Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/aej41d1p9jDKAEQcnH6A-Xtmbf8.roa
File: aej41d1p9jDKAEQcnH6A-Xtmbf8.roa (raw, json)
Hash identifier: xp0U79GiCj4XuwqjLE3r24UYatmMjPj9osVvIgsezKg=
Subject key identifier: 69:E8:F8:D5:DD:69:F6:30:CA:00:44:1C:9C:7E:80:F9:7B:66:6D:FF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 752C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/aej41d1p9jDKAEQcnH6A-Xtmbf8.roa
Signing time: Wed 09 Jul 2025 18:45:08 +0000
ROA not before: Wed 09 Jul 2025 18:45:08 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29996 (0x752c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 9 18:45:08 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=69E8F8D5DD69F630CA00441C9C7E80F97B666DFF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:23:d9:ef:a7:36:16:36:13:60:db:7e:af:4f:
4b:86:02:be:e3:4f:75:04:30:b6:05:3a:b9:61:22:
88:b7:87:02:eb:ea:d2:6e:67:94:d3:53:ce:d6:d4:
16:20:60:dd:84:59:39:72:85:46:92:d8:12:4c:8b:
e3:42:d8:75:e2:dd:70:77:4d:28:71:70:0c:3f:58:
2c:74:a3:c6:ec:d6:98:43:ad:ad:5a:80:b1:55:6b:
bd:85:d6:0c:55:f8:be:4e:8e:ad:42:e6:d9:4c:9c:
99:a1:b5:e3:b1:df:be:d8:58:9b:c2:52:78:5d:de:
a4:a1:52:eb:c9:c1:c6:5e:32:32:11:df:03:1f:11:
fe:1c:2c:c3:ef:a7:a1:51:db:22:65:1a:54:67:67:
b4:f9:1a:66:dd:10:e6:2e:d3:56:e6:d2:fd:30:2b:
98:5e:0d:2d:a8:81:72:e2:2f:4e:4f:e2:bc:26:08:
5c:e6:55:c2:2c:42:4b:1a:00:c2:6a:26:6f:13:6b:
6e:d8:1e:cc:72:0d:c7:9f:1e:54:f8:96:08:a6:da:
63:55:18:af:5a:c5:a3:8d:a4:31:eb:a0:75:26:50:
08:fe:99:94:70:d9:5c:5e:b6:1e:3c:e4:b7:37:3e:
4c:15:b1:25:5c:31:d6:e1:30:14:fe:73:8c:a1:b0:
e2:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
69:E8:F8:D5:DD:69:F6:30:CA:00:44:1C:9C:7E:80:F9:7B:66:6D:FF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/aej41d1p9jDKAEQcnH6A-Xtmbf8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
43:1c:7e:4e:44:f4:a4:4b:04:e1:de:03:aa:57:52:0f:b6:77:
49:f9:85:36:99:f0:3c:c1:ef:a5:c5:c9:b2:5f:03:9b:60:00:
69:20:c7:96:fc:da:66:97:d0:5b:24:d7:c9:67:14:ab:ff:f4:
9f:4d:76:ce:d5:6b:94:7e:3b:38:9a:9c:26:15:7e:49:a8:0f:
5b:6e:14:ba:92:62:b6:32:b6:92:a7:fe:2d:2e:4b:e9:1e:8f:
ba:cc:62:1f:79:6d:e3:65:91:8e:d7:50:f0:28:e4:15:56:d7:
6b:18:17:3b:d9:de:1f:f6:0c:47:ef:04:4f:78:d0:79:8a:ca:
79:44:5e:32:16:42:d1:e8:05:ae:de:8c:a7:31:c0:50:0d:bf:
f5:23:95:ad:06:f2:12:0b:fb:ab:d6:3a:de:c9:ce:20:54:cd:
36:cf:31:8d:a4:d9:bd:1f:9f:9f:d8:56:14:d7:41:7c:1d:4e:
70:f9:4f:43:d6:58:eb:4f:b0:3a:ef:65:9d:0e:58:c3:3c:f5:
e5:c6:d1:58:69:88:67:6a:61:e5:38:55:eb:d9:1d:7b:09:9e:
9f:63:55:73:a3:b0:b4:2e:27:12:58:be:c1:be:75:72:43:bb:
1c:6d:dd:dd:d6:be:e5:fa:b8:5d:6e:f2:aa:38:61:e0:3a:25:
c2:aa:e0:fa
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdSwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDkx
ODQ1MDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDY5RThGOEQ1REQ2OUY2
MzBDQTAwNDQxQzlDN0U4MEY5N0I2NjZERkYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCvI9nvpzYWNhNg236vT0uGAr7jT3UEMLYFOrlhIoi3hwLr6tJu
Z5TTU87W1BYgYN2EWTlyhUaS2BJMi+NC2HXi3XB3TShxcAw/WCx0o8bs1phDra1a
gLFVa72F1gxV+L5Ojq1C5tlMnJmhteOx377YWJvCUnhd3qShUuvJwcZeMjIR3wMf
Ef4cLMPvp6FR2yJlGlRnZ7T5GmbdEOYu01bm0v0wK5heDS2ogXLiL05P4rwmCFzm
VcIsQksaAMJqJm8Ta27YHsxyDcefHlT4lgim2mNVGK9axaONpDHroHUmUAj+mZRw
2Vxeth485Lc3PkwVsSVcMdbhMBT+c4yhsOJ9AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUaej41d1p9jDKAEQcnH6A+Xtmbf8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2FlajQxZDFwOWpES0FF
UWNuSDZBLVh0bWJmOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBDHH5O
RPSkSwTh3gOqV1IPtndJ+YU2mfA8we+lxcmyXwObYABpIMeW/Npml9BbJNfJZxSr
//SfTXbO1WuUfjs4mpwmFX5JqA9bbhS6kmK2MraSp/4tLkvpHo+6zGIfeW3jZZGO
11DwKOQVVtdrGBc72d4f9gxH7wRPeNB5isp5RF4yFkLR6AWu3oynMcBQDb/1I5Wt
BvISC/ur1jreyc4gVM02zzGNpNm9H5+f2FYU10F8HU5w+U9D1ljrT7A672WdDljD
PPXlxtFYaYhnamHlOFXr2R17CZ6fY1Vzo7C0LicSWL7BvnVyQ7scbd3d1r7l+rhd
bvKqOGHgOiXCquD6
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:39:19 2025 by rpki-client