Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/dm_U6rCt2kJS43XySbJ7kst03DM.roa
File: dm_U6rCt2kJS43XySbJ7kst03DM.roa (raw, json)
Hash identifier: ieAH4NHjyNmNGEVKsST9aiIQjgNGvsjFLnI8Nt/Ggf0=
Subject key identifier: 76:6F:D4:EA:B0:AD:DA:42:52:E3:75:F2:49:B2:7B:92:CB:74:DC:33
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 777E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dm_U6rCt2kJS43XySbJ7kst03DM.roa
Signing time: Tue 15 Jul 2025 23:41:50 +0000
ROA not before: Tue 15 Jul 2025 23:41:50 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30590 (0x777e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 15 23:41:50 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=766FD4EAB0ADDA4252E375F249B27B92CB74DC33
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:13:d6:61:59:a3:83:39:c5:57:92:14:f4:d5:
d0:04:83:a3:5a:cc:73:12:50:16:18:8b:ce:45:22:
39:55:db:24:19:fb:2e:01:0b:45:64:01:b8:6b:1e:
d1:e9:49:98:e0:9d:44:b4:27:f5:80:4d:02:da:93:
7b:c9:16:1f:6d:0c:0e:aa:34:c2:4c:4e:af:66:87:
ea:93:b4:88:2c:81:84:73:fa:c4:4c:1a:26:d6:d4:
52:74:7e:8e:ea:e8:01:45:1a:6f:42:81:62:5f:6d:
78:25:4b:39:86:90:1e:8c:a6:0c:be:46:99:06:27:
28:50:d7:f6:77:ba:66:d9:5f:57:bf:9c:49:63:79:
6d:be:fe:09:59:3d:8d:35:51:cb:81:8a:8b:60:10:
99:72:f1:67:88:14:e4:d7:f7:46:93:9d:b9:ff:78:
52:2c:ce:3d:e9:01:bc:28:a9:e9:b7:56:c1:1f:26:
9f:55:83:b7:b8:5c:4d:83:0d:78:08:e1:a2:df:2e:
21:eb:a3:03:20:9d:15:92:b5:49:dd:b4:e9:0f:aa:
a9:f4:ca:ec:86:40:51:41:16:5a:8c:af:6a:ce:37:
c9:68:e1:36:7f:d0:dd:dd:45:13:ab:e4:e0:b2:93:
b1:88:ba:90:85:2f:ce:5e:46:53:fc:9e:5b:1b:1a:
bf:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:6F:D4:EA:B0:AD:DA:42:52:E3:75:F2:49:B2:7B:92:CB:74:DC:33
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dm_U6rCt2kJS43XySbJ7kst03DM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
b7:7e:19:d7:0c:56:e5:97:29:33:09:f0:3b:a1:fc:7d:8c:6e:
a6:15:9e:23:d0:67:32:fb:d5:26:ca:5d:2f:2c:4b:6f:bd:d9:
17:ee:a9:d5:cc:87:72:ac:75:48:21:9e:ad:83:e5:33:9e:6c:
e9:61:bf:34:87:bb:0c:f5:c8:58:85:d3:d5:5b:84:f8:be:18:
a7:08:2e:ad:8c:e2:d2:69:b6:6b:e1:2d:1d:5d:9d:31:ee:d5:
81:d4:8b:1b:be:8b:68:aa:2e:00:c4:55:4b:37:f8:b3:08:b1:
49:79:14:27:b4:ab:04:de:98:f7:1f:53:10:47:1c:0e:ed:0e:
38:7c:65:55:cd:62:8d:fb:e1:d0:68:fc:44:83:93:72:46:85:
aa:5b:79:33:e8:60:b4:5a:de:92:9f:89:e0:1e:fb:b9:37:23:
b4:1f:19:1f:26:65:c1:28:8c:37:7a:85:7b:a6:41:2d:e7:f5:
40:f5:f1:0b:81:25:02:60:78:b8:7c:cc:0d:5e:95:3a:0e:4c:
03:74:65:0f:7f:48:d2:06:20:e0:86:f7:64:c2:98:c8:ff:7b:
89:86:8b:79:e4:4a:59:93:59:d8:f6:12:ca:2e:78:57:de:c3:
41:f4:a9:03:94:1e:ca:6b:43:f4:33:63:ff:f8:46:f2:67:f5:
c7:eb:fa:49
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICd34wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTUy
MzQxNTBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDc2NkZENEVBQjBBRERB
NDI1MkUzNzVGMjQ5QjI3QjkyQ0I3NERDMzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDIE9ZhWaODOcVXkhT01dAEg6NazHMSUBYYi85FIjlV2yQZ+y4B
C0VkAbhrHtHpSZjgnUS0J/WATQLak3vJFh9tDA6qNMJMTq9mh+qTtIgsgYRz+sRM
GibW1FJ0fo7q6AFFGm9CgWJfbXglSzmGkB6Mpgy+RpkGJyhQ1/Z3umbZX1e/nElj
eW2+/glZPY01UcuBiotgEJly8WeIFOTX90aTnbn/eFIszj3pAbwoqem3VsEfJp9V
g7e4XE2DDXgI4aLfLiHrowMgnRWStUndtOkPqqn0yuyGQFFBFlqMr2rON8lo4TZ/
0N3dRROr5OCyk7GIupCFL85eRlP8nlsbGr8rAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUdm/U6rCt2kJS43XySbJ7kst03DMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2RtX1U2ckN0MmtKUzQz
WHlTYko3a3N0MDNETS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQC3fhnX
DFbllykzCfA7ofx9jG6mFZ4j0Gcy+9Umyl0vLEtvvdkX7qnVzIdyrHVIIZ6tg+Uz
nmzpYb80h7sM9chYhdPVW4T4vhinCC6tjOLSabZr4S0dXZ0x7tWB1Isbvotoqi4A
xFVLN/izCLFJeRQntKsE3pj3H1MQRxwO7Q44fGVVzWKN++HQaPxEg5NyRoWqW3kz
6GC0Wt6Sn4ngHvu5NyO0HxkfJmXBKIw3eoV7pkEt5/VA9fELgSUCYHi4fMwNXpU6
DkwDdGUPf0jSBiDghvdkwpjI/3uJhot55EpZk1nY9hLKLnhX3sNB9KkDlB7Ka0P0
M2P/+EbyZ/XH6/pJ
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:33:54 2025 by rpki-client