Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ismUz4IEps8myZYM2eg33HZva-o.roa
File: ismUz4IEps8myZYM2eg33HZva-o.roa (raw, json)
Hash identifier: E5+01JDy8maUFs6OMfYtTzhen4ytBflNID7MHXhX7qw=
Subject key identifier: 8A:C9:94:CF:82:04:A6:CF:26:C9:96:0C:D9:E8:37:DC:76:6F:6B:EA
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7744
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ismUz4IEps8myZYM2eg33HZva-o.roa
Signing time: Tue 15 Jul 2025 09:11:53 +0000
ROA not before: Tue 15 Jul 2025 09:11:53 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30532 (0x7744)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 15 09:11:53 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=8AC994CF8204A6CF26C9960CD9E837DC766F6BEA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:29:f1:a2:a8:14:d0:fa:92:ce:28:38:0b:90:
8d:23:2c:d9:67:2c:92:dd:b2:ae:ba:a0:ec:5d:3e:
df:82:8c:19:a7:50:1d:56:3b:b3:47:1e:f3:e7:70:
aa:6f:f1:07:16:d4:ce:ab:50:7a:c4:37:75:dd:c5:
f1:61:1e:77:1d:7e:41:38:3e:0f:fe:8a:97:b4:0e:
72:c7:6d:c0:a5:6e:8e:34:f2:ca:f2:06:4e:b8:c8:
e3:18:a5:f2:cc:0f:28:4e:bc:1f:49:9f:b9:65:eb:
58:4a:eb:12:b2:7b:be:23:32:f5:fe:97:29:5a:18:
35:e0:a9:0f:4d:6b:03:7f:74:52:f6:87:eb:9c:9f:
33:6c:74:c9:a6:2c:c9:ac:5d:8b:c4:c5:8a:67:4f:
0f:8e:fe:70:e9:9d:36:10:ba:17:ea:b7:fa:26:48:
20:6b:6a:78:e7:2d:47:12:25:16:5e:b1:3c:52:30:
c9:06:8c:cc:69:a5:9e:fa:f3:d7:f5:8c:cc:f5:3d:
e9:0c:c9:54:4d:39:c7:ff:38:ed:66:bc:8d:ab:34:
16:31:5c:1a:77:86:cd:60:e7:bf:55:29:49:ae:6b:
55:3c:f3:e6:a3:e0:ae:23:89:b6:4b:cd:eb:af:80:
e7:fd:13:4d:32:ae:7f:ff:e3:c7:f0:07:f6:5a:0b:
cc:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:C9:94:CF:82:04:A6:CF:26:C9:96:0C:D9:E8:37:DC:76:6F:6B:EA
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ismUz4IEps8myZYM2eg33HZva-o.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
2d:4d:67:61:14:2b:69:fe:4c:8a:c1:2f:e2:3a:49:5f:2b:48:
0d:a5:a4:ef:87:85:82:1e:e9:d9:3c:22:c6:5a:54:35:42:a6:
9e:67:6d:58:cb:eb:4f:30:6d:dd:04:5a:00:e9:5c:e9:81:3c:
e9:14:0a:f5:fb:25:75:16:bc:4f:7a:cf:98:d4:bf:4f:94:79:
c1:3f:9d:e7:65:95:01:b1:6a:89:84:10:a3:ab:21:36:2b:62:
00:f1:b6:17:44:4c:ad:d0:7b:c8:98:62:ef:a9:51:63:cc:97:
a8:c3:00:e2:0a:c4:19:be:6b:ea:bd:f5:b0:60:70:1f:d7:b6:
e8:1a:73:29:74:93:73:26:3e:62:85:cd:78:cf:66:b9:20:8a:
6b:b7:ba:12:b1:74:fe:08:0a:b6:9b:0b:39:a4:47:5a:fa:15:
f3:0f:25:7e:41:74:c4:de:17:15:2d:5d:59:00:ac:2c:28:97:
80:77:dd:2b:9b:2f:a7:ae:b8:34:37:60:e5:86:14:ac:53:2a:
a6:36:d0:33:0c:e6:e6:a9:95:d4:c4:1d:98:46:e7:c9:a5:78:
8f:6e:5a:34:fa:6b:8c:38:64:16:2b:c7:af:e4:40:0a:5c:b7:
0a:81:7a:46:5e:95:6a:8a:4a:2d:69:52:f1:5f:69:8a:7a:e9:
37:09:db:26
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICd0QwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTUw
OTExNTNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDhBQzk5NENGODIwNEE2
Q0YyNkM5OTYwQ0Q5RTgzN0RDNzY2RjZCRUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCmKfGiqBTQ+pLOKDgLkI0jLNlnLJLdsq66oOxdPt+CjBmnUB1W
O7NHHvPncKpv8QcW1M6rUHrEN3XdxfFhHncdfkE4Pg/+ipe0DnLHbcClbo408sry
Bk64yOMYpfLMDyhOvB9Jn7ll61hK6xKye74jMvX+lylaGDXgqQ9NawN/dFL2h+uc
nzNsdMmmLMmsXYvExYpnTw+O/nDpnTYQuhfqt/omSCBranjnLUcSJRZesTxSMMkG
jMxppZ7689f1jMz1PekMyVRNOcf/OO1mvI2rNBYxXBp3hs1g579VKUmua1U88+aj
4K4jibZLzeuvgOf9E00yrn//48fwB/ZaC8zhAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUismUz4IEps8myZYM2eg33HZva+owHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2lzbVV6NElFcHM4bXla
WU0yZWczM0hadmEtby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAtTWdh
FCtp/kyKwS/iOklfK0gNpaTvh4WCHunZPCLGWlQ1QqaeZ21Yy+tPMG3dBFoA6Vzp
gTzpFAr1+yV1FrxPes+Y1L9PlHnBP53nZZUBsWqJhBCjqyE2K2IA8bYXREyt0HvI
mGLvqVFjzJeowwDiCsQZvmvqvfWwYHAf17boGnMpdJNzJj5ihc14z2a5IIprt7oS
sXT+CAq2mws5pEda+hXzDyV+QXTE3hcVLV1ZAKwsKJeAd90rmy+nrrg0N2DlhhSs
UyqmNtAzDObmqZXUxB2YRufJpXiPblo0+muMOGQWK8ev5EAKXLcKgXpGXpVqikot
aVLxX2mKeuk3Cdsm
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:34:00 2025 by rpki-client