Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ZocOLP1RydYKhOCEXdqvBqrDiLg.roa
File: ZocOLP1RydYKhOCEXdqvBqrDiLg.roa (raw, json)
Hash identifier: jWO4CN5twJw7dOxOfhSNiwxSuXCkUNIDAeh2gFXA7ek=
Subject key identifier: 66:87:0E:2C:FD:51:C9:D6:0A:84:E0:84:5D:DA:AF:06:AA:C3:88:B8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7658
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZocOLP1RydYKhOCEXdqvBqrDiLg.roa
Signing time: Sat 12 Jul 2025 22:11:41 +0000
ROA not before: Sat 12 Jul 2025 22:11:41 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30296 (0x7658)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 12 22:11:41 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=66870E2CFD51C9D60A84E0845DDAAF06AAC388B8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:c1:21:b6:e4:a3:46:96:64:68:16:32:b2:a3:
6a:5d:1c:55:b9:a9:a6:8a:5d:0b:7b:fa:71:34:1b:
34:07:aa:e7:ee:7a:65:51:45:87:aa:f8:23:d8:47:
77:be:fc:ce:0c:95:95:c8:54:64:f6:48:b6:f1:fd:
3f:f2:95:e4:81:25:88:e2:47:68:2b:c9:32:1d:c2:
14:4d:73:4a:5d:25:5c:5e:ba:b8:61:5f:e3:49:5c:
4e:7c:3d:99:e1:c9:2a:2f:06:0b:1b:cf:ce:8b:2d:
cd:44:32:e8:f5:32:45:d2:ca:95:d2:c0:a8:80:5d:
09:8e:84:91:84:68:3c:47:b6:dc:d1:af:99:8c:44:
9a:8a:5b:fe:b4:3a:bb:bb:5b:dd:20:5d:bd:c4:82:
ed:96:c8:05:eb:ae:85:d2:3c:e2:be:52:55:7b:a3:
ec:e4:c2:e5:4e:43:6a:71:a0:4a:7d:08:23:bf:b6:
c7:35:b6:83:5f:6c:cf:47:6d:2a:ff:4c:23:16:1c:
6e:15:4f:ed:fe:e9:c0:c8:8f:78:de:2e:28:97:1f:
8b:4f:c3:d0:e6:f0:79:d7:80:54:f7:9f:5e:81:a3:
ce:47:2e:45:2b:0a:0e:2d:e1:ee:a0:47:5d:cb:f8:
13:9a:52:df:86:73:40:79:1e:6b:0e:e9:82:36:61:
8d:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:87:0E:2C:FD:51:C9:D6:0A:84:E0:84:5D:DA:AF:06:AA:C3:88:B8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZocOLP1RydYKhOCEXdqvBqrDiLg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
34:56:65:4f:d3:77:94:08:49:43:dd:97:ef:8e:f9:2b:9e:31:
75:e8:f9:a4:ce:ec:7b:12:e4:e5:77:7f:12:fb:b7:5d:ae:18:
05:e3:0e:ea:fb:c8:f4:b0:31:34:2c:c9:d9:2d:23:32:9c:f2:
73:96:b4:32:24:74:31:e0:84:6f:18:3a:eb:3c:34:50:fe:f1:
0c:21:e4:73:1e:89:f3:5d:27:b7:c7:6c:a5:6f:f5:48:b3:f9:
2d:29:3a:be:07:e0:d5:fd:3b:d6:85:2a:66:73:aa:66:27:2b:
12:3c:17:fb:ca:67:b3:42:23:44:a8:f1:28:bd:4f:85:2c:6b:
9a:f5:66:4b:2a:64:01:ee:6e:63:18:f5:12:ee:96:2d:59:4d:
d7:f8:a9:93:47:34:69:36:07:ca:3e:44:ef:87:dc:95:c1:1a:
28:a2:e4:61:db:c0:5f:23:43:74:04:02:e7:a2:88:a9:44:55:
d7:ae:d2:07:bf:7f:18:dd:df:c2:5f:9d:61:25:51:26:80:85:
e7:30:01:92:18:a2:cd:d7:bb:75:87:22:75:2c:7a:ae:fb:af:
b4:d7:13:b1:91:e7:fd:7b:3c:fa:94:99:ca:c0:df:76:75:d3:
60:36:15:8a:e7:1a:18:66:34:77:ae:d0:f2:96:8e:a2:db:00:
ed:5d:31:5e
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdlgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTIy
MjExNDFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDY2ODcwRTJDRkQ1MUM5
RDYwQTg0RTA4NDVEREFBRjA2QUFDMzg4QjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDhwSG25KNGlmRoFjKyo2pdHFW5qaaKXQt7+nE0GzQHqufuemVR
RYeq+CPYR3e+/M4MlZXIVGT2SLbx/T/yleSBJYjiR2gryTIdwhRNc0pdJVxeurhh
X+NJXE58PZnhySovBgsbz86LLc1EMuj1MkXSypXSwKiAXQmOhJGEaDxHttzRr5mM
RJqKW/60Oru7W90gXb3Egu2WyAXrroXSPOK+UlV7o+zkwuVOQ2pxoEp9CCO/tsc1
toNfbM9HbSr/TCMWHG4VT+3+6cDIj3jeLiiXH4tPw9Dm8HnXgFT3n16Bo85HLkUr
Cg4t4e6gR13L+BOaUt+Gc0B5HmsO6YI2YY1NAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUZocOLP1RydYKhOCEXdqvBqrDiLgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1pvY09MUDFSeWRZS2hP
Q0VYZHF2QnFyRGlMZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA0VmVP
03eUCElD3ZfvjvkrnjF16Pmkzux7EuTld38S+7ddrhgF4w7q+8j0sDE0LMnZLSMy
nPJzlrQyJHQx4IRvGDrrPDRQ/vEMIeRzHonzXSe3x2ylb/VIs/ktKTq+B+DV/TvW
hSpmc6pmJysSPBf7ymezQiNEqPEovU+FLGua9WZLKmQB7m5jGPUS7pYtWU3X+KmT
RzRpNgfKPkTvh9yVwRooouRh28BfI0N0BALnooipRFXXrtIHv38Y3d/CX51hJVEm
gIXnMAGSGKLN17t1hyJ1LHqu+6+01xOxkef9ezz6lJnKwN92ddNgNhWK5xoYZjR3
rtDylo6i2wDtXTFe
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:38:41 2025 by rpki-client