Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Xyir7eRk1OGTt_8_GAxMtYWZ93Q.roa
File: Xyir7eRk1OGTt_8_GAxMtYWZ93Q.roa (raw, json)
Hash identifier: t/jGhKLIMWH2W4muyScAspaM9XD30BNDKnNh/2MK1Kc=
Subject key identifier: 5F:28:AB:ED:E4:64:D4:E1:93:B7:FF:3F:18:0C:4C:B5:85:99:F7:74
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7860
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Xyir7eRk1OGTt_8_GAxMtYWZ93Q.roa
Signing time: Fri 18 Jul 2025 08:12:11 +0000
ROA not before: Fri 18 Jul 2025 08:12:11 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30816 (0x7860)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 18 08:12:11 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=5F28ABEDE464D4E193B7FF3F180C4CB58599F774
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:fd:18:47:15:af:01:ee:aa:c0:f7:ab:32:af:
e6:93:3e:9f:a4:e4:cd:16:41:8d:0a:54:bb:ae:a8:
8e:22:20:6d:67:bb:6e:49:ff:cc:35:7f:5e:33:4c:
01:b3:a0:06:fd:b4:0b:72:69:d8:4f:52:33:7d:30:
7d:f7:4c:7d:d2:26:f3:9e:c5:cf:e5:c0:5a:0a:da:
82:8b:44:d3:32:75:7b:78:9f:28:36:e4:4a:b5:58:
a0:12:b7:0d:a8:0a:2a:96:dd:81:4b:4a:c6:cc:8d:
f3:90:d9:86:08:a5:cd:7b:5d:9c:52:3f:65:84:ea:
9a:9c:26:c8:90:00:a0:ff:6c:27:7c:a1:fd:b0:e0:
dc:da:9c:bf:42:65:7a:33:d6:8f:01:af:d8:2b:2c:
ef:60:aa:5c:1b:57:c9:cb:44:c7:4b:42:ca:78:97:
87:ec:5a:a7:11:cd:89:7f:b3:5d:45:3e:5c:4f:32:
9b:2e:8b:c1:1c:94:c2:31:b2:87:78:6d:bf:3a:2c:
ac:af:1c:ef:5b:98:3e:28:e2:18:f9:72:7f:82:fe:
ce:43:84:66:1a:c9:b6:52:6b:3a:a2:f1:0d:da:49:
8d:f7:c6:92:c4:b6:3b:c2:ff:84:4e:1f:2a:5f:e9:
05:13:fe:4c:07:3e:3d:c3:86:3c:8c:a6:56:ed:0e:
5b:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:28:AB:ED:E4:64:D4:E1:93:B7:FF:3F:18:0C:4C:B5:85:99:F7:74
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Xyir7eRk1OGTt_8_GAxMtYWZ93Q.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
22:42:11:f0:b0:18:35:00:ed:d9:cd:69:82:28:92:65:bb:79:
50:02:41:99:7d:a0:43:48:b5:00:c6:3e:11:e3:85:9b:35:d6:
c7:4c:bf:98:dc:41:97:a6:e2:96:ef:9e:b5:64:69:ab:5a:db:
eb:28:2a:c0:fc:9a:d7:3d:a7:e9:71:42:33:a6:cc:31:87:c5:
e9:d9:0d:63:2c:7c:4c:cd:b9:20:11:40:6e:6d:f5:ee:da:71:
30:b3:ef:56:85:2d:8a:cd:8c:ad:12:1d:bc:56:63:aa:4c:cc:
fa:c8:33:15:14:98:0b:b2:af:29:6e:fa:15:e7:83:ca:29:cf:
fd:62:68:ae:6d:27:af:02:88:bc:be:42:15:b6:a5:5d:d6:dd:
8e:da:51:78:9b:c9:c7:e8:a9:90:bf:45:49:24:1f:b6:2d:e6:
1b:e6:ee:74:9c:91:b8:dc:48:07:7f:69:55:c9:c7:c6:0e:ad:
90:a9:e9:3f:45:54:1a:b9:71:6b:5a:6c:9b:ef:50:99:5c:a5:
ee:0e:55:9c:cb:12:17:f6:0d:64:2d:3d:3f:29:c2:9f:88:b5:
ea:0b:8b:0c:56:b4:1f:23:98:37:4f:67:48:63:3c:be:7d:3a:
aa:fe:c5:6a:d8:d3:cd:03:5e:20:65:9d:da:ae:8a:6a:21:4c:
c8:4d:bc:e9
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeGAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTgw
ODEyMTFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDVGMjhBQkVERTQ2NEQ0
RTE5M0I3RkYzRjE4MEM0Q0I1ODU5OUY3NzQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDK/RhHFa8B7qrA96syr+aTPp+k5M0WQY0KVLuuqI4iIG1nu25J
/8w1f14zTAGzoAb9tAtyadhPUjN9MH33TH3SJvOexc/lwFoK2oKLRNMydXt4nyg2
5Eq1WKAStw2oCiqW3YFLSsbMjfOQ2YYIpc17XZxSP2WE6pqcJsiQAKD/bCd8of2w
4NzanL9CZXoz1o8Br9grLO9gqlwbV8nLRMdLQsp4l4fsWqcRzYl/s11FPlxPMpsu
i8EclMIxsod4bb86LKyvHO9bmD4o4hj5cn+C/s5DhGYaybZSazqi8Q3aSY33xpLE
tjvC/4ROHypf6QUT/kwHPj3DhjyMplbtDls7AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUXyir7eRk1OGTt/8/GAxMtYWZ93QwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1h5aXI3ZVJrMU9HVHRf
OF9HQXhNdFlXWjkzUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAiQhHw
sBg1AO3ZzWmCKJJlu3lQAkGZfaBDSLUAxj4R44WbNdbHTL+Y3EGXpuKW7561ZGmr
WtvrKCrA/JrXPafpcUIzpswxh8Xp2Q1jLHxMzbkgEUBubfXu2nEws+9WhS2KzYyt
Eh28VmOqTMz6yDMVFJgLsq8pbvoV54PKKc/9YmiubSevAoi8vkIVtqVd1t2O2lF4
m8nH6KmQv0VJJB+2LeYb5u50nJG43EgHf2lVycfGDq2Qqek/RVQauXFrWmyb71CZ
XKXuDlWcyxIX9g1kLT0/KcKfiLXqC4sMVrQfI5g3T2dIYzy+fTqq/sVq2NPNA14g
ZZ3aropqIUzITbzp
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:34:16 2025 by rpki-client