Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/elOK5V5sJe83Yd7hVnoxTjGbrJo.roa
File: elOK5V5sJe83Yd7hVnoxTjGbrJo.roa (raw, json)
Hash identifier: k15M1kzuVewV99Wjgohhyva946dD7qKqkM6McmSpICw=
Subject key identifier: 7A:53:8A:E5:5E:6C:25:EF:37:61:DE:E1:56:7A:31:4E:31:9B:AC:9A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7662
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/elOK5V5sJe83Yd7hVnoxTjGbrJo.roa
Signing time: Sun 13 Jul 2025 00:41:48 +0000
ROA not before: Sun 13 Jul 2025 00:41:48 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30306 (0x7662)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 13 00:41:48 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=7A538AE55E6C25EF3761DEE1567A314E319BAC9A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:55:7e:b2:66:d0:b2:c4:47:84:60:53:69:60:
b4:51:04:10:d5:cf:a5:fb:04:df:a9:a3:5c:75:34:
42:12:e7:7f:9c:fd:f4:d0:65:a6:5f:0f:74:63:6a:
0b:c6:f4:24:ba:38:12:51:b2:bc:5c:c5:7a:33:f1:
ff:0b:fa:3a:2c:53:24:3f:d5:2f:3e:4b:34:95:6d:
f0:f8:6f:d9:9d:d9:fc:38:9c:d6:59:c7:66:e1:55:
1c:43:9f:44:b9:79:28:14:0e:7b:ab:63:7d:7e:94:
a5:04:c9:47:69:e4:48:b0:4b:c2:f1:47:ac:ec:42:
fb:aa:26:d1:9d:71:d6:93:65:bf:73:0d:df:e7:4d:
c4:0b:54:54:16:48:3b:ed:c5:e6:3c:3e:0c:fa:6b:
df:2b:f3:16:b1:9c:bd:4d:99:ea:1b:0b:da:26:d6:
08:38:69:70:f2:bb:7a:bc:bf:3d:28:2e:95:5d:10:
ba:e7:53:7a:ea:2a:a1:83:ba:a4:b3:4f:26:14:3e:
5d:04:20:41:53:12:98:30:36:80:5f:f7:cf:70:2c:
54:75:16:9e:1d:28:2c:17:8c:e4:5a:57:34:d0:e0:
2c:80:c4:96:1a:43:27:15:1b:51:3c:c4:4e:26:cd:
5a:a3:5e:9c:af:28:44:c6:51:6a:3c:fb:7a:8d:7e:
fe:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7A:53:8A:E5:5E:6C:25:EF:37:61:DE:E1:56:7A:31:4E:31:9B:AC:9A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/elOK5V5sJe83Yd7hVnoxTjGbrJo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
5c:26:30:e0:e7:a4:5b:54:8c:a2:46:52:b5:67:03:8a:59:5f:
0c:aa:77:57:6c:53:61:19:48:85:95:cb:d4:b9:3d:14:9c:9b:
00:b4:28:8c:97:63:d5:4e:3b:b3:c0:4e:28:ee:a6:16:f1:eb:
09:81:5f:3f:bf:c0:a8:82:65:e4:7c:4f:1e:55:65:7e:af:d7:
9c:e8:36:0a:db:c0:9e:11:a9:b7:19:8a:0c:ec:25:b0:86:a4:
30:0b:b9:92:83:59:aa:3c:3f:75:93:f8:49:af:6c:84:37:c9:
8f:24:c0:32:1b:f2:d4:84:d4:48:d0:2b:7a:e6:bb:d1:01:89:
d1:6b:e5:58:38:09:8a:46:9c:22:59:be:4e:3b:79:17:48:40:
e7:0f:11:d0:be:87:67:31:dd:ac:7c:26:59:56:73:44:ad:34:
ff:f0:d8:16:c2:ca:e2:b3:82:b5:03:96:c9:9b:cf:15:62:64:
39:1a:d7:eb:7a:2a:27:5f:dd:ff:19:7d:fe:c0:8b:f3:5c:f9:
a9:b9:cb:27:cd:c0:ad:e1:0a:aa:68:c8:d6:33:8f:92:6d:3f:
4c:3b:ad:a6:be:dc:c9:fe:ee:42:ee:89:64:e3:78:54:c2:50:
e0:e2:6f:e2:e8:3f:21:21:db:88:0a:02:2a:0d:a8:92:5f:cb:
5d:7e:00:d6
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdmIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTMw
MDQxNDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDdBNTM4QUU1NUU2QzI1
RUYzNzYxREVFMTU2N0EzMTRFMzE5QkFDOUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCsVX6yZtCyxEeEYFNpYLRRBBDVz6X7BN+po1x1NEIS53+c/fTQ
ZaZfD3RjagvG9CS6OBJRsrxcxXoz8f8L+josUyQ/1S8+SzSVbfD4b9md2fw4nNZZ
x2bhVRxDn0S5eSgUDnurY31+lKUEyUdp5EiwS8LxR6zsQvuqJtGdcdaTZb9zDd/n
TcQLVFQWSDvtxeY8Pgz6a98r8xaxnL1NmeobC9om1gg4aXDyu3q8vz0oLpVdELrn
U3rqKqGDuqSzTyYUPl0EIEFTEpgwNoBf989wLFR1Fp4dKCwXjORaVzTQ4CyAxJYa
QycVG1E8xE4mzVqjXpyvKETGUWo8+3qNfv4xAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUelOK5V5sJe83Yd7hVnoxTjGbrJowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2VsT0s1VjVzSmU4M1lk
N2hWbm94VGpHYnJKby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBcJjDg
56RbVIyiRlK1ZwOKWV8MqndXbFNhGUiFlcvUuT0UnJsAtCiMl2PVTjuzwE4o7qYW
8esJgV8/v8CogmXkfE8eVWV+r9ec6DYK28CeEam3GYoM7CWwhqQwC7mSg1mqPD91
k/hJr2yEN8mPJMAyG/LUhNRI0Ct65rvRAYnRa+VYOAmKRpwiWb5OO3kXSEDnDxHQ
vodnMd2sfCZZVnNErTT/8NgWwsris4K1A5bJm88VYmQ5GtfreionX93/GX3+wIvz
XPmpucsnzcCt4QqqaMjWM4+SbT9MO62mvtzJ/u5C7olk43hUwlDg4m/i6D8hIduI
CgIqDaiSX8tdfgDW
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:50:30 2025 by rpki-client