:60:9f:54:18:52:ff:8a:f6:57:62:
96:ef:65:72:7d:34:86:5d:95:a2:e7:f9:c9:94:d2:
82:05:b5:a4:89:d9:35:7c:35:d7:5f:78:ca:50:db:
6a:61:4c:94:88:05:e4:85:45:ad:eb:97:d9:cd:a7:
6e:cd:a9:86:e6:64:c8:22:b2:66:01:1d:aa:d5:0a:
6a:75:ca:8f:d7:cb:e7:fd:2b:d2:e0:24:ff:de:68:
8a:2c:6f:f1:db:4c:2e:92:a4:d2:60:75:7b:a1:20:
35:12:c7:54:df:7a:a7:bf:6f:78:fe:fe:2c:57:75:
2e:fa:76:43:bc:9f:ef:dc:8c:e5:47:c8:63:54:65:
3b:1a:7e:3c:ac:c8:58:13:3e:db:d0:3f:bd:f0:97:
7d:1e:e3:f5:ec:3e:e5:ba:ef:0c:f9:fb:70:69:18:
42:89:af:26:c6:39:3a:53:7d:f6:22:77:d7:2f:86:
da:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
48:74:26:AD:F5:97:E2:96:5E:8E:68:7D:EB:83:5A:63:63:D4:E7:CB
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/SHQmrfWX4pZejmh964NaY2PU58s.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
9f:29:98:27:83:6f:d2:bb:91:78:75:e1:d6:ac:a8:18:40:1a:
76:f6:00:8d:7a:57:36:94:61:52:74:42:25:69:b2:34:28:11:
c8:b0:af:30:30:f0:de:33:6f:91:64:f8:57:ac:70:62:1b:8f:
33:8c:80:1e:1a:9d:26:a4:88:7d:ef:c2:6e:33:01:2a:b4:d7:
61:5e:7c:7d:0f:f6:80:86:b8:f5:3c:d6:1d:b4:a7:52:57:91:
ed:05:4e:f3:b6:94:46:c3:2d:d4:c1:fd:ba:7d:5d:df:a7:15:
d2:7e:43:12:4b:c0:07:7b:3d:b5:46:6e:2c:a3:ad:9f:63:fb:
65:d9:e6:d6:9c:aa:e6:4c:6f:50:4d:60:10:44:35:0f:77:79:
10:a2:75:a0:e7:27:95:ea:bb:38:67:1f:d7:98:0d:cb:e0:37:
77:e6:fb:a6:b9:79:75:35:68:45:cd:bd:83:2f:5f:88:fc:7b:
5b:36:13:44:10:f3:53:08:66:fc:62:32:4e:31:50:66:03:19:
03:94:16:5d:b2:fa:f1:88:9a:10:0e:6b:14:2b:8c:8c:dc:22:
1c:eb:92:0b:c4:b9:16:1f:37:84:e1:c7:5f:25:0c:88:eb:d1:
9b:16:59:e1:d7:03:f2:79:65:51:d5:de:61:50:02:98:cb:dc:
c6:1e:0e:11
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICePwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTky
MzEyMDVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDQ4NzQyNkFERjU5N0Uy
OTY1RThFNjg3REVCODM1QTYzNjNENEU3Q0IwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCs8EGrSnxRVMcs6u4PHFo4QNEP6qj/SqTgZkMACcIMwAjBc/fn
qT+1gZR957iO36gOT8NUQeo3KAd/jIrg+C+umkHDqgW/Dn1X3UYdm/CrYJ9UGFL/
ivZXYpbvZXJ9NIZdlaLn+cmU0oIFtaSJ2TV8NddfeMpQ22phTJSIBeSFRa3rl9nN
p27NqYbmZMgismYBHarVCmp1yo/Xy+f9K9LgJP/eaIosb/HbTC6SpNJgdXuhIDUS
x1Tfeqe/b3j+/ixXdS76dkO8n+/cjOVHyGNUZTsafjysyFgTPtvQP73wl30e4/Xs
PuW67wz5+3BpGEKJrybGOTpTffYid9cvhtpfAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUSHQmrfWX4pZejmh964NaY2PU58swHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1NIUW1yZldYNHBaZWpt
aDk2NE5hWTJQVTU4cy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCfKZgn
g2/Su5F4deHWrKgYQBp29gCNelc2lGFSdEIlabI0KBHIsK8wMPDeM2+RZPhXrHBi
G48zjIAeGp0mpIh978JuMwEqtNdhXnx9D/aAhrj1PNYdtKdSV5HtBU7ztpRGwy3U
wf26fV3fpxXSfkMSS8AHez21Rm4so62fY/tl2ebWnKrmTG9QTWAQRDUPd3kQonWg
5yeV6rs4Zx/XmA3L4Dd35vumuXl1NWhFzb2DL1+I/HtbNhNEEPNTCGb8YjJOMVBm
AxkDlBZdsvrxiJoQDmsUK4yM3CIc65ILxLkWHzeE4cdfJQyI69GbFlnh1wPyeWVR
1d5hUAKYy9zGHg4R
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:51:24 2025 by rpki-client