Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/p-_4pnClx5fLV76nMddmJT0lnT0.roa
File: p-_4pnClx5fLV76nMddmJT0lnT0.roa (raw, json)
Hash identifier: c4KIesM+db63nphSxFEEzaMt1v6EYmKwOtfDAJ8bt18=
Subject key identifier: A7:EF:F8:A6:70:A5:C7:97:CB:57:BE:A7:31:D7:66:25:3D:25:9D:3D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 716E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/p-_4pnClx5fLV76nMddmJT0lnT0.roa
Signing time: Sun 29 Jun 2025 19:15:08 +0000
ROA not before: Sun 29 Jun 2025 19:15:08 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29038 (0x716e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 29 19:15:08 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=A7EFF8A670A5C797CB57BEA731D766253D259D3D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:8c:19:4e:f3:2b:23:75:4f:55:e7:56:9f:f3:
e4:c7:b5:25:ec:08:48:55:ba:2b:84:8c:39:75:f3:
e8:89:2b:c2:43:d9:2e:eb:3f:0c:74:b3:0b:d4:ea:
cd:7b:60:4e:c9:98:43:3e:54:75:e2:2b:cf:18:3e:
69:5e:11:04:f2:ee:44:33:f6:42:bf:3c:56:3b:90:
30:7f:d2:fd:e7:06:98:03:df:5a:f4:6f:19:34:8a:
a6:e4:9d:84:1c:82:3d:f6:c6:ce:29:ac:0a:44:82:
87:02:09:09:47:85:b8:b8:59:0e:a1:ea:20:cf:70:
a4:51:9b:9f:ba:86:40:4c:73:b0:f3:4d:09:56:ed:
b1:b0:d5:f7:2d:b8:d9:3d:20:cf:76:09:82:62:ad:
7a:74:76:5b:2c:68:63:12:e7:d3:cc:c2:ff:f1:83:
40:74:9c:1a:f4:c4:b2:da:31:63:13:b9:ae:85:e5:
e4:bf:a2:16:e2:98:b8:3f:a1:b1:b8:56:dc:72:75:
7a:15:e3:bf:71:c5:2f:0f:f8:a8:3d:28:5c:4e:06:
c7:d3:79:bc:19:c9:a4:64:b6:ce:3a:f0:80:5f:f1:
c5:82:fb:26:20:87:57:28:8d:33:95:fd:d7:99:f2:
f3:c5:33:66:f7:29:17:fa:cb:6c:0d:3e:26:3d:e8:
ac:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:EF:F8:A6:70:A5:C7:97:CB:57:BE:A7:31:D7:66:25:3D:25:9D:3D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/p-_4pnClx5fLV76nMddmJT0lnT0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
49:1f:f7:b5:74:35:59:0e:0d:29:a4:c2:ac:3e:a0:06:8a:e0:
7a:f6:c7:23:d5:c8:d6:d0:ab:d6:3f:26:fa:d2:9e:a3:40:4b:
18:bd:29:0a:af:77:67:84:08:d4:5f:a9:96:ae:d4:7c:a5:a2:
ef:f7:c4:77:4e:fd:9f:c4:f7:e6:91:62:49:25:f2:9d:6c:0e:
5c:64:68:dd:bf:ed:85:db:41:c1:6e:19:3e:a7:ce:38:23:7f:
26:6d:d3:75:96:93:ba:0a:c6:30:ff:c0:d7:f7:78:e4:7e:a9:
0b:86:36:20:77:a1:88:10:25:13:f3:82:41:7a:b4:fd:68:56:
9e:23:6f:bc:58:d8:62:81:67:24:bb:86:22:fb:f7:d4:33:ad:
b0:fd:28:6a:90:58:78:a9:f3:05:23:2c:ef:51:27:98:ef:db:
5c:53:ea:b4:71:f4:b6:81:8d:d2:72:46:8a:9c:1e:2a:86:04:
6c:4d:fd:dd:f1:93:ce:10:d7:24:b9:f5:9b:a3:63:2e:fb:ae:
41:3d:6c:62:5e:22:e0:e2:40:53:b0:d0:b5:3e:a2:8e:18:e2:
b8:f7:c3:b7:04:04:fd:af:33:4a:ad:2e:dc:e9:c8:b9:58:ec:
5c:62:f9:ab:de:97:2b:7e:83:77:d4:a2:dc:cd:7e:35:b7:b8:
d7:f1:49:83
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcW4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2Mjkx
OTE1MDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEE3RUZGOEE2NzBBNUM3
OTdDQjU3QkVBNzMxRDc2NjI1M0QyNTlEM0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDbjBlO8ysjdU9V51af8+THtSXsCEhVuiuEjDl18+iJK8JD2S7r
Pwx0swvU6s17YE7JmEM+VHXiK88YPmleEQTy7kQz9kK/PFY7kDB/0v3nBpgD31r0
bxk0iqbknYQcgj32xs4prApEgocCCQlHhbi4WQ6h6iDPcKRRm5+6hkBMc7DzTQlW
7bGw1fctuNk9IM92CYJirXp0dlssaGMS59PMwv/xg0B0nBr0xLLaMWMTua6F5eS/
ohbimLg/obG4VtxydXoV479xxS8P+Kg9KFxOBsfTebwZyaRkts468IBf8cWC+yYg
h1cojTOV/deZ8vPFM2b3KRf6y2wNPiY96KxlAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUp+/4pnClx5fLV76nMddmJT0lnT0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3AtXzRwbkNseDVmTFY3
Nm5NZGRtSlQwbG5UMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBJH/e1
dDVZDg0ppMKsPqAGiuB69scj1cjW0KvWPyb60p6jQEsYvSkKr3dnhAjUX6mWrtR8
paLv98R3Tv2fxPfmkWJJJfKdbA5cZGjdv+2F20HBbhk+p844I38mbdN1lpO6CsYw
/8DX93jkfqkLhjYgd6GIECUT84JBerT9aFaeI2+8WNhigWcku4Yi+/fUM62w/Shq
kFh4qfMFIyzvUSeY79tcU+q0cfS2gY3SckaKnB4qhgRsTf3d8ZPOENckufWbo2Mu
+65BPWxiXiLg4kBTsNC1PqKOGOK498O3BAT9rzNKrS7c6ci5WOxcYvmr3pcrfoN3
1KLczX41t7jX8UmD
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:57:52 2025 by rpki-client