Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/er2FtLbubYM3v39uPHboy8lBYDM.roa
File: er2FtLbubYM3v39uPHboy8lBYDM.roa (raw, json)
Hash identifier: 1+A+M5tSTDKTH7L+mnXWByLm0ncb7wjX/7aJZKgCg68=
Subject key identifier: 7A:BD:85:B4:B6:EE:6D:83:37:BF:7F:6E:3C:76:E8:CB:C9:41:60:33
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7118
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/er2FtLbubYM3v39uPHboy8lBYDM.roa
Signing time: Sat 28 Jun 2025 21:44:35 +0000
ROA not before: Sat 28 Jun 2025 21:44:35 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28952 (0x7118)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 28 21:44:35 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=7ABD85B4B6EE6D8337BF7F6E3C76E8CBC9416033
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:bd:b8:a3:18:77:34:e8:dd:ec:cf:db:9a:9e:
82:e1:fb:c4:9b:d4:c2:60:6d:f7:fc:05:0f:0e:f7:
63:67:ef:0e:39:55:31:18:74:5e:cf:c2:b2:47:e3:
4b:b6:ee:18:60:d1:5a:0c:65:61:13:f8:f8:d0:c8:
bf:28:5a:b0:3b:d1:af:23:af:d8:f4:79:ee:1c:be:
f0:73:ea:40:70:8f:52:11:14:a3:bd:37:16:1c:1a:
43:6d:2d:52:70:d2:d6:d2:67:c8:b4:f2:0b:a5:89:
8c:4a:db:b4:c9:f5:ec:55:17:ec:52:2d:be:6d:90:
57:30:7e:33:10:13:8c:a8:a3:51:fe:53:a1:cd:8b:
7d:ac:3b:84:f2:e2:7f:19:a7:07:9d:71:54:8c:e7:
69:d4:3d:87:06:4f:dc:a6:7d:0f:52:52:2c:d1:1c:
4e:d3:66:ef:2c:c2:76:77:eb:cc:26:cb:5a:51:c6:
4c:92:ff:66:ba:90:ac:aa:fc:1e:3e:81:86:43:ff:
a7:84:32:88:45:67:7a:40:d3:e0:ab:cd:d4:72:e2:
83:f5:99:31:42:66:3b:e9:8e:3e:46:ae:2b:65:36:
8d:e1:b2:cd:5b:31:77:64:a6:36:24:b5:76:c6:b9:
8e:6a:b7:25:16:e0:ba:25:23:57:ac:e9:1b:00:9d:
3e:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7A:BD:85:B4:B6:EE:6D:83:37:BF:7F:6E:3C:76:E8:CB:C9:41:60:33
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/er2FtLbubYM3v39uPHboy8lBYDM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
79:df:8f:36:85:42:71:fc:9b:c5:62:69:fa:c3:cb:eb:cf:30:
6b:46:59:3b:ee:bf:98:4a:b9:09:93:08:29:e3:b6:42:dc:bd:
8e:9b:88:97:3a:70:a4:ee:e6:77:1c:93:c1:2f:c3:1a:33:cf:
5d:d0:c0:f9:74:c8:4d:b8:54:99:c9:4d:46:56:b3:8e:59:c8:
11:2d:7d:f3:4c:f9:b5:67:76:39:40:96:7c:10:0d:02:05:81:
37:84:17:3a:56:fc:c8:e1:64:6a:f8:e6:30:ad:2c:f9:8e:e7:
93:e7:ff:69:21:68:45:23:d3:77:d9:07:a9:82:79:88:f6:ef:
49:bf:36:cd:89:cb:bf:82:59:6a:1d:1a:5c:a9:77:9a:82:58:
c7:5d:d8:31:1f:9c:6a:98:ce:fa:b7:a3:62:1d:54:80:e7:0c:
00:db:c5:64:14:23:11:1d:98:2a:dc:61:8a:10:af:29:fa:fe:
94:f6:0d:68:4f:dd:44:81:93:b3:b0:f0:05:8d:04:20:e5:ed:
77:34:20:2f:97:57:1a:2a:a5:49:60:c9:d5:0d:69:64:d5:46:
44:48:06:e7:cb:2f:e8:de:dc:46:d7:a9:84:19:6d:01:7d:52:
a4:41:58:6f:1b:d1:68:d2:8a:3e:67:3d:52:ce:3e:68:1f:bc:
9a:d6:77:b3
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcRgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2Mjgy
MTQ0MzVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDdBQkQ4NUI0QjZFRTZE
ODMzN0JGN0Y2RTNDNzZFOENCQzk0MTYwMzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDvbijGHc06N3sz9uanoLh+8Sb1MJgbff8BQ8O92Nn7w45VTEY
dF7PwrJH40u27hhg0VoMZWET+PjQyL8oWrA70a8jr9j0ee4cvvBz6kBwj1IRFKO9
NxYcGkNtLVJw0tbSZ8i08guliYxK27TJ9exVF+xSLb5tkFcwfjMQE4yoo1H+U6HN
i32sO4Ty4n8ZpwedcVSM52nUPYcGT9ymfQ9SUizRHE7TZu8swnZ368wmy1pRxkyS
/2a6kKyq/B4+gYZD/6eEMohFZ3pA0+CrzdRy4oP1mTFCZjvpjj5GritlNo3hss1b
MXdkpjYktXbGuY5qtyUW4LolI1es6RsAnT7ZAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUer2FtLbubYM3v39uPHboy8lBYDMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2VyMkZ0TGJ1YllNM3Yz
OXVQSGJveThsQllETS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB53482
hUJx/JvFYmn6w8vrzzBrRlk77r+YSrkJkwgp47ZC3L2Om4iXOnCk7uZ3HJPBL8Ma
M89d0MD5dMhNuFSZyU1GVrOOWcgRLX3zTPm1Z3Y5QJZ8EA0CBYE3hBc6VvzI4WRq
+OYwrSz5jueT5/9pIWhFI9N32QepgnmI9u9JvzbNicu/gllqHRpcqXeagljHXdgx
H5xqmM76t6NiHVSA5wwA28VkFCMRHZgq3GGKEK8p+v6U9g1oT91EgZOzsPAFjQQg
5e13NCAvl1caKqVJYMnVDWlk1UZESAbnyy/o3txG16mEGW0BfVKkQVhvG9Fo0oo+
Zz1Szj5oH7ya1nez
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:32:00 2025 by rpki-client