Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/rsY4sAPA9UMaqHa3xuxUwV7_Mow.roa
File: rsY4sAPA9UMaqHa3xuxUwV7_Mow.roa (raw, json)
Hash identifier: GwOBDAhG+G4MODCahf2/JJCoWNCkTR0Jvo4H/fbZuew=
Subject key identifier: AE:C6:38:B0:03:C0:F5:43:1A:A8:76:B7:C6:EC:54:C1:5E:FF:32:8C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 76FE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rsY4sAPA9UMaqHa3xuxUwV7_Mow.roa
Signing time: Mon 14 Jul 2025 15:42:31 +0000
ROA not before: Mon 14 Jul 2025 15:42:31 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30462 (0x76fe)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 14 15:42:31 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=AEC638B003C0F5431AA876B7C6EC54C15EFF328C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:15:38:e3:78:0b:c6:d0:77:6d:cc:7c:54:5e:
9a:6d:7d:1b:ee:04:3b:bb:63:e2:6d:78:f4:3a:cd:
d7:ed:66:a3:6b:19:e7:e6:41:e6:c8:fc:9d:12:d9:
c9:81:4d:47:1e:92:cb:5a:1b:50:99:eb:46:0d:53:
fc:03:06:ee:88:25:82:1b:00:67:06:6b:13:47:18:
f7:14:b7:ad:f0:ea:1b:b5:fd:f7:f8:88:6f:0e:3f:
ca:7f:83:57:79:52:db:22:7f:ca:d7:a5:21:40:8b:
39:1a:a3:5d:a6:5b:02:4b:32:3c:f7:2d:4f:0a:bb:
de:ab:32:f4:88:f6:7a:b8:b6:f6:e2:93:fa:9a:19:
6a:de:8f:e1:ce:e0:e5:e2:1f:44:68:c3:6e:95:d1:
bd:31:2f:59:94:29:67:cc:74:e2:ab:60:ac:a3:65:
16:d9:21:36:17:9b:46:b5:6b:d3:78:2d:e1:e4:c2:
a3:6a:70:e3:a4:30:77:2c:a7:9a:5f:48:22:f6:a1:
fa:d6:60:f9:f0:95:54:f9:9b:8b:fe:cb:d3:88:8c:
5e:97:34:db:79:09:24:8e:67:14:84:3c:8d:5b:d0:
61:e3:17:da:f7:c2:94:61:8c:82:b9:0f:44:ab:63:
bc:bc:e4:27:51:32:43:43:32:45:2f:c4:66:d1:ed:
6a:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:C6:38:B0:03:C0:F5:43:1A:A8:76:B7:C6:EC:54:C1:5E:FF:32:8C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rsY4sAPA9UMaqHa3xuxUwV7_Mow.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
79:e1:44:69:16:e0:4b:f2:93:b0:16:76:28:86:fc:b2:e1:8a:
31:7d:7d:15:5f:54:4e:6e:f9:fd:1f:90:03:f2:2c:4d:09:0b:
c0:af:1d:17:79:eb:d5:b4:d7:8c:e5:1d:88:2e:9f:47:f0:2e:
1a:1e:24:62:7a:bc:c2:a6:9b:e3:c0:bf:ed:a7:24:10:90:1d:
70:f2:20:11:24:9e:f0:a7:44:75:04:fd:bd:fd:bd:84:67:0f:
3e:b6:3e:e7:d1:20:8e:15:eb:e1:89:57:80:66:54:85:5a:f2:
d2:3a:c5:a1:02:19:37:67:39:29:b4:6a:22:cc:23:25:9a:2f:
34:dc:e8:d9:13:b2:d7:a1:22:dd:96:87:33:10:10:2c:8b:88:
74:bf:56:18:98:38:03:9d:94:5f:a7:95:14:bf:d5:d7:92:03:
83:21:fd:9b:6e:e1:06:aa:bb:ab:72:92:0e:36:b7:44:e4:3c:
79:8a:0c:92:cc:5d:39:1d:97:fd:d3:df:1d:c8:78:a6:a2:3e:
6d:44:e8:8f:a6:80:06:c2:b4:80:c6:12:85:80:28:a6:4a:59:
0d:64:7e:25:3b:6e:af:d1:29:c7:ea:70:e6:58:e7:1c:6f:b1:
77:18:bd:16:cb:58:77:51:8c:27:a1:b4:95:7a:91:12:e7:d6:
a8:23:14:fc
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdv4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTQx
NTQyMzFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEFFQzYzOEIwMDNDMEY1
NDMxQUE4NzZCN0M2RUM1NEMxNUVGRjMyOEMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDMFTjjeAvG0HdtzHxUXpptfRvuBDu7Y+JtePQ6zdftZqNrGefm
QebI/J0S2cmBTUcekstaG1CZ60YNU/wDBu6IJYIbAGcGaxNHGPcUt63w6hu1/ff4
iG8OP8p/g1d5Utsif8rXpSFAizkao12mWwJLMjz3LU8Ku96rMvSI9nq4tvbik/qa
GWrej+HO4OXiH0Row26V0b0xL1mUKWfMdOKrYKyjZRbZITYXm0a1a9N4LeHkwqNq
cOOkMHcsp5pfSCL2ofrWYPnwlVT5m4v+y9OIjF6XNNt5CSSOZxSEPI1b0GHjF9r3
wpRhjIK5D0SrY7y85CdRMkNDMkUvxGbR7WpXAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUrsY4sAPA9UMaqHa3xuxUwV7/MowwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3JzWTRzQVBBOVVNYXFI
YTN4dXhVd1Y3X01vdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB54URp
FuBL8pOwFnYohvyy4YoxfX0VX1RObvn9H5AD8ixNCQvArx0XeevVtNeM5R2ILp9H
8C4aHiRierzCppvjwL/tpyQQkB1w8iARJJ7wp0R1BP29/b2EZw8+tj7n0SCOFevh
iVeAZlSFWvLSOsWhAhk3ZzkptGoizCMlmi803OjZE7LXoSLdloczEBAsi4h0v1YY
mDgDnZRfp5UUv9XXkgODIf2bbuEGqrurcpIONrdE5Dx5igySzF05HZf9098dyHim
oj5tROiPpoAGwrSAxhKFgCimSlkNZH4lO26v0SnH6nDmWOccb7F3GL0Wy1h3UYwn
obSVepES59aoIxT8
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:51:32 2025 by rpki-client