Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ZOLUIEJoPLmL2jEJBJIYD1SuIQs.roa
File: ZOLUIEJoPLmL2jEJBJIYD1SuIQs.roa (raw, json)
Hash identifier: jSSqUPMqPILT0D47YcmuiQ9S4xJXHj74D5brAetlj34=
Subject key identifier: 64:E2:D4:20:42:68:3C:B9:8B:DA:31:09:04:92:18:0F:54:AE:21:0B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 76BE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZOLUIEJoPLmL2jEJBJIYD1SuIQs.roa
Signing time: Sun 13 Jul 2025 23:41:43 +0000
ROA not before: Sun 13 Jul 2025 23:41:43 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30398 (0x76be)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 13 23:41:43 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=64E2D42042683CB98BDA31090492180F54AE210B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:7a:50:31:5f:9b:e5:19:12:0e:ad:15:47:d1:
1f:4f:a5:b8:d3:41:b3:68:2c:cd:9f:fd:da:3e:d6:
51:d1:d3:0a:4b:77:79:a5:9c:e8:1c:4f:20:d7:40:
38:92:d7:6b:b2:b1:3f:81:8d:63:b3:73:90:4a:2c:
69:25:02:dd:45:74:ca:c3:65:5b:d0:40:52:3c:18:
a6:d1:9e:ab:ef:e8:3d:93:54:99:29:33:fd:8b:fe:
8d:98:26:eb:87:48:a5:e3:ea:6b:32:81:f2:8c:fc:
3e:2d:17:60:2f:a6:89:25:57:33:a5:88:46:cd:e0:
77:e9:bb:84:f3:f5:cd:bb:80:d9:db:ec:76:2c:cb:
6b:51:be:13:19:85:cf:a8:60:7e:eb:91:73:4d:6f:
1b:79:b1:50:1f:e7:70:ec:85:c5:db:00:32:c9:c1:
3f:4a:19:e1:89:2d:b6:5b:83:02:73:25:c1:9f:0d:
52:e7:03:09:a6:69:c3:07:c6:88:16:b9:b7:a4:85:
cc:22:08:c4:86:55:84:58:31:c1:22:e1:b2:11:1c:
19:7c:bc:f2:dd:3e:dc:b8:72:a2:75:6f:62:c1:0f:
80:0a:da:5b:25:3f:68:25:09:65:3b:8f:ac:e7:6e:
17:f9:76:72:d8:f4:55:28:33:56:d2:3a:ab:35:dd:
a0:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:E2:D4:20:42:68:3C:B9:8B:DA:31:09:04:92:18:0F:54:AE:21:0B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZOLUIEJoPLmL2jEJBJIYD1SuIQs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
97:30:98:a3:2c:de:ad:cb:9a:4f:2d:e8:b5:1e:60:e4:c6:5a:
16:9e:24:7b:5a:83:a2:03:0f:a5:4b:49:3a:65:3a:db:7c:49:
f7:97:fc:d3:a4:77:69:f3:cc:32:67:5e:bb:76:a4:72:0c:ce:
cc:00:28:47:23:b3:a6:cc:88:92:ca:45:5f:86:5c:b6:8f:f9:
86:ff:6a:7a:a1:c8:b9:80:83:dd:6d:01:64:6d:60:d6:95:e9:
14:8a:fb:0e:cb:6c:e5:51:4e:da:e6:53:ed:11:cb:c2:ed:c1:
a5:df:e7:08:58:aa:53:c1:8c:eb:85:f6:57:2b:ba:68:2d:23:
0e:9f:c4:17:7c:b3:71:0b:e8:34:c5:17:4a:08:5a:ab:46:b6:
cc:de:17:24:f6:92:93:43:6a:d2:7e:d0:f4:6a:bb:49:bf:04:
3b:b8:1d:ae:0e:1d:31:7c:6e:c7:fb:0a:c5:93:a4:74:44:61:
e7:4a:52:37:0a:c7:ef:93:61:a3:3a:93:b3:c7:55:45:2c:54:
7c:03:92:d8:df:67:52:67:fe:40:ea:1f:db:8f:13:54:b7:8a:
2d:3f:52:ad:74:bf:e7:57:de:9a:d3:c7:c7:6e:b3:19:3c:33:
dc:6c:25:8a:47:4e:9c:b0:d9:e3:ad:e9:e6:58:ad:e0:30:79:
98:3f:99:5b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdr4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTMy
MzQxNDNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDY0RTJENDIwNDI2ODND
Qjk4QkRBMzEwOTA0OTIxODBGNTRBRTIxMEIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCvelAxX5vlGRIOrRVH0R9PpbjTQbNoLM2f/do+1lHR0wpLd3ml
nOgcTyDXQDiS12uysT+BjWOzc5BKLGklAt1FdMrDZVvQQFI8GKbRnqvv6D2TVJkp
M/2L/o2YJuuHSKXj6msygfKM/D4tF2AvpoklVzOliEbN4Hfpu4Tz9c27gNnb7HYs
y2tRvhMZhc+oYH7rkXNNbxt5sVAf53DshcXbADLJwT9KGeGJLbZbgwJzJcGfDVLn
AwmmacMHxogWubekhcwiCMSGVYRYMcEi4bIRHBl8vPLdPty4cqJ1b2LBD4AK2lsl
P2glCWU7j6znbhf5dnLY9FUoM1bSOqs13aDfAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUZOLUIEJoPLmL2jEJBJIYD1SuIQswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1pPTFVJRUpvUExtTDJq
RUpCSklZRDFTdUlRcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCXMJij
LN6ty5pPLei1HmDkxloWniR7WoOiAw+lS0k6ZTrbfEn3l/zTpHdp88wyZ167dqRy
DM7MAChHI7OmzIiSykVfhly2j/mG/2p6oci5gIPdbQFkbWDWlekUivsOy2zlUU7a
5lPtEcvC7cGl3+cIWKpTwYzrhfZXK7poLSMOn8QXfLNxC+g0xRdKCFqrRrbM3hck
9pKTQ2rSftD0artJvwQ7uB2uDh0xfG7H+wrFk6R0RGHnSlI3Csfvk2GjOpOzx1VF
LFR8A5LY32dSZ/5A6h/bjxNUt4otP1KtdL/nV96a08fHbrMZPDPcbCWKR06csNnj
renmWK3gMHmYP5lb
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:34:23 2025 by rpki-client