Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/c9C-rkxFykBUJ4PBJqXBzwXF9IU.roa
File: c9C-rkxFykBUJ4PBJqXBzwXF9IU.roa (raw, json)
Hash identifier: a/SVNUb+pUTT0PIOUQFXEhpf8JYo7Aa4KCGtH1MZ7M8=
Subject key identifier: 73:D0:BE:AE:4C:45:CA:40:54:27:83:C1:26:A5:C1:CF:05:C5:F4:85
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 77B8
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/c9C-rkxFykBUJ4PBJqXBzwXF9IU.roa
Signing time: Wed 16 Jul 2025 14:11:57 +0000
ROA not before: Wed 16 Jul 2025 14:11:57 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30648 (0x77b8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 16 14:11:57 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=73D0BEAE4C45CA40542783C126A5C1CF05C5F485
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:05:60:47:17:06:2a:e4:f8:6f:18:1e:70:07:
3a:70:b6:b7:35:be:3b:3f:d8:b6:4b:95:87:75:14:
16:24:03:29:e0:ee:ba:fc:15:03:06:64:8f:56:2b:
96:67:87:a9:66:6a:9f:9c:eb:d9:97:e3:4d:9b:db:
b6:3c:bd:1f:d1:ae:4b:ca:77:9f:67:5b:35:b5:c4:
20:3b:a8:40:c1:e6:ed:53:a3:07:61:e0:2b:b6:71:
d3:a8:1c:7f:47:62:5b:70:43:28:3c:71:de:81:44:
c3:7e:e6:2c:af:a4:2d:29:4d:ef:df:44:ce:83:ac:
25:8f:8d:d1:44:0a:88:c6:6f:ae:1f:7d:9a:00:2f:
ee:b1:5f:ce:f1:0c:6a:71:95:fd:a0:1e:5a:f6:7b:
27:4f:d1:f3:54:4b:7a:09:1b:8b:aa:8e:19:92:99:
99:c2:a7:91:de:54:74:41:c4:a4:9a:ad:61:6f:1a:
cd:da:42:e4:36:33:b3:77:fc:1a:fe:e8:1d:82:6a:
13:0e:fd:d3:3e:4f:26:81:1e:ae:63:9b:16:24:8d:
38:69:b5:09:1a:fa:49:54:13:f5:4e:af:04:7b:00:
be:6c:a4:ed:21:b6:28:67:47:10:e3:9c:c2:19:98:
06:b1:6d:28:74:f9:b1:06:fb:aa:00:b6:64:a7:e6:
aa:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:D0:BE:AE:4C:45:CA:40:54:27:83:C1:26:A5:C1:CF:05:C5:F4:85
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/c9C-rkxFykBUJ4PBJqXBzwXF9IU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
a2:46:87:72:b0:82:4f:80:2f:a5:d1:d9:a5:2e:ab:65:35:26:
f0:11:57:dd:08:87:a7:75:9c:cf:7f:99:ce:81:2b:c6:0b:ee:
79:e5:88:f3:1c:a8:0b:0d:60:0e:9a:92:40:7f:45:a7:84:df:
c7:b0:d7:66:da:58:38:7a:1c:12:b6:8c:c4:13:ff:97:c2:bb:
7d:15:13:65:43:0a:2c:86:bb:13:2b:8c:a3:2b:f0:52:6b:9a:
62:d7:7a:3e:ea:64:d3:11:41:c7:e8:c0:75:ed:a8:29:f1:a4:
71:14:da:77:f2:d3:77:05:94:91:8c:02:11:3a:6a:57:5f:e2:
57:a2:42:9a:ee:6d:d8:ca:ca:b3:c7:10:cd:f3:78:d2:2a:e9:
43:a3:ca:25:c7:f8:96:5f:67:1a:af:c3:cb:a1:09:9c:d6:8f:
5d:c8:58:1f:1a:5e:5b:e8:e8:b5:da:5e:35:1d:22:76:0e:25:
76:61:a9:b6:e8:8e:81:36:af:4f:1e:2a:91:81:c7:a0:7f:0e:
07:01:0c:61:da:c1:18:8a:ec:06:02:35:15:1b:b4:be:f8:10:
1f:5c:a6:c1:61:11:6d:51:49:8b:5f:9c:05:32:b2:47:25:84:
ce:a0:c1:94:95:d7:1e:ff:5d:f7:88:83:50:7a:8c:f9:b2:9d:
09:0b:7b:e5
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICd7gwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTYx
NDExNTdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDczRDBCRUFFNEM0NUNB
NDA1NDI3ODNDMTI2QTVDMUNGMDVDNUY0ODUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCfBWBHFwYq5PhvGB5wBzpwtrc1vjs/2LZLlYd1FBYkAyng7rr8
FQMGZI9WK5Znh6lmap+c69mX402b27Y8vR/RrkvKd59nWzW1xCA7qEDB5u1Towdh
4Cu2cdOoHH9HYltwQyg8cd6BRMN+5iyvpC0pTe/fRM6DrCWPjdFECojGb64ffZoA
L+6xX87xDGpxlf2gHlr2eydP0fNUS3oJG4uqjhmSmZnCp5HeVHRBxKSarWFvGs3a
QuQ2M7N3/Br+6B2CahMO/dM+TyaBHq5jmxYkjThptQka+klUE/VOrwR7AL5spO0h
tihnRxDjnMIZmAaxbSh0+bEG+6oAtmSn5qoBAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUc9C+rkxFykBUJ4PBJqXBzwXF9IUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2M5Qy1ya3hGeWtCVUo0
UEJKcVhCendYRjlJVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCiRody
sIJPgC+l0dmlLqtlNSbwEVfdCIendZzPf5nOgSvGC+555YjzHKgLDWAOmpJAf0Wn
hN/HsNdm2lg4ehwStozEE/+Xwrt9FRNlQwoshrsTK4yjK/BSa5pi13o+6mTTEUHH
6MB17agp8aRxFNp38tN3BZSRjAIROmpXX+JXokKa7m3YysqzxxDN83jSKulDo8ol
x/iWX2car8PLoQmc1o9dyFgfGl5b6Oi12l41HSJ2DiV2Yam26I6BNq9PHiqRgceg
fw4HAQxh2sEYiuwGAjUVG7S++BAfXKbBYRFtUUmLX5wFMrJHJYTOoMGUldce/133
iINQeoz5sp0JC3vl
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:30:45 2025 by rpki-client