
Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ZFObEQNi7qdLZdT38_tczu7zy7A.roa
File: ZFObEQNi7qdLZdT38_tczu7zy7A.roa (raw, json)
Hash identifier: 9gOITnpo8rDaMZLunB97NJxVw/H+Jqm+o9CyY+0iUnQ=
Subject key identifier: 64:53:9B:11:03:62:EE:A7:4B:65:D4:F7:F3:FB:5C:CE:EE:F3:CB:B0
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7202
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZFObEQNi7qdLZdT38_tczu7zy7A.roa
Signing time: Tue 01 Jul 2025 08:15:12 +0000
ROA not before: Tue 01 Jul 2025 08:15:12 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29186 (0x7202)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 1 08:15:12 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=64539B110362EEA74B65D4F7F3FB5CCEEEF3CBB0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:b3:d4:8a:47:b1:54:3c:ae:de:1d:4e:94:69:
86:a2:89:b2:8c:ed:f4:0c:1a:cf:7c:a3:76:ec:d4:
c9:07:0f:ba:11:df:5c:9d:a4:d0:06:42:39:4a:4c:
df:65:8a:da:d3:13:0c:73:38:7c:bc:86:5d:87:71:
db:23:4e:f7:a9:9f:dd:75:a9:6b:76:28:3c:54:35:
70:5d:9b:96:86:01:3b:d6:2b:6b:e4:17:9c:64:f9:
b3:36:6f:9f:0b:bb:13:c9:6f:35:07:aa:1c:3b:e6:
d0:e0:c3:34:bd:f8:8c:34:5b:06:c0:01:a2:29:44:
3d:4e:2c:fe:c3:d1:73:e5:4c:07:38:ce:d0:b1:cb:
ff:40:35:92:47:99:bb:ec:ef:79:99:70:27:21:8b:
b8:ff:d9:d4:60:a8:a3:99:ea:f1:dc:6d:ba:ec:2a:
9f:0d:37:a4:e5:d4:df:9e:47:b4:53:e1:84:fc:dc:
0b:fd:07:1d:fc:13:4b:ab:93:8b:5f:12:25:52:37:
b4:d3:f1:fd:88:b0:90:29:99:55:e1:8d:a3:d7:76:
61:86:6d:90:b2:d1:82:cd:8e:5d:fa:f5:db:b8:b2:
9c:af:df:df:eb:31:0a:03:09:60:02:64:2b:ab:f1:
18:d6:90:c5:3f:21:4b:9d:fd:ce:fa:92:ae:e2:c4:
4c:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:53:9B:11:03:62:EE:A7:4B:65:D4:F7:F3:FB:5C:CE:EE:F3:CB:B0
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZFObEQNi7qdLZdT38_tczu7zy7A.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
6f:d7:80:28:55:44:0c:7f:e4:e1:1d:23:2f:2f:ac:ec:d3:e8:
e9:ce:83:28:f8:95:9d:85:d2:3d:97:89:8e:66:55:ac:a9:80:
6e:34:53:b9:c2:1c:64:34:4b:d0:af:b0:df:df:a4:27:a5:87:
4f:f3:17:89:f9:a5:ee:b1:6e:e5:64:f0:33:57:c6:e3:38:dd:
e7:6d:35:35:25:73:f0:f1:66:1a:95:a8:ad:aa:4c:88:97:91:
d1:17:fd:28:be:69:64:76:24:f4:48:e8:7d:cc:8c:1f:06:e1:
0e:05:0e:da:75:82:f2:c5:82:7c:44:4a:58:f1:db:c6:b3:4f:
ba:93:d8:04:d0:d7:47:5b:71:78:38:cb:ef:52:8e:ac:ca:1b:
09:b9:0d:09:8a:e4:76:4a:9c:fc:d7:9a:b6:87:e6:9f:84:c0:
c3:1e:ec:9e:86:de:92:e1:43:87:d6:ac:57:2e:63:2a:65:f5:
85:a3:86:f0:ba:f0:57:52:b1:9b:89:c4:e8:83:97:4c:6a:62:
30:a3:e7:ee:6c:fe:b4:b2:25:02:f2:f6:38:fe:3d:7b:34:3e:
1e:14:d1:b6:5c:d8:e5:c3:bf:5a:38:c8:eb:92:6f:73:69:94:
c4:96:3b:9b:e6:b3:31:9b:9b:a1:5a:14:41:f3:ed:65:6d:fc:
19:bc:dc:b2
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcgIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDEw
ODE1MTJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDY0NTM5QjExMDM2MkVF
QTc0QjY1RDRGN0YzRkI1Q0NFRUVGM0NCQjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDAs9SKR7FUPK7eHU6UaYaiibKM7fQMGs98o3bs1MkHD7oR31yd
pNAGQjlKTN9litrTEwxzOHy8hl2HcdsjTvepn911qWt2KDxUNXBdm5aGATvWK2vk
F5xk+bM2b58LuxPJbzUHqhw75tDgwzS9+Iw0WwbAAaIpRD1OLP7D0XPlTAc4ztCx
y/9ANZJHmbvs73mZcCchi7j/2dRgqKOZ6vHcbbrsKp8NN6Tl1N+eR7RT4YT83Av9
Bx38E0urk4tfEiVSN7TT8f2IsJApmVXhjaPXdmGGbZCy0YLNjl369du4spyv39/r
MQoDCWACZCur8RjWkMU/IUud/c76kq7ixEzPAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUZFObEQNi7qdLZdT38/tczu7zy7AwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1pGT2JFUU5pN3FkTFpk
VDM4X3RjenU3enk3QS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBv14Ao
VUQMf+ThHSMvL6zs0+jpzoMo+JWdhdI9l4mOZlWsqYBuNFO5whxkNEvQr7Df36Qn
pYdP8xeJ+aXusW7lZPAzV8bjON3nbTU1JXPw8WYalaitqkyIl5HRF/0ovmlkdiT0
SOh9zIwfBuEOBQ7adYLyxYJ8REpY8dvGs0+6k9gE0NdHW3F4OMvvUo6syhsJuQ0J
iuR2Spz815q2h+afhMDDHuyeht6S4UOH1qxXLmMqZfWFo4bwuvBXUrGbicTog5dM
amIwo+fubP60siUC8vY4/j17ND4eFNG2XNjlw79aOMjrkm9zaZTEljub5rMxm5uh
WhRB8+1lbfwZvNyy
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:48:42 2025 by rpki-client