Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/iRiZYoyN3lywArnnC_PWa9U50Sc.roa
File: iRiZYoyN3lywArnnC_PWa9U50Sc.roa (raw, json)
Hash identifier: aBk66bg8XYAddVCdVhSO43rzl73xC5t11PqJZCvuIW4=
Subject key identifier: 89:18:99:62:8C:8D:DE:5C:B0:02:B9:E7:0B:F3:D6:6B:D5:39:D1:27
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 70C0
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/iRiZYoyN3lywArnnC_PWa9U50Sc.roa
Signing time: Fri 27 Jun 2025 23:44:47 +0000
ROA not before: Fri 27 Jun 2025 23:44:47 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28864 (0x70c0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 27 23:44:47 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=891899628C8DDE5CB002B9E70BF3D66BD539D127
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:03:4f:e8:6d:a1:81:4f:67:4c:c1:60:87:82:
3a:8b:8f:5c:ee:63:33:17:7c:cd:7e:f3:c4:a5:ff:
ef:3d:ec:51:2d:11:0a:13:50:6b:84:12:96:fe:c7:
a4:4f:ba:52:a8:07:95:2a:1d:01:92:68:6e:34:d2:
05:f8:54:26:93:37:86:ae:08:76:60:74:6e:85:30:
d4:3b:2f:1d:dc:b7:f5:95:4d:dd:e6:2d:c7:e9:c1:
49:a6:89:b8:dd:c4:34:73:0f:3e:42:71:aa:6b:ae:
92:5c:07:d0:dd:85:35:55:50:95:d3:f3:af:cb:c6:
3a:b4:ce:f1:27:d7:bb:d4:5b:e5:5d:1d:41:e3:c7:
23:cd:d7:c9:d5:73:0a:4f:bd:0b:11:c0:4d:2f:de:
11:89:24:bb:e9:3c:78:2b:19:87:d0:15:f3:9d:b9:
be:e5:68:b8:65:03:9f:1a:50:99:9e:ba:85:19:65:
ca:0f:e3:9b:6c:61:03:fa:07:18:22:58:1e:a5:d8:
80:c3:cf:fb:16:aa:4d:44:ad:32:0b:bf:a6:67:9a:
67:71:0d:4b:f0:ec:ad:f4:df:79:7d:25:b3:27:b5:
a7:43:96:87:3e:86:d9:e2:73:a7:aa:21:83:c5:9d:
76:0b:76:7e:8b:28:f0:33:13:40:d5:00:0f:72:f2:
40:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:18:99:62:8C:8D:DE:5C:B0:02:B9:E7:0B:F3:D6:6B:D5:39:D1:27
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/iRiZYoyN3lywArnnC_PWa9U50Sc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
77:57:50:89:2e:1a:6d:7c:2f:9f:9e:a0:ed:3c:d0:49:61:56:
44:bd:e8:44:5a:cd:6f:da:e4:f0:f6:82:f6:b1:40:00:c8:1f:
27:36:74:99:fa:0e:2f:12:b0:08:8f:cf:a2:d4:ab:2c:d5:d7:
37:45:25:e9:f9:37:5a:7a:2f:22:15:4e:b5:82:23:14:f6:87:
a4:0f:b8:bd:8e:50:6f:43:c9:52:c3:8f:b3:d0:2c:3f:5e:e3:
fc:c2:5c:f2:43:30:45:d1:70:ce:5a:30:b9:77:34:20:53:24:
ab:77:52:84:06:22:44:2f:94:63:ad:a0:c6:f7:24:32:77:35:
b1:15:2d:54:77:12:8d:99:04:6e:94:13:15:dd:b5:1d:4b:c0:
74:21:77:1a:07:86:f9:e2:9b:e2:fb:31:86:f8:29:22:20:de:
31:15:b2:06:23:62:84:d0:96:df:a2:ca:e3:15:27:ee:0a:dc:
06:46:35:28:89:68:72:c2:bb:5c:33:9b:53:3b:1a:99:db:cf:
79:0c:e9:7f:38:d4:4c:34:30:99:77:9b:64:83:a8:02:36:49:
d0:30:77:07:81:c3:3e:84:df:41:f5:dd:55:53:8e:7f:c7:8b:
90:a8:c4:78:55:2c:43:60:b3:ea:ae:6e:a8:7a:f4:77:41:aa:
5a:94:da:fa
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcMAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2Mjcy
MzQ0NDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDg5MTg5OTYyOEM4RERF
NUNCMDAyQjlFNzBCRjNENjZCRDUzOUQxMjcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6A0/obaGBT2dMwWCHgjqLj1zuYzMXfM1+88Sl/+897FEtEQoT
UGuEEpb+x6RPulKoB5UqHQGSaG400gX4VCaTN4auCHZgdG6FMNQ7Lx3ct/WVTd3m
LcfpwUmmibjdxDRzDz5CcaprrpJcB9DdhTVVUJXT86/Lxjq0zvEn17vUW+VdHUHj
xyPN18nVcwpPvQsRwE0v3hGJJLvpPHgrGYfQFfOdub7laLhlA58aUJmeuoUZZcoP
45tsYQP6BxgiWB6l2IDDz/sWqk1ErTILv6ZnmmdxDUvw7K3033l9JbMntadDloc+
htnic6eqIYPFnXYLdn6LKPAzE0DVAA9y8kCXAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUiRiZYoyN3lywArnnC/PWa9U50ScwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2lSaVpZb3lOM2x5d0Fy
bm5DX1BXYTlVNTBTYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB3V1CJ
LhptfC+fnqDtPNBJYVZEvehEWs1v2uTw9oL2sUAAyB8nNnSZ+g4vErAIj8+i1Kss
1dc3RSXp+Tdaei8iFU61giMU9oekD7i9jlBvQ8lSw4+z0Cw/XuP8wlzyQzBF0XDO
WjC5dzQgUySrd1KEBiJEL5RjraDG9yQydzWxFS1UdxKNmQRulBMV3bUdS8B0IXca
B4b54pvi+zGG+CkiIN4xFbIGI2KE0JbfosrjFSfuCtwGRjUoiWhywrtcM5tTOxqZ
2895DOl/ONRMNDCZd5tkg6gCNknQMHcHgcM+hN9B9d1VU45/x4uQqMR4VSxDYLPq
rm6oevR3QapalNr6
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:41:17 2025 by rpki-client