Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/VtlLdlOl2F-UWKCefoEt0uWOJ7s.roa
File: VtlLdlOl2F-UWKCefoEt0uWOJ7s.roa (raw, json)
Hash identifier: oueGVHZS5GrLlX2Zq7COetLwaBCoFnYsJA5DhIYKyw8=
Subject key identifier: 56:D9:4B:76:53:A5:D8:5F:94:58:A0:9E:7E:81:2D:D2:E5:8E:27:BB
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 73BE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/VtlLdlOl2F-UWKCefoEt0uWOJ7s.roa
Signing time: Sat 05 Jul 2025 23:15:37 +0000
ROA not before: Sat 05 Jul 2025 23:15:37 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29630 (0x73be)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 5 23:15:37 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=56D94B7653A5D85F9458A09E7E812DD2E58E27BB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:99:3d:e2:da:ba:c6:72:00:71:52:64:8e:02:
4a:5d:e1:c8:ff:7a:62:63:2e:eb:76:d6:a8:e5:00:
49:87:0e:08:0c:96:1b:fd:3e:5e:62:7c:4f:9c:f1:
26:f6:de:a0:be:96:35:99:8a:a2:e5:f3:4c:3f:e1:
38:7d:a2:3f:6d:ea:65:29:12:77:e4:85:4b:ae:22:
83:91:db:f9:7d:bf:d8:f6:04:cb:6b:81:fc:c1:51:
8a:5c:6f:33:d7:50:d4:49:72:74:47:80:d6:c6:0c:
80:bf:a5:d5:7b:40:7d:ef:eb:50:80:a9:0c:2f:5a:
3b:01:ac:ed:26:49:41:d7:94:42:7f:a9:3d:c7:85:
02:02:3f:b4:fb:75:0c:fb:b2:61:3a:2d:79:1c:4e:
d0:2a:d1:35:10:04:86:72:21:41:71:ba:b2:49:2e:
11:61:a6:25:72:1d:eb:8e:3d:28:36:ed:b5:34:f0:
16:47:ab:56:22:74:3d:00:67:af:64:22:21:69:e3:
62:cc:c6:3a:cf:95:1f:5f:10:b2:4b:f4:9a:ac:7d:
c8:30:3a:b8:6e:f5:ac:19:f6:29:20:04:1f:80:15:
b9:56:f9:a5:7e:ee:9c:81:f3:4b:cf:6c:35:59:f4:
86:36:c7:54:77:bc:45:c9:9d:54:43:c4:e9:72:1e:
41:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:D9:4B:76:53:A5:D8:5F:94:58:A0:9E:7E:81:2D:D2:E5:8E:27:BB
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/VtlLdlOl2F-UWKCefoEt0uWOJ7s.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
ab:c8:9e:79:70:f9:b6:ac:da:5b:c9:4d:ef:39:c0:f7:02:76:
03:95:69:52:ab:76:2a:fa:8b:7e:36:25:e1:a7:01:b6:02:84:
5b:4d:68:13:ae:4a:e0:f2:1f:7f:c8:b2:50:10:38:2c:11:52:
53:a4:d7:cf:49:28:09:9b:40:1d:e9:b2:c9:bd:38:7b:95:7d:
a7:cb:9f:48:18:6f:ee:97:69:2f:42:3d:41:a6:4f:7b:c2:5a:
07:d3:89:8b:99:a7:50:a6:26:53:df:cc:cc:37:2e:d0:cd:c6:
c2:6e:c6:34:09:f5:0f:7c:dd:84:b4:01:22:7b:68:96:78:24:
f6:82:e4:c2:26:8c:9c:9b:2e:d2:0c:31:7a:b8:55:2c:5f:6b:
6d:25:91:5c:cb:60:b4:6e:d9:4d:e7:3f:2a:fb:2a:3e:7c:62:
d2:33:54:86:57:18:9b:3f:f2:c1:b1:23:a4:20:08:64:59:bf:
aa:6b:78:23:d6:f7:d9:24:6c:5e:bf:0e:56:dc:9d:eb:5e:b4:
6f:03:81:fd:31:79:c5:d1:40:41:f2:67:99:d5:51:81:2c:bb:
04:f6:33:87:1e:1c:4b:8f:67:c5:e3:8a:90:7f:46:9c:ad:c1:
8f:0b:40:91:eb:72:48:4a:6c:43:76:1d:c7:a8:4f:22:2a:cf:
26:14:c7:a3
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICc74wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDUy
MzE1MzdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDU2RDk0Qjc2NTNBNUQ4
NUY5NDU4QTA5RTdFODEyREQyRTU4RTI3QkIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCmmT3i2rrGcgBxUmSOAkpd4cj/emJjLut21qjlAEmHDggMlhv9
Pl5ifE+c8Sb23qC+ljWZiqLl80w/4Th9oj9t6mUpEnfkhUuuIoOR2/l9v9j2BMtr
gfzBUYpcbzPXUNRJcnRHgNbGDIC/pdV7QH3v61CAqQwvWjsBrO0mSUHXlEJ/qT3H
hQICP7T7dQz7smE6LXkcTtAq0TUQBIZyIUFxurJJLhFhpiVyHeuOPSg27bU08BZH
q1YidD0AZ69kIiFp42LMxjrPlR9fELJL9JqsfcgwOrhu9awZ9ikgBB+AFblW+aV+
7pyB80vPbDVZ9IY2x1R3vEXJnVRDxOlyHkHZAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUVtlLdlOl2F+UWKCefoEt0uWOJ7swHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1Z0bExkbE9sMkYtVVdL
Q2Vmb0V0MHVXT0o3cy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCryJ55
cPm2rNpbyU3vOcD3AnYDlWlSq3Yq+ot+NiXhpwG2AoRbTWgTrkrg8h9/yLJQEDgs
EVJTpNfPSSgJm0Ad6bLJvTh7lX2ny59IGG/ul2kvQj1Bpk97wloH04mLmadQpiZT
38zMNy7QzcbCbsY0CfUPfN2EtAEie2iWeCT2guTCJoycmy7SDDF6uFUsX2ttJZFc
y2C0btlN5z8q+yo+fGLSM1SGVxibP/LBsSOkIAhkWb+qa3gj1vfZJGxevw5W3J3r
XrRvA4H9MXnF0UBB8meZ1VGBLLsE9jOHHhxLj2fF44qQf0acrcGPC0CR63JISmxD
dh3HqE8iKs8mFMej
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:35:12 2025 by rpki-client