Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/irGVt2wLx1nnET5ipBTyfgQQAjc.roa
File: irGVt2wLx1nnET5ipBTyfgQQAjc.roa (raw, json)
Hash identifier: iogpTzEM1QpIkr4IpNPw77jiI005a910ERbWrdiQbWg=
Subject key identifier: 8A:B1:95:B7:6C:0B:C7:59:E7:11:3E:62:A4:14:F2:7E:04:10:02:37
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7220
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/irGVt2wLx1nnET5ipBTyfgQQAjc.roa
Signing time: Tue 01 Jul 2025 15:44:49 +0000
ROA not before: Tue 01 Jul 2025 15:44:49 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29216 (0x7220)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 1 15:44:49 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=8AB195B76C0BC759E7113E62A414F27E04100237
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:49:f5:cf:29:43:29:d7:a7:21:02:cf:85:74:
98:91:8a:e0:99:11:e3:1d:cc:3e:d6:39:be:4a:39:
da:b1:36:2c:46:ae:1d:8e:d4:1f:aa:f9:5d:8b:0a:
fa:62:b2:79:b0:3f:5e:bf:f1:31:ff:22:fb:d0:cf:
5a:c7:57:1a:bc:5e:fe:37:5e:c2:aa:47:ea:25:89:
32:7b:0f:d6:2e:37:0e:60:fa:55:07:ef:57:ad:66:
03:84:4a:e5:1e:b3:07:fa:e2:a8:97:72:ac:41:6b:
df:60:99:a1:3b:a6:36:8a:cd:46:80:d6:ee:88:ef:
5f:d5:c9:0c:5c:81:ff:84:ce:78:cc:20:f4:0d:df:
e0:46:35:4f:34:37:a5:1a:3f:f9:e8:b2:04:7e:ce:
04:b8:b9:73:91:3f:a7:b3:5d:8b:21:19:4e:d9:37:
10:66:2a:88:ce:a3:84:16:4d:72:95:c9:d7:11:fd:
b6:0f:5d:93:09:36:56:57:8f:23:93:39:d6:e5:47:
62:35:46:e4:9a:54:9e:c8:d1:c1:6e:00:64:d9:7a:
70:8e:be:95:e6:13:d2:5d:8f:b4:2d:44:97:73:45:
92:5f:9a:e1:4e:ab:cf:79:e3:c6:43:b9:2d:79:3b:
ad:4a:67:71:c0:f4:fc:ce:e2:4d:67:95:dc:80:b8:
a6:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:B1:95:B7:6C:0B:C7:59:E7:11:3E:62:A4:14:F2:7E:04:10:02:37
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/irGVt2wLx1nnET5ipBTyfgQQAjc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
17:12:20:63:21:85:af:20:bc:11:43:99:1d:ed:d2:aa:5f:ad:
1d:0b:d6:71:30:a2:b2:7e:c8:6b:4f:d1:f5:ba:3b:bd:b7:23:
80:56:43:c7:3d:53:42:2f:7a:7b:67:ac:01:2e:1a:98:36:a2:
7c:d7:84:ca:a6:53:00:de:5d:54:ae:7f:e6:8a:ad:7a:18:0c:
53:c9:91:de:aa:23:61:af:15:cd:07:e6:66:d0:64:c4:1a:d8:
9f:38:6e:a4:a6:96:36:24:41:02:23:86:61:f1:79:2f:7b:39:
df:74:bf:7d:48:cd:b3:e3:52:41:42:ef:00:ae:6c:18:1a:f0:
48:7a:c1:c4:ad:21:2a:e0:ab:30:33:7f:ec:6c:a7:91:02:82:
d4:2e:ed:f7:81:b0:db:36:3a:4f:a9:ef:c9:52:6d:4b:7e:09:
db:b1:9d:92:4a:a6:12:8c:b1:0d:1a:42:c4:36:ac:a1:2e:32:
13:5f:c9:7c:a8:00:fd:dc:c2:df:d2:37:fd:ac:73:85:8b:60:
b0:76:7a:68:94:6c:2c:96:9a:96:5b:b8:da:4e:ec:f6:85:71:
e5:41:29:9e:e2:e2:2b:69:eb:f6:db:41:54:67:79:43:5f:2f:
f0:3d:a3:e7:69:d8:aa:12:f3:8b:2d:08:e1:27:66:90:42:b2:
b9:1a:bb:87
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICciAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDEx
NTQ0NDlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDhBQjE5NUI3NkMwQkM3
NTlFNzExM0U2MkE0MTRGMjdFMDQxMDAyMzcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKSfXPKUMp16chAs+FdJiRiuCZEeMdzD7WOb5KOdqxNixGrh2O
1B+q+V2LCvpisnmwP16/8TH/IvvQz1rHVxq8Xv43XsKqR+oliTJ7D9YuNw5g+lUH
71etZgOESuUeswf64qiXcqxBa99gmaE7pjaKzUaA1u6I71/VyQxcgf+EznjMIPQN
3+BGNU80N6UaP/nosgR+zgS4uXORP6ezXYshGU7ZNxBmKojOo4QWTXKVydcR/bYP
XZMJNlZXjyOTOdblR2I1RuSaVJ7I0cFuAGTZenCOvpXmE9Jdj7QtRJdzRZJfmuFO
q89548ZDuS15O61KZ3HA9PzO4k1nldyAuKabAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUirGVt2wLx1nnET5ipBTyfgQQAjcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2lyR1Z0MndMeDFubkVU
NWlwQlR5ZmdRUUFqYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAXEiBj
IYWvILwRQ5kd7dKqX60dC9ZxMKKyfshrT9H1uju9tyOAVkPHPVNCL3p7Z6wBLhqY
NqJ814TKplMA3l1Urn/miq16GAxTyZHeqiNhrxXNB+Zm0GTEGtifOG6kppY2JEEC
I4Zh8XkveznfdL99SM2z41JBQu8ArmwYGvBIesHErSEq4KswM3/sbKeRAoLULu33
gbDbNjpPqe/JUm1LfgnbsZ2SSqYSjLENGkLENqyhLjITX8l8qAD93MLf0jf9rHOF
i2CwdnpolGwslpqWW7jaTuz2hXHlQSme4uIraev220FUZ3lDXy/wPaPnadiqEvOL
LQjhJ2aQQrK5GruH
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:35:47 2025 by rpki-client