Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/W1HZb5xZ3cNYWEDUNjv-NuUd2mM.roa
File: W1HZb5xZ3cNYWEDUNjv-NuUd2mM.roa (raw, json)
Hash identifier: 3A0V7jn2lDko0F0ZYk1FiDCDZwmNYdoPQwwSaH9WNBo=
Subject key identifier: 5B:51:D9:6F:9C:59:DD:C3:58:58:40:D4:36:3B:FE:36:E5:1D:DA:63
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 777C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/W1HZb5xZ3cNYWEDUNjv-NuUd2mM.roa
Signing time: Tue 15 Jul 2025 23:11:49 +0000
ROA not before: Tue 15 Jul 2025 23:11:49 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30588 (0x777c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 15 23:11:49 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=5B51D96F9C59DDC3585840D4363BFE36E51DDA63
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:e7:4d:de:e0:3e:2d:06:1b:7b:55:a1:ee:90:
6f:18:e3:d1:c2:d6:2c:bd:ec:56:be:61:47:3a:8e:
d4:b6:ce:46:0f:02:7a:64:ba:23:2a:7c:6e:85:1a:
75:f9:15:85:a6:2a:bf:56:33:1b:9e:74:19:86:8e:
c9:86:94:db:96:00:98:eb:55:ab:65:bf:aa:ac:65:
b5:de:da:d4:87:4d:1c:80:63:24:61:97:dd:0d:c5:
ba:23:24:40:81:50:41:86:65:62:95:10:08:48:c3:
17:47:7b:78:1b:0c:30:af:ff:4a:e8:2c:3b:6c:ca:
df:66:72:25:7f:db:3d:16:da:a7:9e:0f:5a:d7:2d:
f7:0f:a5:1b:4f:3c:32:09:78:89:69:c6:1e:81:df:
ef:c5:4a:59:ec:df:73:55:98:a0:c7:14:2d:da:c4:
c7:b7:0c:c4:cb:5a:b5:7c:b9:28:cc:5b:67:20:e3:
81:4d:0a:a9:43:87:37:69:22:a6:ee:33:73:de:f7:
9e:ab:7d:68:aa:bf:f7:22:11:9f:26:8c:94:d8:45:
06:00:63:12:d1:89:8a:37:b7:6e:64:03:fe:76:c4:
af:3f:cd:25:f8:c2:00:8c:bd:f1:e2:2c:5f:ee:71:
99:69:39:10:41:f3:ff:b7:35:7c:ef:2f:2a:36:04:
1d:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:51:D9:6F:9C:59:DD:C3:58:58:40:D4:36:3B:FE:36:E5:1D:DA:63
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/W1HZb5xZ3cNYWEDUNjv-NuUd2mM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
24:b7:67:80:92:2c:de:eb:8c:fc:2a:fb:b8:44:40:05:be:53:
cf:3a:56:36:96:89:d6:1b:a4:f8:09:27:a2:88:98:13:4f:58:
6f:20:31:89:27:bc:08:6e:04:48:c3:cc:90:e2:44:dd:60:d3:
6e:cf:70:66:8b:08:a9:9e:c3:71:e4:c4:be:0f:f1:1a:50:4c:
d8:f1:de:e4:49:0f:40:c2:4f:41:08:00:b7:3a:37:66:c9:44:
a1:80:26:c7:0b:dc:83:4c:e1:a6:40:e8:f9:01:bb:85:76:d9:
50:3b:7f:45:2b:3d:d5:a6:ae:20:f1:48:f8:2a:26:32:cf:4d:
42:02:6d:da:df:4a:d0:39:89:88:36:31:cd:af:63:68:48:0c:
1f:c4:31:9f:55:f3:8d:b9:f0:b2:66:90:ed:ea:b5:83:76:a5:
2b:23:9a:d1:be:bb:9c:41:1a:55:13:95:b9:f6:c8:1d:b3:c4:
66:50:5a:ec:4d:eb:e0:e0:ec:50:95:1e:57:b6:b1:29:eb:e0:
22:5d:67:d7:38:e8:29:78:a7:f1:3a:58:f3:34:90:bd:c5:cf:
42:1a:6b:97:62:2d:fd:18:db:39:10:df:00:aa:ee:92:6e:88:
06:41:9d:1f:6b:05:27:d5:7f:1b:ae:31:18:a7:db:26:b5:fc:
aa:71:3e:55
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICd3wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTUy
MzExNDlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDVCNTFEOTZGOUM1OURE
QzM1ODU4NDBENDM2M0JGRTM2RTUxRERBNjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6503e4D4tBht7VaHukG8Y49HC1iy97Fa+YUc6jtS2zkYPAnpk
uiMqfG6FGnX5FYWmKr9WMxuedBmGjsmGlNuWAJjrVatlv6qsZbXe2tSHTRyAYyRh
l90NxbojJECBUEGGZWKVEAhIwxdHe3gbDDCv/0roLDtsyt9mciV/2z0W2qeeD1rX
LfcPpRtPPDIJeIlpxh6B3+/FSlns33NVmKDHFC3axMe3DMTLWrV8uSjMW2cg44FN
CqlDhzdpIqbuM3Pe956rfWiqv/ciEZ8mjJTYRQYAYxLRiYo3t25kA/52xK8/zSX4
wgCMvfHiLF/ucZlpORBB8/+3NXzvLyo2BB1NAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUW1HZb5xZ3cNYWEDUNjv+NuUd2mMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1cxSFpiNXhaM2NOWVdF
RFVOanYtTnVVZDJtTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAkt2eA
kize64z8Kvu4REAFvlPPOlY2lonWG6T4CSeiiJgTT1hvIDGJJ7wIbgRIw8yQ4kTd
YNNuz3BmiwipnsNx5MS+D/EaUEzY8d7kSQ9Awk9BCAC3OjdmyUShgCbHC9yDTOGm
QOj5AbuFdtlQO39FKz3Vpq4g8Uj4KiYyz01CAm3a30rQOYmINjHNr2NoSAwfxDGf
VfONufCyZpDt6rWDdqUrI5rRvrucQRpVE5W59sgds8RmUFrsTevg4OxQlR5XtrEp
6+AiXWfXOOgpeKfxOljzNJC9xc9CGmuXYi39GNs5EN8Aqu6SbogGQZ0fawUn1X8b
rjEYp9smtfyqcT5V
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:51:44 2025 by rpki-client