Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/dCkAfkXDpxSBmSJFeDC7yVp6SfA.roa
File: dCkAfkXDpxSBmSJFeDC7yVp6SfA.roa (raw, json)
Hash identifier: Mw4SDbTYbVo2QqbuE4uMzE0Soz3Z9QjBL2IG+kS8y0Y=
Subject key identifier: 74:29:00:7E:45:C3:A7:14:81:99:22:45:78:30:BB:C9:5A:7A:49:F0
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 70AC
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dCkAfkXDpxSBmSJFeDC7yVp6SfA.roa
Signing time: Fri 27 Jun 2025 18:44:50 +0000
ROA not before: Fri 27 Jun 2025 18:44:50 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28844 (0x70ac)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 27 18:44:50 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=7429007E45C3A714819922457830BBC95A7A49F0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:69:f9:0d:f8:ab:55:45:01:a3:09:ec:41:3c:
91:9d:e4:51:ff:be:93:49:97:f5:84:c1:9b:e0:fd:
55:d4:ed:fa:86:79:78:22:17:ea:86:7e:87:19:68:
08:eb:df:56:0e:5a:a7:e2:19:5b:e6:40:2a:7a:8b:
62:8b:b9:9a:ba:9a:0f:b9:78:8b:d2:fa:e9:28:b0:
20:bc:f6:00:35:da:4f:cb:80:1f:37:2b:57:f7:32:
b0:b0:91:92:5c:19:43:ee:a2:35:a4:86:27:06:3e:
61:ce:17:2d:bc:16:84:28:d6:39:74:68:47:01:37:
98:26:98:80:55:20:55:e8:02:f5:f2:b4:a7:d2:de:
54:65:ed:e1:88:d2:d6:27:03:0f:7a:dd:e4:79:4d:
a9:27:0b:fe:54:3f:5b:1d:98:f9:09:33:cc:53:bf:
8a:7c:ea:6f:f7:f0:cd:4d:74:49:a3:6f:61:08:aa:
ba:e9:91:51:26:78:08:81:a6:c3:f7:bc:ed:ca:61:
0a:00:61:c1:bb:51:67:0c:42:61:c3:f7:aa:b5:58:
e1:52:0e:11:f2:7a:5b:32:b4:73:96:04:9e:21:c4:
a0:36:83:03:da:30:f4:6c:00:14:7e:35:0a:52:8f:
e6:b7:b4:c1:37:fe:a1:9c:82:6c:50:d6:a9:53:e9:
f6:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:29:00:7E:45:C3:A7:14:81:99:22:45:78:30:BB:C9:5A:7A:49:F0
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dCkAfkXDpxSBmSJFeDC7yVp6SfA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
3e:74:f2:92:40:de:96:c8:a5:e0:0b:44:6c:d6:d4:dd:4f:1f:
bd:37:da:33:9d:bd:f7:cf:cc:82:cb:e5:52:30:4b:88:8c:82:
67:3b:5a:41:be:76:5d:8b:95:b2:9d:56:95:d7:64:89:ac:43:
76:86:36:9c:9e:c7:85:6e:8c:62:cf:c1:83:dd:56:e2:a5:b0:
c3:52:26:77:49:15:f2:6e:ac:0e:73:27:d0:77:e7:d8:d3:60:
70:60:72:9d:ba:81:29:ce:ce:f5:83:a1:59:03:46:d3:aa:18:
72:80:3f:cb:71:09:35:d8:ca:cc:92:fc:f8:93:b0:56:d8:6c:
c6:44:47:dd:76:ed:1f:2f:f9:22:51:b5:12:f4:ee:92:1f:7a:
a0:fc:c3:be:ce:d4:e8:e5:95:24:6b:73:eb:35:40:f9:c3:b6:
51:8f:e2:c2:46:4c:07:88:38:c8:58:9c:ee:09:79:0f:70:20:
63:2b:12:66:34:95:ff:fa:1e:1d:66:5c:6c:53:3a:f0:3c:06:
c3:f3:4a:47:d0:28:ad:e8:29:44:53:98:4f:03:1a:57:38:05:
b0:ff:71:a9:0d:1c:61:53:22:3e:53:c6:c3:05:07:6c:5d:57:
90:f9:08:91:03:63:0a:c4:97:19:2c:22:99:c1:8a:83:b8:b1:
2e:86:2d:3b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcKwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2Mjcx
ODQ0NTBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDc0MjkwMDdFNDVDM0E3
MTQ4MTk5MjI0NTc4MzBCQkM5NUE3QTQ5RjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7afkN+KtVRQGjCexBPJGd5FH/vpNJl/WEwZvg/VXU7fqGeXgi
F+qGfocZaAjr31YOWqfiGVvmQCp6i2KLuZq6mg+5eIvS+ukosCC89gA12k/LgB83
K1f3MrCwkZJcGUPuojWkhicGPmHOFy28FoQo1jl0aEcBN5gmmIBVIFXoAvXytKfS
3lRl7eGI0tYnAw963eR5TaknC/5UP1sdmPkJM8xTv4p86m/38M1NdEmjb2EIqrrp
kVEmeAiBpsP3vO3KYQoAYcG7UWcMQmHD96q1WOFSDhHyelsytHOWBJ4hxKA2gwPa
MPRsABR+NQpSj+a3tME3/qGcgmxQ1qlT6fZ9AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUdCkAfkXDpxSBmSJFeDC7yVp6SfAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2RDa0Fma1hEcHhTQm1T
SkZlREM3eVZwNlNmQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA+dPKS
QN6WyKXgC0Rs1tTdTx+9N9oznb33z8yCy+VSMEuIjIJnO1pBvnZdi5WynVaV12SJ
rEN2hjacnseFboxiz8GD3VbipbDDUiZ3SRXybqwOcyfQd+fY02BwYHKduoEpzs71
g6FZA0bTqhhygD/LcQk12MrMkvz4k7BW2GzGREfddu0fL/kiUbUS9O6SH3qg/MO+
ztTo5ZUka3PrNUD5w7ZRj+LCRkwHiDjIWJzuCXkPcCBjKxJmNJX/+h4dZlxsUzrw
PAbD80pH0Cit6ClEU5hPAxpXOAWw/3GpDRxhUyI+U8bDBQdsXVeQ+QiRA2MKxJcZ
LCKZwYqDuLEuhi07
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:41:11 2025 by rpki-client