Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/p0U7UXrQOQEXuRgschunkbTD2Ok.roa
File: p0U7UXrQOQEXuRgschunkbTD2Ok.roa (raw, json)
Hash identifier: /WYOVs5flh2Mo5mWX8GJTrJJJVAI8bDNO53JjYEqCU0=
Subject key identifier: A7:45:3B:51:7A:D0:39:01:17:B9:18:2C:72:1B:A7:91:B4:C3:D8:E9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7298
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/p0U7UXrQOQEXuRgschunkbTD2Ok.roa
Signing time: Wed 02 Jul 2025 21:44:54 +0000
ROA not before: Wed 02 Jul 2025 21:44:54 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29336 (0x7298)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 2 21:44:54 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=A7453B517AD0390117B9182C721BA791B4C3D8E9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:ed:4d:be:56:41:f5:ed:88:18:bc:20:ad:93:
c9:71:fc:73:7c:87:38:a4:78:46:70:ae:9c:43:f4:
81:25:8c:fd:e4:78:58:e7:82:70:3d:4c:38:28:40:
69:5a:67:f5:23:0a:f3:8b:66:c4:b9:19:ec:44:55:
35:3f:29:99:32:63:09:d6:61:b9:26:f2:17:6b:fa:
48:40:e9:fa:c7:2c:64:9b:e4:cb:db:ce:e5:a7:1e:
c6:3f:a3:aa:db:95:70:0a:5e:c4:ba:bd:d5:68:ca:
b2:b5:c6:14:cf:c0:6a:be:43:dd:51:a7:38:a4:ce:
be:28:c9:65:11:41:5e:59:5b:24:94:a8:89:4d:1d:
12:fd:1b:ad:94:35:0f:38:c6:37:8a:69:f6:b7:57:
42:bb:41:b6:d1:5a:50:63:90:43:2c:c3:16:74:00:
e9:52:68:33:0a:d4:a7:7f:e2:4a:c7:0f:5b:bf:c8:
bb:b8:1c:0f:a8:ab:af:c5:83:c6:a8:ea:2f:cd:2c:
ae:19:0f:a9:89:af:ae:de:ef:e6:87:93:37:34:d1:
40:a6:18:4c:4e:a2:1d:bd:a8:83:5d:2d:95:50:7b:
f5:3f:e3:53:8e:6c:75:7c:e8:6b:49:74:62:95:24:
4a:a2:5e:9c:27:b5:02:49:a1:b6:f2:7b:cb:be:86:
01:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:45:3B:51:7A:D0:39:01:17:B9:18:2C:72:1B:A7:91:B4:C3:D8:E9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/p0U7UXrQOQEXuRgschunkbTD2Ok.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
7f:04:da:5b:4f:47:a4:20:ab:a7:07:5c:38:af:14:b9:a8:96:
01:a4:80:d0:4e:f7:c3:86:a6:61:09:25:df:c6:b0:5d:ff:61:
50:42:ed:09:57:57:15:44:a0:f4:ca:41:47:34:fa:c9:c3:31:
a3:0c:13:b2:cc:08:8e:7d:fd:35:f8:8e:f7:50:23:85:c4:75:
28:6e:f8:62:9d:1a:c8:2f:7c:91:03:1b:52:26:08:0b:83:25:
d1:a5:78:63:de:43:15:d0:57:71:67:8d:ff:07:02:b5:68:11:
aa:bd:aa:75:b2:4f:10:37:31:29:ee:74:c5:bd:25:51:3c:49:
87:e4:18:4c:a1:86:db:64:7f:a0:5d:05:29:6b:88:0c:f3:66:
fc:97:c2:88:d6:8d:64:ab:39:f8:e2:eb:60:81:d7:ae:b2:d0:
e9:cc:48:61:1f:53:c4:3c:90:a1:16:60:08:6e:71:5a:a8:91:
61:b3:26:22:64:90:6f:a5:64:11:6d:3e:c9:d4:7d:20:6c:8e:
9d:8f:f8:31:e2:d9:26:18:09:3e:f1:99:70:37:06:10:57:39:
61:be:f4:52:00:4e:53:d4:f4:c2:d4:e2:2b:8a:6a:95:77:22:
ad:84:f9:18:ab:3e:c1:e0:5a:61:57:d6:61:b7:d0:6c:57:30:
fb:59:13:56
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcpgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDIy
MTQ0NTRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEE3NDUzQjUxN0FEMDM5
MDExN0I5MTgyQzcyMUJBNzkxQjRDM0Q4RTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDL7U2+VkH17YgYvCCtk8lx/HN8hzikeEZwrpxD9IEljP3keFjn
gnA9TDgoQGlaZ/UjCvOLZsS5GexEVTU/KZkyYwnWYbkm8hdr+khA6frHLGSb5Mvb
zuWnHsY/o6rblXAKXsS6vdVoyrK1xhTPwGq+Q91Rpzikzr4oyWURQV5ZWySUqIlN
HRL9G62UNQ84xjeKafa3V0K7QbbRWlBjkEMswxZ0AOlSaDMK1Kd/4krHD1u/yLu4
HA+oq6/Fg8ao6i/NLK4ZD6mJr67e7+aHkzc00UCmGExOoh29qINdLZVQe/U/41OO
bHV86GtJdGKVJEqiXpwntQJJobbye8u+hgFnAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUp0U7UXrQOQEXuRgschunkbTD2OkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3AwVTdVWHJRT1FFWHVS
Z3NjaHVua2JURDJPay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB/BNpb
T0ekIKunB1w4rxS5qJYBpIDQTvfDhqZhCSXfxrBd/2FQQu0JV1cVRKD0ykFHNPrJ
wzGjDBOyzAiOff01+I73UCOFxHUobvhinRrIL3yRAxtSJggLgyXRpXhj3kMV0Fdx
Z43/BwK1aBGqvap1sk8QNzEp7nTFvSVRPEmH5BhMoYbbZH+gXQUpa4gM82b8l8KI
1o1kqzn44utggdeustDpzEhhH1PEPJChFmAIbnFaqJFhsyYiZJBvpWQRbT7J1H0g
bI6dj/gx4tkmGAk+8ZlwNwYQVzlhvvRSAE5T1PTC1OIrimqVdyKthPkYqz7B4Fph
V9Zht9BsVzD7WRNW
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:37:54 2025 by rpki-client