Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/hZY6AK7ceNFPwu-RgmSq1ajHOBg.roa
File: hZY6AK7ceNFPwu-RgmSq1ajHOBg.roa (raw, json)
Hash identifier: nomGHP+uCuiF2QgrEUET04CamTd3UHKqEf5Wth7NjsE=
Subject key identifier: 85:96:3A:00:AE:DC:78:D1:4F:C2:EF:91:82:64:AA:D5:A8:C7:38:18
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7238
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hZY6AK7ceNFPwu-RgmSq1ajHOBg.roa
Signing time: Tue 01 Jul 2025 21:44:44 +0000
ROA not before: Tue 01 Jul 2025 21:44:44 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29240 (0x7238)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 1 21:44:44 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=85963A00AEDC78D14FC2EF918264AAD5A8C73818
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:87:de:8c:f3:55:6f:37:ad:cd:90:c2:5e:73:
5c:d5:ac:33:b1:e5:99:c2:98:53:f4:1a:dd:fe:25:
f4:fd:99:c9:7c:e1:20:eb:ad:6d:39:ed:f3:d2:2b:
15:03:fb:75:4e:a9:fb:15:be:87:85:8b:aa:84:6d:
6c:8c:c4:19:56:00:8c:73:c5:d9:9c:5c:e7:2b:04:
38:7b:82:e7:ae:79:6e:65:6d:da:09:a9:ba:e4:24:
70:0f:45:8f:9a:0f:3e:ec:78:f0:71:17:b9:6c:ea:
d4:f4:b0:82:6d:ad:1d:97:ea:85:7f:4f:28:87:4b:
9e:34:f2:e8:6d:24:45:d6:d1:e3:0d:d4:5e:96:8c:
55:60:78:4b:5c:c9:75:15:10:04:ad:aa:d6:1b:54:
2f:6a:53:bd:2a:37:cd:b6:80:b5:03:22:6d:6b:b1:
88:28:39:e1:5d:f9:29:69:bb:e8:1d:ed:8c:43:b9:
a3:12:4d:db:3e:24:60:cf:1c:91:78:90:b8:7d:2f:
b4:78:59:44:1c:7c:4b:16:a9:24:6d:95:0d:b4:81:
90:76:05:57:cb:2c:fd:f2:6b:28:09:64:1b:5c:3f:
d5:79:e0:cc:5e:d5:79:29:f1:41:19:6c:51:9b:65:
c4:1d:4c:1d:c8:5b:b8:9a:5b:7f:64:72:ff:55:7f:
d1:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:96:3A:00:AE:DC:78:D1:4F:C2:EF:91:82:64:AA:D5:A8:C7:38:18
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hZY6AK7ceNFPwu-RgmSq1ajHOBg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
26:10:53:ec:79:99:85:73:f7:68:e5:71:85:4e:38:11:1a:bd:
c7:46:06:e0:54:2b:c7:e0:fc:27:7a:5d:f0:03:ce:1d:2c:3a:
c4:a3:38:17:81:fa:57:c5:a3:c6:9c:98:13:0f:8b:b7:e1:68:
80:ed:86:b1:73:ec:4b:07:c3:90:e1:e3:fa:4f:9a:27:ea:34:
81:5e:de:98:a3:8e:14:0b:fd:ad:85:2c:8e:23:91:09:79:42:
f5:ff:db:f6:a8:fc:98:31:c6:8b:bf:37:c8:8b:d1:06:f9:97:
13:b0:d4:18:10:4c:27:88:ac:34:f2:fc:45:44:6d:28:c2:54:
c1:bd:72:4c:89:3f:06:4e:64:c3:80:e7:15:90:b8:8d:9f:60:
cc:c9:d4:e1:da:19:93:01:eb:5f:9d:b7:5e:fe:ae:33:2c:a0:
ed:8b:12:d6:72:db:28:73:d4:3b:12:49:42:be:b1:4d:06:e9:
eb:0e:9b:09:73:fc:ec:56:30:9d:17:4f:1d:3c:dd:72:5a:73:
4a:47:46:3d:23:67:8c:52:f2:92:7a:0b:d6:53:75:1a:f5:8f:
9b:c2:34:6b:b2:18:8d:c6:6c:0e:ba:7d:9f:91:34:c9:ea:7a:
81:9e:bc:3e:e5:fc:c1:48:55:7e:4b:63:17:f1:a0:48:a5:f8:
e9:47:43:b7
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcjgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDEy
MTQ0NDRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDg1OTYzQTAwQUVEQzc4
RDE0RkMyRUY5MTgyNjRBQUQ1QThDNzM4MTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDGh96M81VvN63NkMJec1zVrDOx5ZnCmFP0Gt3+JfT9mcl84SDr
rW057fPSKxUD+3VOqfsVvoeFi6qEbWyMxBlWAIxzxdmcXOcrBDh7gueueW5lbdoJ
qbrkJHAPRY+aDz7sePBxF7ls6tT0sIJtrR2X6oV/TyiHS5408uhtJEXW0eMN1F6W
jFVgeEtcyXUVEAStqtYbVC9qU70qN822gLUDIm1rsYgoOeFd+Slpu+gd7YxDuaMS
Tds+JGDPHJF4kLh9L7R4WUQcfEsWqSRtlQ20gZB2BVfLLP3yaygJZBtcP9V54Mxe
1Xkp8UEZbFGbZcQdTB3IW7iaW39kcv9Vf9GTAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUhZY6AK7ceNFPwu+RgmSq1ajHOBgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2haWTZBSzdjZU5GUHd1
LVJnbVNxMWFqSE9CZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAmEFPs
eZmFc/do5XGFTjgRGr3HRgbgVCvH4Pwnel3wA84dLDrEozgXgfpXxaPGnJgTD4u3
4WiA7Yaxc+xLB8OQ4eP6T5on6jSBXt6Yo44UC/2thSyOI5EJeUL1/9v2qPyYMcaL
vzfIi9EG+ZcTsNQYEEwniKw08vxFRG0owlTBvXJMiT8GTmTDgOcVkLiNn2DMydTh
2hmTAetfnbde/q4zLKDtixLWctsoc9Q7EklCvrFNBunrDpsJc/zsVjCdF08dPN1y
WnNKR0Y9I2eMUvKSegvWU3Ua9Y+bwjRrshiNxmwOun2fkTTJ6nqBnrw+5fzBSFV+
S2MX8aBIpfjpR0O3
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:34:02 2025 by rpki-client