Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/pI7uBAIjGlzBdpishYBLaTPcN1E.roa
File: pI7uBAIjGlzBdpishYBLaTPcN1E.roa (raw, json)
Hash identifier: hLbpe92KSI6QrR/a61o7z12bKBt8V3kDN5ppOa6/hyc=
Subject key identifier: A4:8E:EE:04:02:23:1A:5C:C1:76:98:AC:85:80:4B:69:33:DC:37:51
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 72E6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/pI7uBAIjGlzBdpishYBLaTPcN1E.roa
Signing time: Thu 03 Jul 2025 17:14:56 +0000
ROA not before: Thu 03 Jul 2025 17:14:56 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29414 (0x72e6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 3 17:14:56 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=A48EEE0402231A5CC17698AC85804B6933DC3751
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:bd:88:d9:e3:f2:f7:bb:99:ed:bd:4d:66:f9:
aa:1f:e9:87:2c:a9:bd:85:21:55:00:f2:2e:ff:76:
ee:f0:61:7c:de:b4:8d:cb:be:22:29:6c:13:2b:b7:
9e:eb:9c:6f:9b:a3:15:5c:aa:f2:3d:dd:02:0e:d8:
ba:28:37:2f:18:aa:98:01:8d:33:f3:8f:9c:84:22:
6a:f5:d6:45:98:8c:5d:84:35:5d:83:e5:94:39:aa:
67:b9:ea:ec:06:64:7e:9a:f7:a5:23:7a:b7:3d:26:
85:83:94:f0:1f:c3:96:17:14:61:db:b2:7a:55:8d:
5d:d4:a6:a7:bc:f7:cf:98:b4:4b:e0:6d:ad:a6:12:
1e:52:f6:90:00:20:00:b6:ca:4c:8b:d8:e7:be:5f:
6e:d3:12:73:d5:a2:e6:22:70:b5:a3:d3:30:43:5b:
a9:67:15:55:b3:0b:fb:7c:10:7f:28:68:4c:6e:34:
fa:28:e4:42:8e:02:98:af:be:1a:31:d3:8d:19:1f:
83:be:eb:47:b3:10:15:6a:27:99:8a:dd:1a:96:37:
66:e4:03:3d:f6:4d:a6:bd:e5:50:f7:b5:99:ef:de:
5b:e8:60:46:59:d8:ae:df:4d:cc:c6:89:ce:9c:92:
12:71:4a:ca:6b:67:68:dd:29:e5:62:b4:a6:3f:9d:
5f:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:8E:EE:04:02:23:1A:5C:C1:76:98:AC:85:80:4B:69:33:DC:37:51
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/pI7uBAIjGlzBdpishYBLaTPcN1E.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
86:01:19:b5:b6:5f:81:eb:f4:c3:24:c1:a2:df:6d:51:43:34:
67:7b:24:0d:ed:aa:89:a9:58:8d:b8:c8:09:b1:06:db:4b:94:
21:5b:b3:40:71:89:77:38:1c:43:9f:32:22:d7:c1:f6:75:30:
a6:df:e4:3d:51:7a:53:df:82:ab:d4:66:3e:7a:55:f5:24:2a:
f5:b0:ba:44:de:c3:2f:19:65:96:8a:1e:8a:eb:28:f4:fa:31:
75:d2:16:2b:21:17:8c:7a:c7:4e:8c:f0:c6:6a:56:24:e5:07:
ef:51:3f:59:7f:29:c1:cb:cc:f6:c6:a0:00:07:dc:e7:a0:1a:
cd:5b:b0:b4:e0:fc:fe:64:99:20:eb:00:04:3a:df:da:7f:c0:
c1:75:4a:9c:4b:94:9d:a2:2a:b9:3f:28:eb:bf:04:3d:c2:f7:
9e:59:8c:38:be:29:cc:ac:65:67:75:53:07:ad:d0:9b:49:e8:
b0:ed:6f:66:e8:30:fd:f1:a6:3d:d3:9d:11:f1:e6:da:f2:ca:
75:d6:76:99:1a:bb:c2:6c:5f:a5:06:e7:20:74:68:cc:a8:83:
38:28:db:6b:13:fb:23:37:8f:c5:09:e9:c6:18:1c:2a:e2:ff:
a9:f4:d3:d3:7e:00:c0:6d:89:ba:9e:81:c0:c8:37:89:47:aa:
2b:17:4a:64
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcuYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDMx
NzE0NTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEE0OEVFRTA0MDIyMzFB
NUNDMTc2OThBQzg1ODA0QjY5MzNEQzM3NTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7vYjZ4/L3u5ntvU1m+aof6Ycsqb2FIVUA8i7/du7wYXzetI3L
viIpbBMrt57rnG+boxVcqvI93QIO2LooNy8YqpgBjTPzj5yEImr11kWYjF2ENV2D
5ZQ5qme56uwGZH6a96Ujerc9JoWDlPAfw5YXFGHbsnpVjV3Upqe898+YtEvgba2m
Eh5S9pAAIAC2ykyL2Oe+X27TEnPVouYicLWj0zBDW6lnFVWzC/t8EH8oaExuNPoo
5EKOApivvhox040ZH4O+60ezEBVqJ5mK3RqWN2bkAz32Taa95VD3tZnv3lvoYEZZ
2K7fTczGic6ckhJxSsprZ2jdKeVitKY/nV85AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUpI7uBAIjGlzBdpishYBLaTPcN1EwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3BJN3VCQUlqR2x6QmRw
aXNoWUJMYVRQY04xRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCGARm1
tl+B6/TDJMGi321RQzRneyQN7aqJqViNuMgJsQbbS5QhW7NAcYl3OBxDnzIi18H2
dTCm3+Q9UXpT34Kr1GY+elX1JCr1sLpE3sMvGWWWih6K6yj0+jF10hYrIReMesdO
jPDGalYk5QfvUT9ZfynBy8z2xqAAB9znoBrNW7C04Pz+ZJkg6wAEOt/af8DBdUqc
S5Sdoiq5PyjrvwQ9wveeWYw4vinMrGVndVMHrdCbSeiw7W9m6DD98aY9050R8eba
8sp11naZGrvCbF+lBucgdGjMqIM4KNtrE/sjN4/FCenGGBwq4v+p9NPTfgDAbYm6
noHAyDeJR6orF0pk
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:42:07 2025 by rpki-client