Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/a-nLx0e-EUNYwGUD2HXWS_zF7V0.roa
File: a-nLx0e-EUNYwGUD2HXWS_zF7V0.roa (raw, json)
Hash identifier: pa7OcI2TrnBS9g7qPGDelOfZ6fgEUm1vS0SqvylhKnw=
Subject key identifier: 6B:E9:CB:C7:47:BE:11:43:58:C0:65:03:D8:75:D6:4B:FC:C5:ED:5D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 747C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/a-nLx0e-EUNYwGUD2HXWS_zF7V0.roa
Signing time: Mon 07 Jul 2025 22:45:00 +0000
ROA not before: Mon 07 Jul 2025 22:45:00 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29820 (0x747c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 7 22:45:00 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=6BE9CBC747BE114358C06503D875D64BFCC5ED5D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:fb:99:67:92:bc:52:74:74:9f:c0:71:c3:02:
ee:17:73:6d:20:e2:87:f4:46:f1:6d:70:ff:d0:ec:
fb:09:89:e5:d0:43:73:5f:6c:ce:a8:62:f1:e6:cc:
ba:cd:43:c4:b7:b2:e3:64:d9:d3:0d:b7:d5:63:80:
23:52:03:10:20:ae:c1:28:06:85:18:1f:3b:17:72:
bd:f1:41:62:9b:14:38:fd:3b:6a:f3:10:fa:14:01:
6f:98:53:4b:0f:f6:90:17:10:73:0d:90:a4:66:de:
74:a4:58:e2:ba:a7:6d:4c:97:25:4c:f6:a0:e8:6a:
5a:f5:cb:06:ef:56:ca:44:79:97:34:22:ad:a4:b7:
5a:0a:16:ac:8d:9e:0d:62:d3:a4:27:71:d3:1e:8f:
07:60:86:91:02:49:ac:39:43:2b:7f:13:db:4f:0c:
43:d2:a5:94:32:ce:6b:3d:f4:7d:9b:de:ef:d3:0f:
cb:87:2d:2a:aa:6e:10:14:a5:df:56:cb:45:50:08:
8f:41:a7:fc:b0:e3:79:1d:71:e2:44:f8:09:cb:86:
74:8b:5b:9b:3c:08:c8:b9:4b:e5:e0:b7:14:6d:82:
b2:e0:da:63:ca:9e:8d:fa:4d:49:6f:a5:8c:2d:9f:
ba:4f:95:cd:74:41:27:21:0e:2e:3e:10:89:b1:4d:
25:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:E9:CB:C7:47:BE:11:43:58:C0:65:03:D8:75:D6:4B:FC:C5:ED:5D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/a-nLx0e-EUNYwGUD2HXWS_zF7V0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
41:a3:1a:cc:b0:a3:90:f4:1a:af:1a:b5:b4:f5:63:b8:d6:47:
6a:8a:cf:d6:2f:a1:f4:b8:69:46:49:c0:7e:54:01:54:ce:cd:
0b:92:33:31:b9:94:d8:d7:75:cd:a0:17:c4:9e:67:aa:a6:84:
c4:58:f3:7d:f5:64:48:d4:f1:a0:6e:62:d1:17:0c:bc:c7:06:
08:c3:0c:80:2e:0d:fc:60:b3:d5:63:f8:59:54:bf:27:40:01:
6c:c5:ba:9d:56:e0:ad:80:e4:e2:e3:e0:d3:61:13:da:10:d3:
22:8f:a2:44:46:2d:94:59:d1:b3:b5:48:4b:70:62:64:b2:8b:
fb:ad:36:02:08:54:6a:e2:f7:49:3c:3e:30:1e:d9:3b:e5:19:
21:72:65:3d:76:56:a5:eb:f0:ef:64:20:77:81:b2:15:67:25:
67:17:ef:60:8a:14:84:7f:99:fb:52:5e:fc:25:dd:a8:96:9e:
1b:24:a8:05:78:bd:05:d5:98:81:e9:4b:69:71:fc:84:2d:6b:
ed:df:e4:c7:79:16:46:0e:93:f3:ec:29:d5:5a:3d:61:0f:f9:
80:c9:92:f6:d0:cb:2a:64:14:c5:eb:71:1c:40:08:f5:ed:10:
5e:4c:d5:ac:ff:1a:f4:6a:55:21:85:c5:af:2e:8d:81:80:ef:
a5:19:b0:31
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdHwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDcy
MjQ1MDBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDZCRTlDQkM3NDdCRTEx
NDM1OEMwNjUwM0Q4NzVENjRCRkNDNUVENUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCS+5lnkrxSdHSfwHHDAu4Xc20g4of0RvFtcP/Q7PsJieXQQ3Nf
bM6oYvHmzLrNQ8S3suNk2dMNt9VjgCNSAxAgrsEoBoUYHzsXcr3xQWKbFDj9O2rz
EPoUAW+YU0sP9pAXEHMNkKRm3nSkWOK6p21MlyVM9qDoalr1ywbvVspEeZc0Iq2k
t1oKFqyNng1i06QncdMejwdghpECSaw5Qyt/E9tPDEPSpZQyzms99H2b3u/TD8uH
LSqqbhAUpd9Wy0VQCI9Bp/yw43kdceJE+AnLhnSLW5s8CMi5S+XgtxRtgrLg2mPK
no36TUlvpYwtn7pPlc10QSchDi4+EImxTSVdAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUa+nLx0e+EUNYwGUD2HXWS/zF7V0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2Etbkx4MGUtRVVOWXdH
VUQySFhXU196RjdWMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBBoxrM
sKOQ9BqvGrW09WO41kdqis/WL6H0uGlGScB+VAFUzs0LkjMxuZTY13XNoBfEnmeq
poTEWPN99WRI1PGgbmLRFwy8xwYIwwyALg38YLPVY/hZVL8nQAFsxbqdVuCtgOTi
4+DTYRPaENMij6JERi2UWdGztUhLcGJksov7rTYCCFRq4vdJPD4wHtk75RkhcmU9
dlal6/DvZCB3gbIVZyVnF+9gihSEf5n7Ul78Jd2olp4bJKgFeL0F1ZiB6UtpcfyE
LWvt3+THeRZGDpPz7CnVWj1hD/mAyZL20MsqZBTF63EcQAj17RBeTNWs/xr0alUh
hcWvLo2BgO+lGbAx
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:35:06 2025 by rpki-client