Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Z8PMDYgG-TK610PJciq5lX2Hhqw.roa
File: Z8PMDYgG-TK610PJciq5lX2Hhqw.roa (raw, json)
Hash identifier: SpDvjhFk2+4xkvq5bwexuVyjnCG0H1oL3and9PEuZVc=
Subject key identifier: 67:C3:CC:0D:88:06:F9:32:BA:D7:43:C9:72:2A:B9:95:7D:87:86:AC
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6FCA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Z8PMDYgG-TK610PJciq5lX2Hhqw.roa
Signing time: Wed 25 Jun 2025 10:14:24 +0000
ROA not before: Wed 25 Jun 2025 10:14:24 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28618 (0x6fca)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 25 10:14:24 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=67C3CC0D8806F932BAD743C9722AB9957D8786AC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:3e:e1:06:b4:19:2a:68:b9:e7:dc:2b:a2:66:
76:b8:f4:fc:cd:83:e9:ee:01:b9:0d:87:80:7f:a1:
c3:39:36:d4:f6:ff:64:1b:89:d5:8f:29:49:86:15:
b1:a4:6e:c7:b3:c7:de:c2:3d:30:d5:ba:ac:ac:db:
4d:6a:38:a5:ed:f0:14:ea:50:e4:d6:56:96:d3:eb:
51:e0:bf:76:17:e9:36:19:2c:ad:a6:8a:0c:0c:c5:
cf:25:39:71:3a:18:1c:30:9b:dd:aa:be:1b:19:a3:
2f:d8:5e:2f:52:21:01:4a:be:cf:9f:85:da:fa:6b:
92:1a:45:36:65:81:01:38:78:2d:d5:4c:97:2f:9e:
90:10:f8:45:99:ef:5d:de:8e:4f:b3:89:7b:89:a5:
1f:46:1b:17:45:e6:23:05:d3:18:c4:79:79:28:b3:
32:1f:2f:45:3a:fc:aa:bb:7d:53:52:79:e2:e8:d4:
cd:96:aa:47:a6:01:75:7a:99:35:6a:4d:63:de:a1:
ff:49:79:12:95:96:6c:ec:20:e9:02:51:fe:f8:86:
b0:02:61:39:c0:74:27:28:a0:0c:aa:b3:f0:a0:e1:
05:bf:5f:87:38:58:08:89:36:dd:b2:fb:a0:54:ec:
d0:fe:54:4f:d8:9a:55:30:03:a2:dc:92:6a:dc:eb:
36:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:C3:CC:0D:88:06:F9:32:BA:D7:43:C9:72:2A:B9:95:7D:87:86:AC
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Z8PMDYgG-TK610PJciq5lX2Hhqw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
29:5b:12:88:e4:75:ad:e3:44:19:c3:a4:4f:be:da:fd:74:37:
cf:12:86:45:38:35:8c:c4:8c:dd:87:02:73:e0:06:1d:77:7d:
43:83:46:1c:2a:a7:36:e3:09:3e:2c:97:12:5a:0a:fc:24:62:
d0:bd:d1:4c:9f:df:0b:6b:72:4b:a6:71:a1:80:80:02:fe:d3:
01:c8:e7:28:69:a0:80:2c:ee:01:73:78:cf:2e:cd:22:7e:a8:
1d:34:00:7c:64:68:e6:f8:8d:ff:9c:7c:d4:c8:e6:88:08:14:
00:32:2a:76:db:e8:6a:65:b6:c0:91:38:63:b3:4a:1a:28:09:
a6:19:70:9f:be:52:e7:20:c6:7e:2a:cd:c4:3e:2e:62:de:bc:
d7:25:fe:66:96:c0:fe:f6:c7:dc:b9:8a:7f:9a:59:99:aa:6b:
ca:90:34:01:a0:81:f6:b3:5f:ca:5a:aa:c1:a6:90:b4:e2:7b:
a3:e6:b1:5b:0b:a1:d7:42:24:e2:83:64:75:c0:41:e2:7e:b8:
1d:04:a1:c4:e6:ce:ec:62:05:1e:a5:b0:51:5a:b9:1a:58:bb:
54:2e:4d:32:1c:45:e6:b8:43:49:fb:3b:85:58:eb:ed:db:a6:
c4:2d:e7:c5:74:3a:43:6a:ae:ea:47:c4:5d:53:f0:47:2c:4f:
cc:3e:44:f7
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICb8owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjUx
MDE0MjRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDY3QzNDQzBEODgwNkY5
MzJCQUQ3NDNDOTcyMkFCOTk1N0Q4Nzg2QUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDOPuEGtBkqaLnn3CuiZna49PzNg+nuAbkNh4B/ocM5NtT2/2Qb
idWPKUmGFbGkbsezx97CPTDVuqys201qOKXt8BTqUOTWVpbT61Hgv3YX6TYZLK2m
igwMxc8lOXE6GBwwm92qvhsZoy/YXi9SIQFKvs+fhdr6a5IaRTZlgQE4eC3VTJcv
npAQ+EWZ713ejk+ziXuJpR9GGxdF5iMF0xjEeXkoszIfL0U6/Kq7fVNSeeLo1M2W
qkemAXV6mTVqTWPeof9JeRKVlmzsIOkCUf74hrACYTnAdCcooAyqs/Cg4QW/X4c4
WAiJNt2y+6BU7ND+VE/YmlUwA6Lckmrc6zZlAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUZ8PMDYgG+TK610PJciq5lX2HhqwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1o4UE1EWWdHLVRLNjEw
UEpjaXE1bFgySGhxdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQApWxKI
5HWt40QZw6RPvtr9dDfPEoZFODWMxIzdhwJz4AYdd31Dg0YcKqc24wk+LJcSWgr8
JGLQvdFMn98La3JLpnGhgIAC/tMByOcoaaCALO4Bc3jPLs0ifqgdNAB8ZGjm+I3/
nHzUyOaICBQAMip22+hqZbbAkThjs0oaKAmmGXCfvlLnIMZ+Ks3EPi5i3rzXJf5m
lsD+9sfcuYp/mlmZqmvKkDQBoIH2s1/KWqrBppC04nuj5rFbC6HXQiTig2R1wEHi
frgdBKHE5s7sYgUepbBRWrkaWLtULk0yHEXmuENJ+zuFWOvt26bELefFdDpDaq7q
R8RdU/BHLE/MPkT3
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:36:57 2025 by rpki-client