Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/mzf43GAr6npfe_lLNiufxfD1kIM.roa
File: mzf43GAr6npfe_lLNiufxfD1kIM.roa (raw, json)
Hash identifier: 21iNqS98xB4CHD4yd4oRFjMq+CCO7LVTDH/yWNcG2vU=
Subject key identifier: 9B:37:F8:DC:60:2B:EA:7A:5F:7B:F9:4B:36:2B:9F:C5:F0:F5:90:83
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 720A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/mzf43GAr6npfe_lLNiufxfD1kIM.roa
Signing time: Tue 01 Jul 2025 10:15:03 +0000
ROA not before: Tue 01 Jul 2025 10:15:03 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29194 (0x720a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 1 10:15:03 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=9B37F8DC602BEA7A5F7BF94B362B9FC5F0F59083
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:ea:5e:9f:4e:0f:bc:1a:ca:74:0b:35:4e:a0:
27:2d:cd:49:e6:e8:e6:84:96:18:c1:b4:b3:ca:f2:
36:d8:12:b3:f3:97:c0:26:1d:93:ca:70:ab:94:61:
66:65:47:1d:f4:bf:fc:47:5b:5d:7b:d4:ad:d8:87:
6e:e3:3b:7c:59:54:53:b9:e9:38:c8:f4:2c:e4:6b:
c1:3d:42:0c:f5:5b:3d:2f:0f:13:99:48:da:8d:67:
d4:c0:3d:2e:6d:2a:ef:db:32:f1:67:f9:39:44:7a:
b7:c6:b5:15:05:9c:dc:2d:10:6c:06:cd:7d:be:e6:
8f:ee:da:f6:1c:e2:96:3e:68:a7:99:27:63:ab:23:
52:dd:64:55:f9:e0:32:18:91:ab:df:5a:08:85:ec:
a3:72:88:a7:64:5d:ad:1b:a2:20:10:da:91:9d:87:
70:ba:38:e9:90:6f:a0:1b:d4:33:70:7a:d7:3e:f6:
f4:88:22:29:dc:f9:01:71:e3:dc:30:c4:83:2e:dd:
03:69:72:2a:f9:5d:3d:ee:ce:fc:17:97:eb:75:68:
d8:58:c5:65:19:8c:88:90:09:7d:d6:d8:b0:80:d9:
d9:49:d3:ec:a7:e4:7e:4e:ec:6a:3d:07:79:17:4f:
9f:6c:07:62:c4:7e:8a:4c:81:50:ab:92:8d:a6:01:
6b:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:37:F8:DC:60:2B:EA:7A:5F:7B:F9:4B:36:2B:9F:C5:F0:F5:90:83
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/mzf43GAr6npfe_lLNiufxfD1kIM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
6e:ba:dc:15:b6:5b:49:04:75:d8:52:d5:59:74:9f:90:f3:ea:
27:c9:72:d7:a8:84:74:32:d1:a3:43:69:35:1d:b1:2a:5f:1a:
83:a1:5b:37:1a:ec:01:ad:f6:b6:e6:5a:3c:a7:d7:05:e3:18:
b5:68:a9:41:51:e9:9e:26:db:3c:ea:87:cc:22:90:bd:cf:91:
18:66:8a:8b:b9:8d:8e:25:7b:42:de:c4:17:6e:e6:67:29:f1:
84:78:65:d6:b5:c1:31:fb:8b:6b:d5:da:d1:62:95:81:2e:b0:
b7:0f:a8:88:ff:49:58:9f:71:09:41:c0:a8:42:b7:88:d4:4b:
b7:54:e0:c8:df:97:58:eb:8f:8a:4b:7e:5d:77:73:c2:4e:e5:
5c:b7:bc:41:18:62:e7:83:73:61:ac:c2:68:3a:89:f3:c8:2a:
23:39:f3:94:95:4b:8c:d3:1f:bc:55:03:36:9a:25:4e:d6:f3:
bc:4a:50:ac:c8:5d:e5:21:b0:63:36:20:93:78:70:c3:92:2b:
e5:1d:fb:14:66:f4:e2:00:88:cf:2e:88:8c:4e:b0:36:17:45:
96:33:29:c1:08:ad:ce:48:ce:c6:3c:6e:9a:f1:ff:6d:7b:c5:
aa:5b:1d:d4:d5:0a:92:b1:db:a9:29:b8:47:8e:84:36:3b:23:
b0:62:a7:2c
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcgowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDEx
MDE1MDNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDlCMzdGOERDNjAyQkVB
N0E1RjdCRjk0QjM2MkI5RkM1RjBGNTkwODMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC96l6fTg+8Gsp0CzVOoCctzUnm6OaElhjBtLPK8jbYErPzl8Am
HZPKcKuUYWZlRx30v/xHW1171K3Yh27jO3xZVFO56TjI9Czka8E9Qgz1Wz0vDxOZ
SNqNZ9TAPS5tKu/bMvFn+TlEerfGtRUFnNwtEGwGzX2+5o/u2vYc4pY+aKeZJ2Or
I1LdZFX54DIYkavfWgiF7KNyiKdkXa0boiAQ2pGdh3C6OOmQb6Ab1DNwetc+9vSI
Iinc+QFx49wwxIMu3QNpcir5XT3uzvwXl+t1aNhYxWUZjIiQCX3W2LCA2dlJ0+yn
5H5O7Go9B3kXT59sB2LEfopMgVCrko2mAWvZAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUmzf43GAr6npfe/lLNiufxfD1kIMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L216ZjQzR0FyNm5wZmVf
bExOaXVmeGZEMWtJTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBuutwV
tltJBHXYUtVZdJ+Q8+onyXLXqIR0MtGjQ2k1HbEqXxqDoVs3GuwBrfa25lo8p9cF
4xi1aKlBUemeJts86ofMIpC9z5EYZoqLuY2OJXtC3sQXbuZnKfGEeGXWtcEx+4tr
1drRYpWBLrC3D6iI/0lYn3EJQcCoQreI1Eu3VODI35dY64+KS35dd3PCTuVct7xB
GGLng3NhrMJoOonzyCojOfOUlUuM0x+8VQM2miVO1vO8SlCsyF3lIbBjNiCTeHDD
kivlHfsUZvTiAIjPLoiMTrA2F0WWMynBCK3OSM7GPG6a8f9te8WqWx3U1QqSsdup
KbhHjoQ2OyOwYqcs
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:34:22 2025 by rpki-client