Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/dNHMAzCjY1kOjfHxiy3zbQcr2u0.roa
File: dNHMAzCjY1kOjfHxiy3zbQcr2u0.roa (raw, json)
Hash identifier: v3ASmVAohtSE36BjjWvJFW0eeZrm2bTj+E0a8YnUme4=
Subject key identifier: 74:D1:CC:03:30:A3:63:59:0E:8D:F1:F1:8B:2D:F3:6D:07:2B:DA:ED
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6CA8
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dNHMAzCjY1kOjfHxiy3zbQcr2u0.roa
Signing time: Mon 16 Jun 2025 20:48:45 +0000
ROA not before: Mon 16 Jun 2025 20:48:45 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27816 (0x6ca8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 16 20:48:45 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=74D1CC0330A363590E8DF1F18B2DF36D072BDAED
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:a8:2d:9c:b3:31:40:7d:79:68:4b:96:90:de:
61:07:e7:0a:14:e0:c1:61:ed:59:21:71:92:11:14:
b5:6a:af:f5:11:ad:fe:69:e9:78:08:bb:6f:80:81:
92:07:bb:1c:ec:66:06:8e:86:20:01:06:4b:56:4d:
8b:4e:9e:39:6b:6e:75:92:2d:84:07:de:ae:22:05:
05:92:a9:cd:81:a9:80:ab:32:66:36:15:10:f0:59:
f6:43:18:fc:ce:ed:e7:71:6c:af:30:70:f7:db:1b:
ef:7e:b5:d8:3d:1d:c7:2f:6e:8b:ef:15:d7:13:cb:
2f:cb:81:01:7d:4c:21:2e:3c:56:85:b1:c4:04:29:
58:5e:f6:ec:64:58:0d:60:6a:94:7f:e2:81:95:ef:
0b:25:3b:e2:5b:10:5c:72:2f:0a:ab:c8:d2:e5:42:
cc:55:06:9c:28:63:76:8d:e9:9f:3d:79:9e:2e:05:
65:38:d5:c6:cf:30:f1:f7:14:2a:6d:36:52:36:07:
81:3c:68:9f:9b:46:f9:d5:eb:48:d9:8a:8e:f1:c4:
0a:22:29:45:07:fa:0d:e7:65:c4:6b:70:85:a7:f2:
d6:88:a8:48:6d:66:5e:01:f8:ef:a1:99:6d:9e:f2:
9f:57:ae:7d:3d:83:db:20:cf:c6:4f:78:21:1b:3c:
3a:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:D1:CC:03:30:A3:63:59:0E:8D:F1:F1:8B:2D:F3:6D:07:2B:DA:ED
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dNHMAzCjY1kOjfHxiy3zbQcr2u0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
b1:19:b3:a6:d0:a5:82:d8:50:c9:7c:0e:7a:da:da:39:2e:fe:
88:e8:19:01:81:d9:07:03:5a:57:66:8b:b7:dc:87:6b:6a:7c:
50:d0:25:11:36:30:64:2e:c8:30:f8:d5:cb:0f:31:bb:30:00:
f1:84:48:0e:69:c0:40:a9:83:f2:81:d7:30:c5:dc:75:ef:64:
3f:4c:86:43:d8:f5:a6:ef:b0:6e:92:69:cf:8a:cd:ed:1c:76:
88:6f:5c:01:65:38:39:c9:da:a6:02:32:df:e6:68:82:d1:76:
02:44:7f:4a:2e:79:c3:b8:3b:8c:c2:d9:84:33:56:66:5b:68:
34:c2:e0:5a:a5:ac:07:ea:c5:5f:8d:c3:34:30:50:e9:af:05:
23:95:21:d0:36:49:aa:43:a9:06:48:45:a4:e2:08:23:e9:7a:
6e:ed:ca:d6:dd:bb:52:dd:84:0a:4b:6c:eb:19:f9:9c:66:57:
6e:d4:3c:15:1d:bf:66:3d:50:c7:78:7d:da:9b:45:63:5e:ab:
94:ec:fe:b1:aa:d7:d1:63:b1:55:60:95:5a:d8:ba:90:e6:57:
c8:98:f4:f2:7b:21:33:c3:1e:bb:cc:00:54:a3:42:cb:3a:b1:
47:f8:67:55:dc:2e:9b:7f:cc:3f:2f:57:9d:aa:fd:ee:1a:cb:
02:11:1e:32
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbKgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTYy
MDQ4NDVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDc0RDFDQzAzMzBBMzYz
NTkwRThERjFGMThCMkRGMzZEMDcyQkRBRUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDbqC2cszFAfXloS5aQ3mEH5woU4MFh7VkhcZIRFLVqr/URrf5p
6XgIu2+AgZIHuxzsZgaOhiABBktWTYtOnjlrbnWSLYQH3q4iBQWSqc2BqYCrMmY2
FRDwWfZDGPzO7edxbK8wcPfbG+9+tdg9HccvbovvFdcTyy/LgQF9TCEuPFaFscQE
KVhe9uxkWA1gapR/4oGV7wslO+JbEFxyLwqryNLlQsxVBpwoY3aN6Z89eZ4uBWU4
1cbPMPH3FCptNlI2B4E8aJ+bRvnV60jZio7xxAoiKUUH+g3nZcRrcIWn8taIqEht
Zl4B+O+hmW2e8p9Xrn09g9sgz8ZPeCEbPDqpAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUdNHMAzCjY1kOjfHxiy3zbQcr2u0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2ROSE1BekNqWTFrT2pm
SHhpeTN6YlFjcjJ1MC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCxGbOm
0KWC2FDJfA562to5Lv6I6BkBgdkHA1pXZou33IdranxQ0CURNjBkLsgw+NXLDzG7
MADxhEgOacBAqYPygdcwxdx172Q/TIZD2PWm77BukmnPis3tHHaIb1wBZTg5ydqm
AjLf5miC0XYCRH9KLnnDuDuMwtmEM1ZmW2g0wuBapawH6sVfjcM0MFDprwUjlSHQ
NkmqQ6kGSEWk4ggj6Xpu7crW3btS3YQKS2zrGfmcZldu1DwVHb9mPVDHeH3am0Vj
XquU7P6xqtfRY7FVYJVa2LqQ5lfImPTyeyEzwx67zABUo0LLOrFH+GdV3C6bf8w/
L1edqv3uGssCER4y
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:46:28 2025 by rpki-client