Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/d42NJmhH_f6IAlF1ZhQBlVhAsr8.roa
File: d42NJmhH_f6IAlF1ZhQBlVhAsr8.roa (raw, json)
Hash identifier: LVl64j/7lHc87ZTPn5fuFvmFsPrnYyP5cp1jU64FQLM=
Subject key identifier: 77:8D:8D:26:68:47:FD:FE:88:02:51:75:66:14:01:95:58:40:B2:BF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6EA6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/d42NJmhH_f6IAlF1ZhQBlVhAsr8.roa
Signing time: Sun 22 Jun 2025 15:14:15 +0000
ROA not before: Sun 22 Jun 2025 15:14:15 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28326 (0x6ea6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 22 15:14:15 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=778D8D266847FDFE88025175661401955840B2BF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f0:b8:22:5c:38:cd:ca:19:57:29:39:19:eb:88:
6f:78:b0:40:2a:1b:a2:67:f0:69:d1:e4:d4:cc:fb:
54:df:d1:95:8e:30:0e:71:6f:4e:d1:2a:4f:e5:8b:
40:0d:82:4a:0c:38:92:9c:43:d6:86:2a:f0:29:2b:
a1:58:be:6a:6e:f1:ef:d3:28:48:10:e9:fd:d6:b3:
65:03:f0:2f:2b:cd:fe:f5:07:fc:00:ba:81:51:74:
29:73:e5:46:f3:36:4f:3c:ac:e8:8b:5a:12:ba:33:
89:a3:80:eb:68:a5:19:80:2c:f5:65:2d:e2:17:c8:
bf:22:4e:2c:c2:a7:26:16:51:88:41:41:fd:c7:1f:
db:db:0e:85:ef:ae:e0:ce:1b:91:a6:af:35:da:dc:
05:f1:fd:57:bd:a9:6a:da:c1:f1:98:f8:db:01:c7:
01:30:67:63:e6:60:b3:58:1f:48:56:2f:51:61:07:
89:fc:59:fc:94:79:6a:63:28:a1:59:7f:c8:bc:29:
ac:85:f5:63:a7:c0:ce:80:3b:90:6c:13:af:c1:7a:
45:2f:40:32:d3:9f:ca:75:43:39:73:f1:12:82:95:
4d:99:b3:97:6b:ca:82:0a:bc:eb:31:e8:e9:c3:9a:
19:28:f5:a2:50:1c:2c:69:b4:bf:89:7a:2a:bb:ed:
33:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:8D:8D:26:68:47:FD:FE:88:02:51:75:66:14:01:95:58:40:B2:BF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/d42NJmhH_f6IAlF1ZhQBlVhAsr8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
a9:b4:a2:fe:de:06:8f:59:c2:7c:ff:d8:8e:7f:d0:bc:5e:08:
05:62:14:fe:d6:f7:21:cb:3d:66:76:77:75:4a:ed:f2:9e:2a:
1b:d5:ca:37:cc:4f:fe:e1:59:38:27:c6:cb:5c:90:80:df:3b:
92:18:27:b6:bf:15:4d:a1:87:85:50:38:a1:be:86:09:a3:ae:
59:46:1c:d0:9e:8d:73:93:9f:68:9a:2d:69:7d:b5:ed:01:2a:
8c:30:70:91:87:88:98:bc:f5:fe:9d:7e:ff:44:cb:2f:0a:2b:
5d:28:fb:55:60:d9:ba:75:78:28:a6:b1:9c:d7:ad:f0:0e:48:
04:d8:f5:d3:10:4c:d8:af:dc:60:f2:98:8c:00:3f:f8:f7:78:
7b:98:60:14:b6:c8:c6:61:fb:a6:b8:be:fe:d6:aa:c5:4f:43:
d9:74:f2:94:d6:db:83:3c:b3:b2:dd:5b:1f:cd:c1:b9:fc:29:
e4:67:9d:0d:45:11:f3:c9:2d:aa:be:6b:0e:aa:56:c4:18:f9:
a9:1f:4c:45:1a:47:90:e9:0d:0b:a7:3d:f8:e9:e3:4c:01:54:
ca:c0:d0:35:80:26:df:de:83:eb:82:c7:6b:32:42:3c:a4:dd:
64:29:c9:c1:7c:52:d2:a2:5b:70:a9:37:32:46:13:4a:b1:96:
16:a4:9b:40
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbqYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjIx
NTE0MTVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDc3OEQ4RDI2Njg0N0ZE
RkU4ODAyNTE3NTY2MTQwMTk1NTg0MEIyQkYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDwuCJcOM3KGVcpORnriG94sEAqG6Jn8GnR5NTM+1Tf0ZWOMA5x
b07RKk/li0ANgkoMOJKcQ9aGKvApK6FYvmpu8e/TKEgQ6f3Ws2UD8C8rzf71B/wA
uoFRdClz5UbzNk88rOiLWhK6M4mjgOtopRmALPVlLeIXyL8iTizCpyYWUYhBQf3H
H9vbDoXvruDOG5GmrzXa3AXx/Ve9qWrawfGY+NsBxwEwZ2PmYLNYH0hWL1FhB4n8
WfyUeWpjKKFZf8i8KayF9WOnwM6AO5BsE6/BekUvQDLTn8p1Qzlz8RKClU2Zs5dr
yoIKvOsx6OnDmhko9aJQHCxptL+Jeiq77TOfAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUd42NJmhH/f6IAlF1ZhQBlVhAsr8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2Q0Mk5KbWhIX2Y2SUFs
RjFaaFFCbFZoQXNyOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCptKL+
3gaPWcJ8/9iOf9C8XggFYhT+1vchyz1mdnd1Su3yniob1co3zE/+4Vk4J8bLXJCA
3zuSGCe2vxVNoYeFUDihvoYJo65ZRhzQno1zk59omi1pfbXtASqMMHCRh4iYvPX+
nX7/RMsvCitdKPtVYNm6dXgoprGc163wDkgE2PXTEEzYr9xg8piMAD/493h7mGAU
tsjGYfumuL7+1qrFT0PZdPKU1tuDPLOy3VsfzcG5/CnkZ50NRRHzyS2qvmsOqlbE
GPmpH0xFGkeQ6Q0Lpz346eNMAVTKwNA1gCbf3oPrgsdrMkI8pN1kKcnBfFLSoltw
qTcyRhNKsZYWpJtA
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:51:46 2025 by rpki-client