Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/_9Qt9WW3tN7xkHWL4y2D2qIzBdE.roa
File: _9Qt9WW3tN7xkHWL4y2D2qIzBdE.roa (raw, json)
Hash identifier: UhQ/imQHmvCbRuah7p0BV1QZxE0gltK5bYjGT3OlL0o=
Subject key identifier: FF:D4:2D:F5:65:B7:B4:DE:F1:90:75:8B:E3:2D:83:DA:A2:33:05:D1
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7558
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_9Qt9WW3tN7xkHWL4y2D2qIzBdE.roa
Signing time: Thu 10 Jul 2025 05:45:09 +0000
ROA not before: Thu 10 Jul 2025 05:45:09 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30040 (0x7558)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 10 05:45:09 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=FFD42DF565B7B4DEF190758BE32D83DAA23305D1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:50:a1:47:18:65:f3:c7:7a:d9:d5:ff:fa:48:
7b:99:31:82:1e:49:fa:5f:10:cc:33:cb:97:c7:d5:
18:1c:a7:41:d9:6e:14:5d:ce:7b:ee:68:5d:8a:24:
52:23:89:b2:a9:52:eb:24:09:ce:89:95:a8:20:62:
04:74:ae:6f:e6:ad:bf:ba:94:09:5b:2d:2e:6f:4a:
64:8a:4c:4e:cb:a0:a5:8b:bb:93:6a:03:7a:fa:63:
ea:8e:d1:42:ec:0e:05:60:97:6e:43:0e:b7:6d:11:
c2:8d:a8:c9:8c:07:6d:a7:a9:6b:06:ca:d9:21:0a:
f7:31:0f:1b:54:bd:57:9e:de:f8:d1:a3:96:51:61:
c4:8e:f8:ad:93:5c:3e:33:cc:48:e0:76:62:31:1a:
47:f1:43:cb:33:fe:ff:26:b4:de:e1:54:5e:76:3f:
1e:12:3a:2a:6a:88:a7:ef:e8:fe:db:57:8c:e3:e2:
82:30:90:6d:04:d7:cf:36:aa:24:2c:f0:e7:ef:a5:
9a:2f:78:92:ce:d8:63:1c:e5:4e:a2:b6:9b:6d:28:
e5:2f:30:7d:e9:c9:2e:5d:fe:08:eb:3b:d9:d6:bb:
eb:82:50:ab:d5:e2:7f:2c:cf:cf:33:da:41:37:0c:
6e:a3:0e:a4:9e:ca:33:93:c9:ae:d1:3f:fc:31:d4:
f7:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:D4:2D:F5:65:B7:B4:DE:F1:90:75:8B:E3:2D:83:DA:A2:33:05:D1
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_9Qt9WW3tN7xkHWL4y2D2qIzBdE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
7f:40:b3:4c:75:90:49:b2:82:32:ca:a2:f2:9f:f2:02:31:44:
9d:c5:15:86:b4:ae:2a:07:2b:67:f0:41:f2:2f:70:9a:3f:ff:
dd:66:42:62:ae:81:a9:0d:46:2d:76:a2:ae:b8:7b:47:75:90:
4f:13:b9:08:6d:0f:c0:48:2e:1f:f6:3c:8c:dc:7f:93:62:04:
86:48:9c:0b:4f:d2:a0:1a:72:47:d7:e0:0c:b5:d5:86:48:36:
65:2e:cd:1e:18:57:5e:22:98:44:b6:c0:44:9a:f3:b7:36:96:
c5:31:9c:b6:68:17:02:b7:22:98:29:1a:f5:f4:96:bc:df:bd:
f3:99:57:1b:66:a6:1d:30:ff:f1:7a:b3:e3:52:69:1f:ef:59:
3c:c1:ac:2a:09:43:39:2d:40:3b:ad:94:e1:ee:a5:11:96:9c:
59:b2:39:3f:35:1d:fe:a7:d5:23:a6:25:d8:ae:ad:36:3c:73:
49:d1:7e:87:07:90:18:64:03:e8:71:9f:d9:b8:56:d9:69:3a:
26:06:99:b1:3e:71:4f:84:bf:e0:e9:a8:38:02:e0:6d:fe:60:
f4:c5:d1:98:cc:9a:93:ad:d9:f3:b7:fb:6a:76:9a:d9:e4:5a:
5f:3f:81:40:30:9b:90:46:ba:96:f9:8f:9e:0c:37:48:45:00:
6c:47:95:69
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdVgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTAw
NTQ1MDlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEZGRDQyREY1NjVCN0I0
REVGMTkwNzU4QkUzMkQ4M0RBQTIzMzA1RDEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDfUKFHGGXzx3rZ1f/6SHuZMYIeSfpfEMwzy5fH1Rgcp0HZbhRd
znvuaF2KJFIjibKpUuskCc6JlaggYgR0rm/mrb+6lAlbLS5vSmSKTE7LoKWLu5Nq
A3r6Y+qO0ULsDgVgl25DDrdtEcKNqMmMB22nqWsGytkhCvcxDxtUvVee3vjRo5ZR
YcSO+K2TXD4zzEjgdmIxGkfxQ8sz/v8mtN7hVF52Px4SOipqiKfv6P7bV4zj4oIw
kG0E1882qiQs8OfvpZoveJLO2GMc5U6itpttKOUvMH3pyS5d/gjrO9nWu+uCUKvV
4n8sz88z2kE3DG6jDqSeyjOTya7RP/wx1PeHAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU/9Qt9WW3tN7xkHWL4y2D2qIzBdEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L185UXQ5V1czdE43eGtI
V0w0eTJEMnFJekJkRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB/QLNM
dZBJsoIyyqLyn/ICMUSdxRWGtK4qBytn8EHyL3CaP//dZkJiroGpDUYtdqKuuHtH
dZBPE7kIbQ/ASC4f9jyM3H+TYgSGSJwLT9KgGnJH1+AMtdWGSDZlLs0eGFdeIphE
tsBEmvO3NpbFMZy2aBcCtyKYKRr19Ja8373zmVcbZqYdMP/xerPjUmkf71k8wawq
CUM5LUA7rZTh7qURlpxZsjk/NR3+p9UjpiXYrq02PHNJ0X6HB5AYZAPocZ/ZuFbZ
aTomBpmxPnFPhL/g6ag4AuBt/mD0xdGYzJqTrdnzt/tqdprZ5FpfP4FAMJuQRrqW
+Y+eDDdIRQBsR5Vp
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:34:15 2025 by rpki-client