
Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/aBcuffhFZY7JpwshyxMy3sg_SIY.roa
File: aBcuffhFZY7JpwshyxMy3sg_SIY.roa (raw, json)
Hash identifier: SM4i0jyoobVlw918WVM395T82Ld5MRGbekOoQnCdnZA=
Subject key identifier: 68:17:2E:7D:F8:45:65:8E:C9:A7:0B:21:CB:13:32:DE:C8:3F:48:86
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7918
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/aBcuffhFZY7JpwshyxMy3sg_SIY.roa
Signing time: Sun 20 Jul 2025 06:12:07 +0000
ROA not before: Sun 20 Jul 2025 06:12:07 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 31000 (0x7918)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 20 06:12:07 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=68172E7DF845658EC9A70B21CB1332DEC83F4886
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:c0:f4:a5:38:fd:1b:ee:f6:62:b2:74:62:6e:
24:34:80:2b:2a:80:bd:b5:61:4d:de:63:5b:5b:c8:
63:72:1e:6c:0a:71:d7:7d:f6:9a:43:4a:b9:5a:ad:
7e:94:5a:3f:7a:3e:84:29:de:17:d4:9a:5a:b9:15:
35:54:e0:3d:07:a0:21:0d:a6:a1:1f:47:c6:d0:8a:
a9:2e:a0:5f:f5:b3:d1:52:4b:fb:a1:2d:e0:d7:44:
6a:39:07:22:f0:bd:53:d3:19:a6:44:f5:bd:38:44:
b0:28:a3:64:86:d3:9c:53:a4:fd:58:8d:c6:11:c9:
08:3e:f2:95:47:1a:4c:c8:ef:11:3f:3c:4a:39:a7:
14:26:f7:bf:14:e6:77:c3:c0:b9:68:e7:1f:2a:4d:
f8:cd:c1:09:22:39:9e:bd:d4:53:25:4a:c5:0a:5d:
1a:37:48:92:79:b7:61:d6:2e:76:d6:f1:8a:e0:0f:
fc:22:15:41:84:54:a4:72:40:0a:e5:fa:a1:9e:d4:
82:21:d7:b3:66:42:95:a0:37:3d:94:a6:85:87:26:
d5:e4:3c:b2:c9:11:9c:1c:ab:50:2f:43:4c:ec:bf:
c0:b5:dc:47:9d:55:ec:e1:c1:e4:c2:f4:9e:bb:1b:
ec:fd:af:3d:5c:d5:34:75:6e:c4:df:46:59:9c:f5:
2a:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:17:2E:7D:F8:45:65:8E:C9:A7:0B:21:CB:13:32:DE:C8:3F:48:86
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/aBcuffhFZY7JpwshyxMy3sg_SIY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
41:49:12:6c:11:ad:b4:6d:c7:dc:c5:0f:fd:2b:a5:c2:85:18:
a0:65:e5:e3:46:4a:da:fb:6f:f1:49:60:bb:22:1b:4f:7f:05:
bc:76:b8:57:60:ed:9c:e0:85:2f:d9:26:2f:c2:86:fe:cf:97:
a6:f2:a8:e0:7d:c4:93:9d:c3:fd:3c:df:a2:2f:3b:c4:92:b3:
53:30:34:9b:86:91:df:1a:f5:29:3c:58:6f:67:31:42:89:42:
45:69:b3:0c:76:1e:e8:63:2c:f0:fe:3e:0b:5a:da:eb:13:52:
67:34:66:25:ca:06:28:7c:d1:0f:5c:33:a0:98:c5:3f:be:ae:
6a:7a:ae:e5:d4:34:8b:8f:41:de:75:c6:6d:e3:97:c3:80:e6:
25:ad:9b:db:ca:d4:78:f4:61:59:8c:5b:b5:90:48:61:69:43:
f3:16:10:b5:fb:9b:ca:63:a0:39:61:7c:53:11:29:a7:86:01:
3c:31:fd:43:a0:a0:0d:ae:40:3b:3e:23:34:cb:f1:1e:f1:23:
86:b5:a2:2e:41:1f:56:6b:a2:12:db:59:2f:02:12:bb:ca:92:
5c:15:33:f3:78:f1:28:53:0e:35:27:ce:c6:0e:c3:9a:b7:82:
a7:88:c7:95:de:66:d8:b3:f6:18:03:59:6a:9b:d2:e9:ad:8c:
9b:7f:71:69
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeRgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MjAw
NjEyMDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDY4MTcyRTdERjg0NTY1
OEVDOUE3MEIyMUNCMTMzMkRFQzgzRjQ4ODYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCpwPSlOP0b7vZisnRibiQ0gCsqgL21YU3eY1tbyGNyHmwKcdd9
9ppDSrlarX6UWj96PoQp3hfUmlq5FTVU4D0HoCENpqEfR8bQiqkuoF/1s9FSS/uh
LeDXRGo5ByLwvVPTGaZE9b04RLAoo2SG05xTpP1YjcYRyQg+8pVHGkzI7xE/PEo5
pxQm978U5nfDwLlo5x8qTfjNwQkiOZ691FMlSsUKXRo3SJJ5t2HWLnbW8YrgD/wi
FUGEVKRyQArl+qGe1IIh17NmQpWgNz2UpoWHJtXkPLLJEZwcq1AvQ0zsv8C13Eed
VezhweTC9J67G+z9rz1c1TR1bsTfRlmc9SpdAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUaBcuffhFZY7JpwshyxMy3sg/SIYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2FCY3VmZmhGWlk3SnB3
c2h5eE15M3NnX1NJWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBBSRJs
Ea20bcfcxQ/9K6XChRigZeXjRkra+2/xSWC7IhtPfwW8drhXYO2c4IUv2SYvwob+
z5em8qjgfcSTncP9PN+iLzvEkrNTMDSbhpHfGvUpPFhvZzFCiUJFabMMdh7oYyzw
/j4LWtrrE1JnNGYlygYofNEPXDOgmMU/vq5qeq7l1DSLj0HedcZt45fDgOYlrZvb
ytR49GFZjFu1kEhhaUPzFhC1+5vKY6A5YXxTESmnhgE8Mf1DoKANrkA7PiM0y/Ee
8SOGtaIuQR9Wa6IS21kvAhK7ypJcFTPzePEoUw41J87GDsOat4KniMeV3mbYs/YY
A1lqm9LprYybf3Fp
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:48:32 2025 by rpki-client