Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/fO1FEEULJbmV_T9zEsMpWRgExFY.roa
File: fO1FEEULJbmV_T9zEsMpWRgExFY.roa (raw, json)
Hash identifier: tpJOQKWj5Swe9Me9/plGvxkkyul3T8mAGbFnuF2Vqzg=
Subject key identifier: 7C:ED:45:10:45:0B:25:B9:95:FD:3F:73:12:C3:29:59:18:04:C4:56
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7712
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fO1FEEULJbmV_T9zEsMpWRgExFY.roa
Signing time: Mon 14 Jul 2025 20:42:29 +0000
ROA not before: Mon 14 Jul 2025 20:42:29 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30482 (0x7712)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 14 20:42:29 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=7CED4510450B25B995FD3F7312C329591804C456
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:34:45:fc:af:b0:e6:54:f1:15:f6:f5:30:c5:
40:b3:db:9c:c7:32:a6:d4:dd:cc:c5:7e:0b:38:db:
0d:3d:e4:a7:31:e7:cb:c0:29:5b:48:4d:b0:1a:77:
88:04:63:99:87:e6:13:53:f9:0e:7f:4b:b0:5c:ee:
16:28:7b:21:43:f4:7d:11:6a:af:4a:5c:7f:cb:b3:
5d:81:cb:d8:64:a7:eb:e2:59:66:85:81:e7:48:11:
51:2e:36:3b:c0:f3:f8:29:8c:41:30:bc:f4:7e:b3:
3b:5a:8c:fd:84:e7:6f:0f:23:60:48:18:e1:94:79:
a7:12:1d:5d:90:aa:c6:75:89:a5:61:33:42:39:23:
13:c1:fa:93:bf:7f:da:13:4d:f7:3f:82:6f:fc:f9:
62:a3:b6:9a:51:21:b1:e7:8b:b6:e2:38:18:90:47:
1c:06:77:3b:d4:4c:00:f0:6a:4b:7d:3a:76:f0:e2:
fc:95:98:ce:5c:29:46:10:fa:39:a8:ef:43:8c:17:
0a:24:8d:3b:ef:8f:10:ff:e2:48:f8:af:0a:9b:48:
71:32:c6:0b:76:f2:c4:c4:62:be:5d:21:99:f0:c1:
d9:53:03:b3:07:3b:3c:79:ff:62:76:bb:1f:bc:e4:
af:ad:14:24:14:b1:f3:0d:4e:cb:96:2d:d5:c6:4d:
f1:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:ED:45:10:45:0B:25:B9:95:FD:3F:73:12:C3:29:59:18:04:C4:56
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fO1FEEULJbmV_T9zEsMpWRgExFY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
9a:af:42:19:aa:87:47:f8:ff:e9:7f:84:4c:16:a6:df:9a:ec:
6e:90:21:c0:72:6c:39:b1:5c:04:92:e8:9e:21:b0:c8:ca:95:
f1:38:2e:9d:fd:d6:ea:48:e1:82:b3:db:08:a5:d3:5c:b0:ab:
70:3e:77:f6:5d:2a:88:f0:85:26:15:72:62:eb:33:2a:0f:38:
70:39:5f:97:74:1f:1e:42:e3:dd:cf:20:27:78:fb:d7:79:df:
e9:bc:a2:a6:b7:62:0f:3a:19:e5:4b:17:b6:5a:06:fe:a7:ef:
28:99:e5:5f:df:ff:39:4f:30:b8:8b:d7:64:05:71:67:ba:18:
d8:d0:fe:89:a2:f7:30:23:4d:a7:3d:9c:c5:1f:f9:11:61:07:
fd:61:7a:e8:98:e8:d2:73:f6:d4:d5:f9:87:ad:44:37:87:39:
c1:51:56:de:ae:c6:7a:f5:80:05:06:fa:1d:99:f0:fd:b8:ff:
c4:5e:e7:f0:93:d7:62:19:2a:2a:c8:d0:bc:1f:8d:76:d8:55:
f3:2d:02:e0:28:57:f8:57:bf:a3:1b:39:01:f9:5f:50:d3:f2:
42:9d:90:06:52:7d:4e:d4:0b:38:e1:02:65:ce:07:e6:af:86:
55:92:22:0c:8f:f4:df:95:a7:05:9f:cb:3d:e1:39:f4:0d:00:
47:57:4c:eb
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdxIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTQy
MDQyMjlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDdDRUQ0NTEwNDUwQjI1
Qjk5NUZEM0Y3MzEyQzMyOTU5MTgwNEM0NTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9NEX8r7DmVPEV9vUwxUCz25zHMqbU3czFfgs42w095Kcx58vA
KVtITbAad4gEY5mH5hNT+Q5/S7Bc7hYoeyFD9H0Raq9KXH/Ls12By9hkp+viWWaF
gedIEVEuNjvA8/gpjEEwvPR+sztajP2E528PI2BIGOGUeacSHV2QqsZ1iaVhM0I5
IxPB+pO/f9oTTfc/gm/8+WKjtppRIbHni7biOBiQRxwGdzvUTADwakt9Onbw4vyV
mM5cKUYQ+jmo70OMFwokjTvvjxD/4kj4rwqbSHEyxgt28sTEYr5dIZnwwdlTA7MH
Ozx5/2J2ux+85K+tFCQUsfMNTsuWLdXGTfFHAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUfO1FEEULJbmV/T9zEsMpWRgExFYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2ZPMUZFRVVMSmJtVl9U
OXpFc01wV1JnRXhGWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCar0IZ
qodH+P/pf4RMFqbfmuxukCHAcmw5sVwEkuieIbDIypXxOC6d/dbqSOGCs9sIpdNc
sKtwPnf2XSqI8IUmFXJi6zMqDzhwOV+XdB8eQuPdzyAnePvXed/pvKKmt2IPOhnl
Sxe2Wgb+p+8omeVf3/85TzC4i9dkBXFnuhjY0P6JovcwI02nPZzFH/kRYQf9YXro
mOjSc/bU1fmHrUQ3hznBUVbersZ69YAFBvodmfD9uP/EXufwk9diGSoqyNC8H412
2FXzLQLgKFf4V7+jGzkB+V9Q0/JCnZAGUn1O1As44QJlzgfmr4ZVkiIMj/TflacF
n8s94Tn0DQBHV0zr
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:36:14 2025 by rpki-client