Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/cBHe70KhGv8XimzWA2Gkb-Bwdp8.roa
File: cBHe70KhGv8XimzWA2Gkb-Bwdp8.roa (raw, json)
Hash identifier: RLRxLd+RV5WSu4UeYVa4pXzw0HqUYtEKUJeD3nEfSds=
Subject key identifier: 70:11:DE:EF:42:A1:1A:FF:17:8A:6C:D6:03:61:A4:6F:E0:70:76:9F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 75D2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/cBHe70KhGv8XimzWA2Gkb-Bwdp8.roa
Signing time: Fri 11 Jul 2025 12:41:43 +0000
ROA not before: Fri 11 Jul 2025 12:41:43 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30162 (0x75d2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 11 12:41:43 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=7011DEEF42A11AFF178A6CD60361A46FE070769F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:0a:94:fb:fe:cc:5e:91:d5:7d:36:f8:23:dd:
86:ee:54:49:79:f2:3a:6c:10:87:eb:e4:80:70:4e:
7f:77:d8:1d:13:d8:c0:ab:01:d3:20:8c:a9:0f:00:
78:8b:8a:91:17:ac:10:fc:75:f9:80:f5:e7:3f:5c:
b5:3c:9b:09:8e:42:1b:b9:90:32:fa:fd:13:0e:bd:
a1:66:ef:38:9a:cb:ed:f2:ef:86:be:d8:37:11:f4:
09:45:5c:ab:f2:61:5a:4b:9d:8c:0c:13:60:f3:d2:
bf:76:52:f5:6c:04:54:97:ec:59:fa:2b:05:80:ae:
70:f4:86:f8:09:ca:0f:81:ca:e2:ac:16:b8:53:9b:
32:c1:81:65:71:5a:7c:36:aa:60:39:fc:1e:a1:98:
08:ba:28:78:49:d0:b3:c2:0a:5a:f9:62:ad:81:a4:
0c:9f:82:22:9f:c9:80:16:de:4d:00:8d:b9:35:02:
92:a3:a8:bc:a2:79:a9:af:8a:6b:66:19:5b:68:0c:
fd:c1:a0:22:36:d1:f2:22:8d:b3:7c:6c:7e:1a:31:
65:b0:13:2c:b0:d0:56:cd:6f:5c:92:a2:b3:d0:5d:
19:64:85:53:69:c4:8c:cb:5d:19:6b:5b:57:50:77:
d7:bf:b0:03:b1:4a:f6:04:43:90:ac:78:5e:08:d8:
9b:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:11:DE:EF:42:A1:1A:FF:17:8A:6C:D6:03:61:A4:6F:E0:70:76:9F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/cBHe70KhGv8XimzWA2Gkb-Bwdp8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
5e:86:15:d5:c2:bd:45:ba:47:22:d8:c0:d6:f8:a0:5c:be:25:
fc:84:20:27:53:59:0d:99:51:02:c8:67:ae:04:6e:8a:21:83:
86:b4:92:7d:f6:be:41:56:08:4c:ea:64:6b:54:10:05:e6:63:
ce:aa:38:6d:65:2b:c0:9d:24:e5:e4:40:a7:cb:f4:e2:aa:c2:
36:45:04:fd:7f:2b:b3:92:f5:5e:94:54:37:57:2d:c5:8d:29:
31:96:20:94:79:4c:ab:20:36:25:da:bc:65:78:f8:d0:d4:b0:
ad:d3:df:98:69:d8:d1:b1:47:96:3f:e4:a5:33:bb:6a:6f:a0:
36:97:20:da:1d:b1:a6:0b:fb:6c:cf:85:b0:20:df:58:6e:1e:
7a:e7:30:6c:81:4d:66:7f:54:da:d5:9c:46:0c:de:5c:b8:67:
39:46:8e:ff:00:77:df:a7:c9:df:a5:5b:d4:bc:1a:74:4a:8d:
e0:30:6a:8c:72:96:97:da:0f:1c:84:7a:53:63:23:e4:71:b3:
50:aa:bd:8b:ee:5c:a6:74:f4:e0:6b:72:a3:90:0d:28:2d:69:
95:20:a9:17:73:05:8d:c5:f9:14:02:11:f0:43:32:8c:2c:e0:
3e:0c:ed:84:f8:35:31:47:f6:d6:f1:cd:fe:66:e7:7a:aa:e9:
97:14:22:7a
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICddIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTEx
MjQxNDNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDcwMTFERUVGNDJBMTFB
RkYxNzhBNkNENjAzNjFBNDZGRTA3MDc2OUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDACpT7/sxekdV9Nvgj3YbuVEl58jpsEIfr5IBwTn932B0T2MCr
AdMgjKkPAHiLipEXrBD8dfmA9ec/XLU8mwmOQhu5kDL6/RMOvaFm7ziay+3y74a+
2DcR9AlFXKvyYVpLnYwME2Dz0r92UvVsBFSX7Fn6KwWArnD0hvgJyg+ByuKsFrhT
mzLBgWVxWnw2qmA5/B6hmAi6KHhJ0LPCClr5Yq2BpAyfgiKfyYAW3k0Ajbk1ApKj
qLyieamvimtmGVtoDP3BoCI20fIijbN8bH4aMWWwEyyw0FbNb1ySorPQXRlkhVNp
xIzLXRlrW1dQd9e/sAOxSvYEQ5CseF4I2JulAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUcBHe70KhGv8XimzWA2Gkb+Bwdp8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2NCSGU3MEtoR3Y4WGlt
eldBMkdrYi1Cd2RwOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBehhXV
wr1Fukci2MDW+KBcviX8hCAnU1kNmVECyGeuBG6KIYOGtJJ99r5BVghM6mRrVBAF
5mPOqjhtZSvAnSTl5ECny/TiqsI2RQT9fyuzkvVelFQ3Vy3FjSkxliCUeUyrIDYl
2rxlePjQ1LCt09+YadjRsUeWP+SlM7tqb6A2lyDaHbGmC/tsz4WwIN9Ybh565zBs
gU1mf1Ta1ZxGDN5cuGc5Ro7/AHffp8nfpVvUvBp0So3gMGqMcpaX2g8chHpTYyPk
cbNQqr2L7lymdPTga3KjkA0oLWmVIKkXcwWNxfkUAhHwQzKMLOA+DO2E+DUxR/bW
8c3+Zud6qumXFCJ6
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:40:05 2025 by rpki-client