Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/iSjEj6QwHQzvfirKiET4-utm6qE.roa
File: iSjEj6QwHQzvfirKiET4-utm6qE.roa (raw, json)
Hash identifier: mzXRtpuc3ZisRats/Z4CGflcyaes23NnXe60geLU+3s=
Subject key identifier: 89:28:C4:8F:A4:30:1D:0C:EF:7E:2A:CA:88:44:F8:FA:EB:66:EA:A1
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7424
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/iSjEj6QwHQzvfirKiET4-utm6qE.roa
Signing time: Mon 07 Jul 2025 00:44:57 +0000
ROA not before: Mon 07 Jul 2025 00:44:57 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29732 (0x7424)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 7 00:44:57 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=8928C48FA4301D0CEF7E2ACA8844F8FAEB66EAA1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:7d:d4:ed:1b:ce:a8:64:5a:e9:3e:e7:6b:bd:
b8:0a:75:21:8f:4d:4a:91:7c:c5:42:fe:b8:b0:ff:
01:bf:c2:5b:c4:62:4e:a5:36:de:2e:bc:ed:31:26:
85:66:ab:ec:db:4d:50:33:87:13:24:49:2e:8f:1c:
cc:c8:78:48:3f:df:64:82:ed:f1:55:cd:4b:24:df:
1b:a9:ca:c8:d4:9b:9e:04:69:3d:e2:44:55:12:16:
ab:44:93:fe:fd:45:ba:f2:16:07:0b:5b:f0:2d:08:
71:4b:60:75:6f:a9:c3:9b:9c:0e:74:75:30:d3:a9:
52:88:9e:0c:ac:e9:de:a5:56:6f:d0:82:f3:db:c0:
5a:91:27:2c:af:9f:92:af:1f:e1:42:e8:8a:0d:29:
09:94:02:8a:6e:15:4f:29:b9:ba:18:1f:d5:40:f2:
91:c1:d7:9a:12:db:02:98:b6:ae:bf:28:76:be:80:
5e:c5:e9:65:27:50:73:04:98:41:5c:43:83:49:11:
6a:f5:5f:97:33:4b:ca:d0:8b:14:31:08:bd:33:b5:
88:eb:06:79:1a:5a:cb:55:01:87:12:08:fe:2a:67:
d4:e7:4f:d9:2d:b4:72:37:8d:84:1a:c9:9c:87:65:
c0:5b:82:98:e0:32:f0:a7:9f:0f:00:9c:6f:c9:9f:
58:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:28:C4:8F:A4:30:1D:0C:EF:7E:2A:CA:88:44:F8:FA:EB:66:EA:A1
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/iSjEj6QwHQzvfirKiET4-utm6qE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
17:00:44:ae:1f:c8:b9:fd:7e:3b:2d:fe:88:01:c2:f4:9d:f4:
f0:8d:21:db:0b:21:de:98:ef:24:ad:c9:b1:62:b6:22:9f:86:
5a:dc:9c:33:fd:48:fb:0b:e7:e3:c2:79:c1:db:66:22:92:16:
d7:d4:c5:f9:c7:c7:3f:c7:e9:01:6e:b4:71:5b:e0:fc:a9:7d:
9e:81:ca:c6:c8:11:06:e2:9c:47:1d:0e:94:f5:3b:b3:d6:41:
11:cd:5e:1c:77:7b:84:e0:79:28:72:e5:60:fd:20:f6:28:1f:
e5:90:0b:c0:de:e1:03:65:eb:f7:7b:c5:5e:da:01:38:85:ac:
0d:15:fa:11:a4:be:93:f2:07:97:dc:ce:41:c0:e8:3a:e2:f8:
3f:3e:00:ab:20:e5:9c:68:ed:d4:0a:e8:9c:13:a2:af:5a:4b:
7d:72:f6:88:96:3d:10:3e:dc:eb:4b:f5:2d:1d:8b:c7:88:4f:
7a:2c:e6:0a:22:48:3b:4f:bd:3f:2f:5e:20:f6:9a:c8:8b:80:
88:1a:35:77:ec:a8:1f:bf:a7:fa:a6:07:80:47:ba:5c:51:28:
27:d8:d2:af:c7:91:eb:a5:29:ef:5c:a3:27:01:0b:86:28:31:
84:87:11:6d:82:ee:29:8c:6d:ad:bb:b4:c9:8b:42:b6:03:52:
d9:e5:7c:8b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdCQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDcw
MDQ0NTdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDg5MjhDNDhGQTQzMDFE
MENFRjdFMkFDQTg4NDRGOEZBRUI2NkVBQTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDYfdTtG86oZFrpPudrvbgKdSGPTUqRfMVC/riw/wG/wlvEYk6l
Nt4uvO0xJoVmq+zbTVAzhxMkSS6PHMzIeEg/32SC7fFVzUsk3xupysjUm54EaT3i
RFUSFqtEk/79RbryFgcLW/AtCHFLYHVvqcObnA50dTDTqVKIngys6d6lVm/QgvPb
wFqRJyyvn5KvH+FC6IoNKQmUAopuFU8puboYH9VA8pHB15oS2wKYtq6/KHa+gF7F
6WUnUHMEmEFcQ4NJEWr1X5czS8rQixQxCL0ztYjrBnkaWstVAYcSCP4qZ9TnT9kt
tHI3jYQayZyHZcBbgpjgMvCnnw8AnG/Jn1iJAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUiSjEj6QwHQzvfirKiET4+utm6qEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2lTakVqNlF3SFF6dmZp
cktpRVQ0LXV0bTZxRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAXAESu
H8i5/X47Lf6IAcL0nfTwjSHbCyHemO8krcmxYrYin4Za3Jwz/Uj7C+fjwnnB22Yi
khbX1MX5x8c/x+kBbrRxW+D8qX2egcrGyBEG4pxHHQ6U9Tuz1kERzV4cd3uE4Hko
cuVg/SD2KB/lkAvA3uEDZev3e8Ve2gE4hawNFfoRpL6T8geX3M5BwOg64vg/PgCr
IOWcaO3UCuicE6KvWkt9cvaIlj0QPtzrS/UtHYvHiE96LOYKIkg7T70/L14g9prI
i4CIGjV37Kgfv6f6pgeAR7pcUSgn2NKvx5HrpSnvXKMnAQuGKDGEhxFtgu4pjG2t
u7TJi0K2A1LZ5XyL
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:51:24 2025 by rpki-client