Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ZUwVjomHe1Mn3BBe4VjiEQhHNg0.roa
File: ZUwVjomHe1Mn3BBe4VjiEQhHNg0.roa (raw, json)
Hash identifier: jh8Aj8fINyZAzVDjqFGuMagr5uYt1hNGB8J1B7R47Ss=
Subject key identifier: 65:4C:15:8E:89:87:7B:53:27:DC:10:5E:E1:58:E2:11:08:47:36:0D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6EC2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZUwVjomHe1Mn3BBe4VjiEQhHNg0.roa
Signing time: Sun 22 Jun 2025 22:14:21 +0000
ROA not before: Sun 22 Jun 2025 22:14:21 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28354 (0x6ec2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 22 22:14:21 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=654C158E89877B5327DC105EE158E2110847360D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:04:66:06:21:6c:f0:68:2f:25:3c:57:06:f4:
99:a8:9f:34:ae:8c:a3:a7:41:de:81:ca:64:a6:31:
91:e5:cb:a6:69:a4:81:75:92:5d:29:a3:5f:f7:ee:
b2:a2:f1:2e:87:8b:34:78:d7:15:cc:c2:9b:f2:41:
c0:3c:6f:b9:87:92:9b:bf:fd:db:18:b8:17:a8:fc:
53:75:5f:ae:a2:bb:b7:a0:d2:95:c5:be:dd:ec:94:
b3:1a:77:da:bb:e8:8b:e2:cf:cb:54:f6:2e:54:b7:
d8:54:27:cb:2b:67:2e:27:4c:65:fd:70:91:0e:f3:
bb:ef:e9:74:c9:ac:c1:26:03:cd:b5:58:c1:36:9c:
f1:6d:fe:63:d2:b1:a8:69:5a:5a:e5:07:9a:e6:2e:
8f:ec:32:0d:c4:ab:d5:d1:53:6e:a0:78:74:c3:dd:
c9:67:60:a9:ee:06:93:54:8c:25:5b:4d:45:52:78:
87:7f:21:be:20:83:a1:43:bd:96:ff:36:9b:c6:0d:
df:01:ee:c5:ea:41:cf:b2:81:d4:bd:52:d4:a1:45:
e5:12:f0:2e:45:a2:c9:a7:60:22:66:76:db:0b:f9:
c6:de:d2:fa:6b:36:e0:5c:19:1e:d9:38:62:c8:4f:
6d:03:de:73:29:2e:13:eb:82:26:71:c1:65:6c:21:
67:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:4C:15:8E:89:87:7B:53:27:DC:10:5E:E1:58:E2:11:08:47:36:0D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZUwVjomHe1Mn3BBe4VjiEQhHNg0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
1c:de:b6:bc:0e:ac:2a:08:f6:bc:3a:ea:90:b1:7c:9c:a4:09:
39:af:c4:9c:50:e7:d5:0b:a8:48:8f:96:5e:88:7a:78:e1:91:
fe:99:4c:6d:32:4c:e4:12:96:14:04:74:38:52:f8:68:fd:4d:
69:3e:09:56:10:21:36:79:92:7d:e5:2c:55:7f:4a:7f:e0:1c:
3a:91:83:78:26:d7:05:af:32:fe:7a:60:0b:ef:06:75:43:a9:
ba:af:66:90:fd:a7:1c:c4:02:17:90:30:c1:19:b7:ca:21:1d:
1f:11:0c:09:7c:bc:db:f5:db:ec:c9:0d:ce:05:02:91:a9:6e:
90:57:42:73:be:37:3f:60:ef:97:aa:a1:6e:5d:71:7c:de:b4:
86:aa:66:d3:6c:e7:30:55:b5:f0:3a:79:9e:78:b4:9a:65:83:
e8:67:f4:bc:b3:76:03:62:25:dd:93:bc:0c:99:f0:82:95:7e:
df:1f:f7:40:88:e4:ed:3f:fa:e0:3d:8e:ad:43:43:94:65:2d:
7f:e2:1c:85:a7:d4:f1:61:06:16:a5:2c:d0:01:87:13:79:db:
77:f6:3f:b1:a7:7a:56:19:17:7d:d3:51:39:cc:61:fb:bd:85:
9d:02:ef:2d:67:c1:ee:ff:e7:2f:8d:23:b8:6f:39:2b:01:46:
eb:50:e0:54
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbsIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjIy
MjE0MjFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDY1NEMxNThFODk4NzdC
NTMyN0RDMTA1RUUxNThFMjExMDg0NzM2MEQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDaBGYGIWzwaC8lPFcG9JmonzSujKOnQd6BymSmMZHly6ZppIF1
kl0po1/37rKi8S6HizR41xXMwpvyQcA8b7mHkpu//dsYuBeo/FN1X66iu7eg0pXF
vt3slLMad9q76Iviz8tU9i5Ut9hUJ8srZy4nTGX9cJEO87vv6XTJrMEmA821WME2
nPFt/mPSsahpWlrlB5rmLo/sMg3Eq9XRU26geHTD3clnYKnuBpNUjCVbTUVSeId/
Ib4gg6FDvZb/NpvGDd8B7sXqQc+ygdS9UtShReUS8C5FosmnYCJmdtsL+cbe0vpr
NuBcGR7ZOGLIT20D3nMpLhPrgiZxwWVsIWeZAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUZUwVjomHe1Mn3BBe4VjiEQhHNg0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1pVd1Zqb21IZTFNbjNC
QmU0VmppRVFoSE5nMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAc3ra8
DqwqCPa8OuqQsXycpAk5r8ScUOfVC6hIj5ZeiHp44ZH+mUxtMkzkEpYUBHQ4Uvho
/U1pPglWECE2eZJ95SxVf0p/4Bw6kYN4JtcFrzL+emAL7wZ1Q6m6r2aQ/accxAIX
kDDBGbfKIR0fEQwJfLzb9dvsyQ3OBQKRqW6QV0Jzvjc/YO+XqqFuXXF83rSGqmbT
bOcwVbXwOnmeeLSaZYPoZ/S8s3YDYiXdk7wMmfCClX7fH/dAiOTtP/rgPY6tQ0OU
ZS1/4hyFp9TxYQYWpSzQAYcTedt39j+xp3pWGRd901E5zGH7vYWdAu8tZ8Hu/+cv
jSO4bzkrAUbrUOBU
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:44:13 2025 by rpki-client