Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/iiDfGUfEYJ5lmbz38DGSYvwLqKA.roa
File: iiDfGUfEYJ5lmbz38DGSYvwLqKA.roa (raw, json)
Hash identifier: l1jPuTUTWTV2kv/Yd3PmKh1PUfE1qlkQW47Ov5JBSDY=
Subject key identifier: 8A:20:DF:19:47:C4:60:9E:65:99:BC:F7:F0:31:92:62:FC:0B:A8:A0
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7450
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/iiDfGUfEYJ5lmbz38DGSYvwLqKA.roa
Signing time: Mon 07 Jul 2025 11:44:56 +0000
ROA not before: Mon 07 Jul 2025 11:44:56 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29776 (0x7450)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 7 11:44:56 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=8A20DF1947C4609E6599BCF7F0319262FC0BA8A0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:f5:1e:61:d6:c8:61:5b:14:7f:db:e2:80:d3:
55:42:c3:1e:28:fa:17:bf:3c:8e:26:c9:10:8a:ce:
f2:8d:ee:32:28:0c:86:c2:8e:07:de:85:79:a1:60:
e5:54:db:84:a6:fd:d3:52:bb:c4:74:03:f8:ae:f6:
25:8d:0d:27:65:c6:cf:c8:2b:39:35:0a:22:db:e4:
3c:8c:44:5e:91:5a:d0:09:ff:13:c0:bb:f7:1f:6f:
5a:00:ce:e5:e4:1c:3a:30:b6:0d:83:fc:d9:cc:7d:
dc:0c:0e:58:2c:68:d1:1f:20:db:69:65:6e:c6:ac:
ce:ab:70:dc:b6:fc:0d:3e:a8:74:36:b9:79:d4:7f:
11:a6:b4:c2:b0:ed:cf:03:c0:77:cf:68:59:1e:59:
ed:b7:4b:c6:58:5b:7e:73:cc:a6:6f:0f:0f:95:65:
19:1d:3e:f0:51:fe:92:c6:36:b1:6b:60:60:66:15:
85:35:41:9d:2f:d5:7a:64:a9:cd:c5:08:1b:86:4b:
07:d0:ba:8e:61:82:b5:90:68:58:da:7e:00:ed:77:
d5:5b:06:db:27:6c:f6:e3:a9:ba:73:c1:4d:7f:83:
96:33:98:48:54:42:ab:a6:8a:38:be:84:b5:99:3b:
a0:9f:17:e9:5d:5e:87:66:dd:7a:24:f9:11:f4:12:
8d:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:20:DF:19:47:C4:60:9E:65:99:BC:F7:F0:31:92:62:FC:0B:A8:A0
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/iiDfGUfEYJ5lmbz38DGSYvwLqKA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
92:66:65:0b:74:49:d4:40:3a:f6:45:e2:6b:b8:8e:26:d3:ea:
ca:65:f0:13:13:39:91:b0:09:6d:c7:c8:cd:8f:73:1c:61:1a:
64:4c:a2:2e:cf:57:c2:2a:9c:90:a4:65:87:67:d4:1b:9c:81:
60:f4:b3:6a:dd:c7:0d:1f:e4:e8:5c:94:0c:35:c8:81:7b:90:
11:ec:ff:99:94:82:6b:98:5c:10:f5:63:9d:4e:67:61:a4:3b:
e8:49:fb:7c:e7:3a:9b:2b:0d:bc:e1:f7:6d:a5:26:79:54:e2:
23:1c:4b:88:2c:80:6e:e4:37:95:39:70:31:48:84:de:c2:88:
a9:1a:4d:87:59:2b:4d:8f:f3:04:9a:cf:1e:46:5c:2a:71:ad:
78:30:93:5d:37:1b:3a:f9:a3:c2:7e:1c:a5:26:19:75:09:56:
93:02:49:4d:e2:be:84:71:3e:6f:fb:33:3e:aa:7d:76:c9:cc:
65:df:57:e3:7c:0c:b1:c1:42:d5:de:8a:c1:2e:af:fd:e5:ff:
c0:02:f0:76:d6:3a:65:36:28:88:17:a0:49:41:15:98:2a:2d:
e9:db:3d:de:45:1c:f3:5e:79:01:31:b8:74:b6:c3:35:9c:71:
a8:48:1c:99:4f:29:9f:29:47:2b:25:dc:d9:11:24:7b:37:7d:
47:74:ec:92
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdFAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDcx
MTQ0NTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDhBMjBERjE5NDdDNDYw
OUU2NTk5QkNGN0YwMzE5MjYyRkMwQkE4QTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC09R5h1shhWxR/2+KA01VCwx4o+he/PI4myRCKzvKN7jIoDIbC
jgfehXmhYOVU24Sm/dNSu8R0A/iu9iWNDSdlxs/IKzk1CiLb5DyMRF6RWtAJ/xPA
u/cfb1oAzuXkHDowtg2D/NnMfdwMDlgsaNEfINtpZW7GrM6rcNy2/A0+qHQ2uXnU
fxGmtMKw7c8DwHfPaFkeWe23S8ZYW35zzKZvDw+VZRkdPvBR/pLGNrFrYGBmFYU1
QZ0v1Xpkqc3FCBuGSwfQuo5hgrWQaFjafgDtd9VbBtsnbPbjqbpzwU1/g5YzmEhU
Qqumiji+hLWZO6CfF+ldXodm3Xok+RH0Eo1BAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUiiDfGUfEYJ5lmbz38DGSYvwLqKAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2lpRGZHVWZFWUo1bG1i
ejM4REdTWXZ3THFLQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCSZmUL
dEnUQDr2ReJruI4m0+rKZfATEzmRsAltx8jNj3McYRpkTKIuz1fCKpyQpGWHZ9Qb
nIFg9LNq3ccNH+ToXJQMNciBe5AR7P+ZlIJrmFwQ9WOdTmdhpDvoSft85zqbKw28
4fdtpSZ5VOIjHEuILIBu5DeVOXAxSITewoipGk2HWStNj/MEms8eRlwqca14MJNd
Nxs6+aPCfhylJhl1CVaTAklN4r6EcT5v+zM+qn12ycxl31fjfAyxwULV3orBLq/9
5f/AAvB21jplNiiIF6BJQRWYKi3p2z3eRRzzXnkBMbh0tsM1nHGoSByZTymfKUcr
JdzZESR7N31HdOyS
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:39:21 2025 by rpki-client