Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/paJba3mt51VDGnGoiKJ6HYu2V0A.roa
File: paJba3mt51VDGnGoiKJ6HYu2V0A.roa (raw, json)
Hash identifier: c0WD8LYKPaOROaLV+FdOiOaS1Ho6/bVsiHkeJR1wevI=
Subject key identifier: A5:A2:5B:6B:79:AD:E7:55:43:1A:71:A8:88:A2:7A:1D:8B:B6:57:40
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7600
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/paJba3mt51VDGnGoiKJ6HYu2V0A.roa
Signing time: Sat 12 Jul 2025 00:11:41 +0000
ROA not before: Sat 12 Jul 2025 00:11:41 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30208 (0x7600)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 12 00:11:41 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=A5A25B6B79ADE755431A71A888A27A1D8BB65740
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:e3:58:b1:8e:74:4e:07:3c:97:8d:73:05:9a:
b1:d4:4c:b0:2d:46:b9:4b:53:5a:c0:dc:8c:b9:68:
f5:88:7e:56:d8:b7:86:78:61:86:7b:2d:39:88:b4:
89:33:67:6f:ee:cb:64:7a:bf:64:57:4f:b3:f5:f8:
c4:be:63:04:32:77:d7:a6:bd:6c:d5:49:d6:2c:f4:
98:33:54:02:47:4a:75:42:86:78:aa:ea:a2:de:c8:
cb:c0:74:47:64:49:60:7c:fe:41:10:81:c5:b9:f9:
e2:49:0e:89:3e:e6:2d:17:60:ed:84:29:02:5f:46:
e1:e1:61:bb:62:2c:ee:f8:51:46:56:f2:4b:e4:8d:
20:3c:ed:86:28:e3:1a:25:ca:46:12:2d:f7:e5:06:
54:26:ab:fb:19:4a:f9:03:24:48:34:c4:f0:84:df:
fd:42:8e:de:12:57:f6:56:76:ca:5c:69:62:b0:58:
fa:c3:a5:fb:97:19:67:24:7d:52:e8:14:7a:8a:0c:
af:44:41:7b:27:83:dc:1e:dd:cb:a2:c5:58:ce:fc:
4d:be:7b:da:45:96:9a:4d:6d:f3:05:1e:43:50:26:
da:e0:03:4b:4d:93:55:38:c9:56:07:08:91:e2:07:
2f:1f:4f:9a:fa:ec:c3:85:1a:50:75:c7:d3:68:5d:
ff:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:A2:5B:6B:79:AD:E7:55:43:1A:71:A8:88:A2:7A:1D:8B:B6:57:40
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/paJba3mt51VDGnGoiKJ6HYu2V0A.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
67:22:d2:f3:08:ba:a4:ed:be:ed:a2:7d:05:db:bf:19:cd:12:
7e:ae:c9:0a:4b:95:7a:05:be:3f:67:f8:81:6a:e5:62:4e:8c:
4b:b5:cd:c3:22:9c:e3:7c:a9:86:cc:03:6d:e3:14:99:67:c6:
d1:48:ac:ab:e2:16:59:be:23:63:76:b8:6f:48:a6:e9:f7:b7:
2e:0a:42:61:37:7b:4d:9c:e9:f8:8d:38:d7:f6:fe:8f:d7:46:
f1:aa:1c:2a:c2:49:e5:d2:84:ff:b5:73:5f:bc:4f:af:bb:e4:
bf:52:55:02:08:66:58:b1:b7:8f:6b:86:3b:d4:f7:89:2e:ba:
2b:79:8c:33:ae:1d:c7:e8:ce:20:11:53:a6:24:30:72:ed:39:
f6:30:3e:a2:f2:52:66:26:22:39:8d:a4:6c:8e:9b:7e:fc:d1:
72:11:3b:ce:5b:ba:46:cd:e6:f6:a3:fd:52:ca:6e:bb:6c:70:
16:f0:30:ee:b8:66:63:31:ca:3d:f2:45:eb:95:bf:c6:7c:81:
c0:10:35:53:46:f7:4f:ff:de:17:6c:b6:1e:7d:38:05:23:14:
02:21:ef:1c:98:42:16:76:f7:5a:e9:1d:d7:f6:23:39:26:eb:
bd:ec:55:06:a9:34:25:be:59:2f:ec:3e:27:12:0d:0c:83:0e:
f6:bc:35:50
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdgAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTIw
MDExNDFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEE1QTI1QjZCNzlBREU3
NTU0MzFBNzFBODg4QTI3QTFEOEJCNjU3NDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCY41ixjnROBzyXjXMFmrHUTLAtRrlLU1rA3Iy5aPWIflbYt4Z4
YYZ7LTmItIkzZ2/uy2R6v2RXT7P1+MS+YwQyd9emvWzVSdYs9JgzVAJHSnVChniq
6qLeyMvAdEdkSWB8/kEQgcW5+eJJDok+5i0XYO2EKQJfRuHhYbtiLO74UUZW8kvk
jSA87YYo4xolykYSLfflBlQmq/sZSvkDJEg0xPCE3/1Cjt4SV/ZWdspcaWKwWPrD
pfuXGWckfVLoFHqKDK9EQXsng9we3cuixVjO/E2+e9pFlppNbfMFHkNQJtrgA0tN
k1U4yVYHCJHiBy8fT5r67MOFGlB1x9NoXf9dAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUpaJba3mt51VDGnGoiKJ6HYu2V0AwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3BhSmJhM210NTFWREdu
R29pS0o2SFl1MlYwQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBnItLz
CLqk7b7ton0F278ZzRJ+rskKS5V6Bb4/Z/iBauViToxLtc3DIpzjfKmGzANt4xSZ
Z8bRSKyr4hZZviNjdrhvSKbp97cuCkJhN3tNnOn4jTjX9v6P10bxqhwqwknl0oT/
tXNfvE+vu+S/UlUCCGZYsbePa4Y71PeJLroreYwzrh3H6M4gEVOmJDBy7Tn2MD6i
8lJmJiI5jaRsjpt+/NFyETvOW7pGzeb2o/1Sym67bHAW8DDuuGZjMco98kXrlb/G
fIHAEDVTRvdP/94XbLYefTgFIxQCIe8cmEIWdvda6R3X9iM5Juu97FUGqTQlvlkv
7D4nEg0Mgw72vDVQ
-----END CERTIFICATE-----
Generated at Sun Jul 20 21:20:55 2025 by rpki-client