Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/e0CavcBHQyA1H_dmwRsvW6q2V3Y.roa
File: e0CavcBHQyA1H_dmwRsvW6q2V3Y.roa (raw, json)
Hash identifier: 0Gr+6Jk9VgvgaoZhzpyva90APoQ92HOgqzSZOYsbwrA=
Subject key identifier: 7B:40:9A:BD:C0:47:43:20:35:1F:F7:66:C1:1B:2F:5B:AA:B6:57:76
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7020
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/e0CavcBHQyA1H_dmwRsvW6q2V3Y.roa
Signing time: Thu 26 Jun 2025 07:47:10 +0000
ROA not before: Thu 26 Jun 2025 07:47:10 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28704 (0x7020)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 26 07:47:10 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=7B409ABDC0474320351FF766C11B2F5BAAB65776
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:9c:2e:29:8f:1d:ee:a7:55:05:83:8b:39:c9:
9a:34:59:f8:2f:a8:c5:fc:5e:32:33:06:ec:c3:65:
fb:87:55:a9:87:a3:f1:40:38:90:ee:40:2f:17:75:
10:75:2f:7d:59:e9:29:c7:5e:63:a5:5a:02:23:0b:
c9:d5:c9:e7:f5:ed:7e:2f:be:26:82:33:65:f1:a4:
99:53:6f:78:a6:8f:56:7f:05:77:20:a3:d2:d5:b8:
ae:47:c4:28:a5:b4:21:ac:d5:e5:35:a5:e8:a3:64:
eb:3e:02:85:31:83:45:cb:79:c8:00:a6:72:7f:56:
a8:cc:4f:e8:9d:ed:bb:be:2d:96:01:90:05:c8:b2:
a4:86:46:e7:be:1a:ce:c4:b1:49:a7:a4:be:b7:2f:
22:4f:a8:5a:cc:2e:a5:72:9c:12:27:55:68:6c:1e:
d0:9b:85:68:84:18:9d:84:cc:d7:8f:90:4d:8d:06:
43:d9:4a:b8:3b:29:9f:2b:1a:0e:3b:4e:4b:84:e2:
c8:09:e9:a6:79:09:c9:68:4c:2a:4e:f4:8d:95:9e:
88:e3:9a:bd:f5:9e:04:7f:e7:f3:bc:34:46:b7:59:
ad:ca:99:f0:e7:86:ce:32:45:33:72:8a:eb:ff:37:
af:89:d3:07:b7:d5:ea:ee:b9:ed:be:d0:05:3f:c8:
4f:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7B:40:9A:BD:C0:47:43:20:35:1F:F7:66:C1:1B:2F:5B:AA:B6:57:76
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/e0CavcBHQyA1H_dmwRsvW6q2V3Y.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
4a:22:dc:46:d7:b2:13:cf:cb:82:0a:56:91:8e:bf:65:50:a8:
be:5b:2d:c3:2c:38:ce:06:c5:98:db:9d:ac:89:14:1e:db:d9:
6c:26:2f:75:11:0d:a8:e2:86:43:18:67:d4:0d:83:51:09:1b:
60:18:4d:3c:6e:36:05:98:35:1a:07:bd:69:36:bc:b1:59:21:
02:68:9a:f0:29:2a:75:19:2e:11:01:ae:69:0f:30:eb:9b:d8:
12:4d:d2:93:45:5d:a9:71:67:e1:b2:ff:b7:73:86:17:13:25:
20:5b:c0:89:be:c7:39:1b:5f:6b:4b:59:76:7a:6b:68:f6:80:
38:91:fe:85:76:ec:38:25:12:f4:c5:6f:a2:5a:01:5f:1e:15:
82:db:d5:31:4d:46:42:5a:83:97:1c:b1:b3:55:b8:51:4e:5c:
6d:ce:a1:b2:9d:28:ea:14:97:89:d2:1f:6c:31:24:91:6d:fa:
99:2e:fb:83:a3:8e:9c:25:08:3a:a4:b0:71:c6:83:90:54:fd:
57:60:f2:59:c4:dd:dc:07:88:da:58:8b:38:71:5b:87:64:5f:
7a:cc:50:3e:f1:b2:2b:13:37:0b:4b:2b:11:32:3f:40:6c:a0:
95:3a:55:30:f8:9f:c0:4c:5b:35:a8:78:f7:7c:e9:8e:f0:6e:
7c:43:5a:33
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcCAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjYw
NzQ3MTBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDdCNDA5QUJEQzA0NzQz
MjAzNTFGRjc2NkMxMUIyRjVCQUFCNjU3NzYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDnnC4pjx3up1UFg4s5yZo0WfgvqMX8XjIzBuzDZfuHVamHo/FA
OJDuQC8XdRB1L31Z6SnHXmOlWgIjC8nVyef17X4vviaCM2XxpJlTb3imj1Z/BXcg
o9LVuK5HxCiltCGs1eU1peijZOs+AoUxg0XLecgApnJ/VqjMT+id7bu+LZYBkAXI
sqSGRue+Gs7EsUmnpL63LyJPqFrMLqVynBInVWhsHtCbhWiEGJ2EzNePkE2NBkPZ
Srg7KZ8rGg47TkuE4sgJ6aZ5CcloTCpO9I2Vnojjmr31ngR/5/O8NEa3Wa3KmfDn
hs4yRTNyiuv/N6+J0we31eruue2+0AU/yE+TAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUe0CavcBHQyA1H/dmwRsvW6q2V3YwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2UwQ2F2Y0JIUXlBMUhf
ZG13UnN2VzZxMlYzWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBKItxG
17ITz8uCClaRjr9lUKi+Wy3DLDjOBsWY252siRQe29lsJi91EQ2o4oZDGGfUDYNR
CRtgGE08bjYFmDUaB71pNryxWSECaJrwKSp1GS4RAa5pDzDrm9gSTdKTRV2pcWfh
sv+3c4YXEyUgW8CJvsc5G19rS1l2emto9oA4kf6Fduw4JRL0xW+iWgFfHhWC29Ux
TUZCWoOXHLGzVbhRTlxtzqGynSjqFJeJ0h9sMSSRbfqZLvuDo46cJQg6pLBxxoOQ
VP1XYPJZxN3cB4jaWIs4cVuHZF96zFA+8bIrEzcLSysRMj9AbKCVOlUw+J/ATFs1
qHj3fOmO8G58Q1oz
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:50:49 2025 by rpki-client