Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/cla1BXh7ko1ueZJTX6AMp9Dq4vk.roa
File: cla1BXh7ko1ueZJTX6AMp9Dq4vk.roa (raw, json)
Hash identifier: cdzEVqzrGir8FJWM6cQeeRdPJs8Qxz3COxCxASsWu2k=
Subject key identifier: 72:56:B5:05:78:7B:92:8D:6E:79:92:53:5F:A0:0C:A7:D0:EA:E2:F9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7512
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/cla1BXh7ko1ueZJTX6AMp9Dq4vk.roa
Signing time: Wed 09 Jul 2025 12:15:24 +0000
ROA not before: Wed 09 Jul 2025 12:15:24 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29970 (0x7512)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 9 12:15:24 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=7256B505787B928D6E7992535FA00CA7D0EAE2F9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:20:c8:2a:c2:76:0b:d2:6d:89:f9:bc:e3:77:
3a:69:81:48:17:e3:9d:d1:a7:f6:c6:d2:f9:06:ad:
d7:b7:a4:14:11:e3:64:18:a3:6d:8a:8f:44:b2:34:
dc:d9:a1:95:79:47:f3:f7:6e:36:28:92:f7:bb:1b:
a8:e0:14:32:87:8e:e7:72:e9:fc:df:58:5c:3e:a1:
1f:7a:ee:5f:93:15:88:5f:fd:f1:ff:49:82:f8:2c:
67:dd:94:45:12:10:1b:ef:71:16:f8:e5:64:61:3d:
5f:15:ca:5b:de:a8:a3:62:44:ba:04:4d:e2:44:bd:
2f:ec:60:a7:6a:13:c4:93:e8:3a:e2:fc:ce:3d:59:
eb:7c:90:ae:a4:09:8b:cb:3d:c4:b2:56:66:76:1e:
6b:09:8f:5c:15:98:3a:a8:10:cf:ae:49:b8:8d:1c:
3a:fb:e8:62:dc:d0:60:cd:4e:d7:1d:13:82:46:a6:
f3:67:f6:02:86:bf:db:e4:1a:33:20:b1:f0:f5:07:
1f:cd:39:91:0b:20:f5:c8:91:d5:1a:25:0f:a2:82:
bd:76:6b:93:57:c2:da:70:a5:0d:47:cd:97:da:8c:
62:e5:0a:c9:ad:ed:6f:3b:31:a2:91:3a:c8:9c:64:
33:7b:26:eb:ba:f3:13:ff:1a:81:4b:b0:85:00:1a:
4b:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:56:B5:05:78:7B:92:8D:6E:79:92:53:5F:A0:0C:A7:D0:EA:E2:F9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/cla1BXh7ko1ueZJTX6AMp9Dq4vk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
a9:d3:b5:7a:b9:d2:40:5a:d4:0b:0b:1e:64:26:6c:72:84:61:
6b:10:2f:c7:c0:a2:48:80:38:d3:76:7c:59:4f:7c:3b:21:a9:
3f:d2:82:9e:21:ea:4a:12:21:0b:2d:f5:74:ba:a4:4b:a0:1b:
6e:d0:0e:78:43:57:4e:0b:78:0a:dd:54:5e:cc:93:90:f9:72:
f7:33:45:72:09:1a:0c:39:7c:f8:87:5b:b5:78:5b:12:5c:a2:
95:b9:fc:fe:0d:1e:8d:18:4f:3a:93:3f:9d:0d:4f:63:b3:97:
a6:cb:72:ea:cc:a9:76:15:be:d1:14:e1:f2:56:6a:67:c4:f6:
fc:2e:2e:b0:72:51:f5:b3:d9:65:68:90:3a:f0:b6:70:86:fd:
38:8b:a9:54:f6:86:59:6c:61:d2:e5:3a:d4:c6:ae:2d:20:6c:
37:77:28:23:ca:09:be:b3:3d:26:fe:76:9b:15:ea:dd:8a:b3:
52:9c:f6:bd:15:fc:de:11:d1:68:03:cc:d5:f5:0f:ed:c0:c6:
ff:e3:16:fc:fe:8d:e6:bd:e4:08:1e:3d:ec:bf:d8:22:e8:71:
d9:dd:ea:90:34:80:24:f4:f1:a0:62:75:2a:ae:cd:a6:9b:6e:
03:1b:81:1c:9d:57:d6:35:3f:c0:76:67:e2:52:3a:55:eb:bf:
8f:27:a9:69
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdRIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDkx
MjE1MjRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDcyNTZCNTA1Nzg3Qjky
OEQ2RTc5OTI1MzVGQTAwQ0E3RDBFQUUyRjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC3IMgqwnYL0m2J+bzjdzppgUgX453Rp/bG0vkGrde3pBQR42QY
o22Kj0SyNNzZoZV5R/P3bjYokve7G6jgFDKHjudy6fzfWFw+oR967l+TFYhf/fH/
SYL4LGfdlEUSEBvvcRb45WRhPV8VylveqKNiRLoETeJEvS/sYKdqE8ST6Dri/M49
Wet8kK6kCYvLPcSyVmZ2HmsJj1wVmDqoEM+uSbiNHDr76GLc0GDNTtcdE4JGpvNn
9gKGv9vkGjMgsfD1Bx/NOZELIPXIkdUaJQ+igr12a5NXwtpwpQ1HzZfajGLlCsmt
7W87MaKROsicZDN7Juu68xP/GoFLsIUAGkt3AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUcla1BXh7ko1ueZJTX6AMp9Dq4vkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2NsYTFCWGg3a28xdWVa
SlRYNkFNcDlEcTR2ay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCp07V6
udJAWtQLCx5kJmxyhGFrEC/HwKJIgDjTdnxZT3w7Iak/0oKeIepKEiELLfV0uqRL
oBtu0A54Q1dOC3gK3VRezJOQ+XL3M0VyCRoMOXz4h1u1eFsSXKKVufz+DR6NGE86
kz+dDU9js5emy3LqzKl2Fb7RFOHyVmpnxPb8Li6wclH1s9llaJA68LZwhv04i6lU
9oZZbGHS5TrUxq4tIGw3dygjygm+sz0m/nabFerdirNSnPa9FfzeEdFoA8zV9Q/t
wMb/4xb8/o3mveQIHj3sv9gi6HHZ3eqQNIAk9PGgYnUqrs2mm24DG4EcnVfWNT/A
dmfiUjpV67+PJ6lp
-----END CERTIFICATE-----
Generated at Mon Jul 21 03:02:36 2025 by rpki-client