Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/TRTsK2Cu9x4jFrqPfrWAM4t8gRw.roa
File: TRTsK2Cu9x4jFrqPfrWAM4t8gRw.roa (raw, json)
Hash identifier: cns5G0z3ZXsk7FLoXWSu2CYmvtnkLdVnJxwgGIOw4Rg=
Subject key identifier: 4D:14:EC:2B:60:AE:F7:1E:23:16:BA:8F:7E:B5:80:33:8B:7C:81:1C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7130
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/TRTsK2Cu9x4jFrqPfrWAM4t8gRw.roa
Signing time: Sun 29 Jun 2025 03:44:38 +0000
ROA not before: Sun 29 Jun 2025 03:44:38 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28976 (0x7130)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 29 03:44:38 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=4D14EC2B60AEF71E2316BA8F7EB580338B7C811C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:37:fa:bb:74:05:62:0c:da:03:81:55:bf:7b:
33:8b:d6:ee:80:16:d5:ac:3c:22:af:c9:b5:15:69:
97:2a:57:e2:df:e2:6b:14:46:63:d5:ff:bf:72:cb:
5d:2b:c2:af:fc:d2:d8:c0:7f:a6:6e:fb:57:d4:1f:
9b:ca:c5:8e:50:9c:2c:77:ce:2b:f8:ca:17:3e:42:
1d:62:04:3e:fd:54:56:b3:dc:15:5c:8a:06:6a:89:
12:28:44:7c:9a:a9:34:7a:51:c8:8b:01:3b:f4:34:
6e:60:ac:1b:ce:ea:02:78:5f:c1:a1:ff:bc:01:48:
45:9f:7b:01:c1:fc:24:1b:c3:3b:64:36:67:49:0d:
8a:3e:a3:bb:82:c7:11:02:58:65:ae:74:73:5a:6f:
78:b2:2b:01:35:30:63:14:95:c8:52:af:73:7d:4e:
de:02:0d:80:b1:cc:3e:28:5e:32:82:ab:83:9a:ca:
cc:c0:7d:ef:dc:63:6d:21:6d:3e:8b:89:45:1e:9e:
df:60:53:39:5b:1f:af:15:4e:63:46:e9:05:b5:43:
c0:8c:29:42:5b:fb:08:28:44:46:87:ee:06:4f:40:
dd:2a:ad:be:c4:43:51:30:15:ad:9b:52:46:ac:97:
8a:5b:44:77:ee:2e:99:4a:39:b8:c8:70:1d:3b:4a:
a6:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:14:EC:2B:60:AE:F7:1E:23:16:BA:8F:7E:B5:80:33:8B:7C:81:1C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/TRTsK2Cu9x4jFrqPfrWAM4t8gRw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
3a:48:32:57:29:fb:f8:fc:94:f8:83:fd:7c:22:6c:c1:6c:7f:
7a:06:4d:c9:46:ef:5c:90:e3:d8:0f:1a:d3:06:f9:07:d3:ff:
89:12:e3:2d:2b:56:52:1d:00:a7:67:00:ed:94:49:2c:6b:ca:
c1:fa:14:cf:1c:fa:6f:d2:35:2b:c4:28:d4:6e:bf:33:19:d2:
e0:71:74:fc:18:63:3b:fe:7b:33:81:e8:fd:a6:2f:f4:49:d7:
69:d6:66:07:91:64:04:f8:65:44:cb:d2:2b:2f:1e:f9:30:bf:
27:03:59:5b:fc:2d:03:69:4f:bd:21:08:94:06:40:73:dd:00:
cc:41:6c:11:95:3b:84:18:63:8e:60:0f:c0:fe:fd:c6:72:63:
a5:f4:e6:66:7c:74:2a:b6:09:27:18:43:6e:63:b4:60:75:fa:
9f:ee:5b:b9:91:af:71:19:ab:11:67:1a:a5:0c:91:8b:2c:22:
2f:17:a1:34:52:f1:f6:23:e4:8d:62:f3:4f:61:9f:2b:31:10:
d9:91:a7:d4:00:97:6b:f9:b5:05:89:83:c8:9f:98:a6:f8:a5:
c4:03:82:4f:3c:da:39:e1:ae:14:93:58:36:e1:f4:e4:a7:1e:
57:d2:51:49:a4:87:c4:7e:67:de:d1:cf:b6:96:55:6b:be:f6:
a2:af:69:43
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcTAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2Mjkw
MzQ0MzhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDREMTRFQzJCNjBBRUY3
MUUyMzE2QkE4RjdFQjU4MDMzOEI3QzgxMUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJN/q7dAViDNoDgVW/ezOL1u6AFtWsPCKvybUVaZcqV+Lf4msU
RmPV/79yy10rwq/80tjAf6Zu+1fUH5vKxY5QnCx3ziv4yhc+Qh1iBD79VFaz3BVc
igZqiRIoRHyaqTR6UciLATv0NG5grBvO6gJ4X8Gh/7wBSEWfewHB/CQbwztkNmdJ
DYo+o7uCxxECWGWudHNab3iyKwE1MGMUlchSr3N9Tt4CDYCxzD4oXjKCq4OayszA
fe/cY20hbT6LiUUent9gUzlbH68VTmNG6QW1Q8CMKUJb+wgoREaH7gZPQN0qrb7E
Q1EwFa2bUkasl4pbRHfuLplKObjIcB07SqbzAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUTRTsK2Cu9x4jFrqPfrWAM4t8gRwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1RSVHNLMkN1OXg0akZy
cVBmcldBTTR0OGdSdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA6SDJX
Kfv4/JT4g/18ImzBbH96Bk3JRu9ckOPYDxrTBvkH0/+JEuMtK1ZSHQCnZwDtlEks
a8rB+hTPHPpv0jUrxCjUbr8zGdLgcXT8GGM7/nszgej9pi/0Sddp1mYHkWQE+GVE
y9IrLx75ML8nA1lb/C0DaU+9IQiUBkBz3QDMQWwRlTuEGGOOYA/A/v3GcmOl9OZm
fHQqtgknGENuY7Rgdfqf7lu5ka9xGasRZxqlDJGLLCIvF6E0UvH2I+SNYvNPYZ8r
MRDZkafUAJdr+bUFiYPIn5im+KXEA4JPPNo54a4Uk1g24fTkpx5X0lFJpIfEfmfe
0c+2llVrvvair2lD
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:55:35 2025 by rpki-client