Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/rtZwJm8vrhGD2zJ1aEoTwlnGzT4.roa
File: rtZwJm8vrhGD2zJ1aEoTwlnGzT4.roa (raw, json)
Hash identifier: t5FY2TK4XW7qHXlbuDi1BaeFO7dqMYE09tP4oCC+OBY=
Subject key identifier: AE:D6:70:26:6F:2F:AE:11:83:DB:32:75:68:4A:13:C2:59:C6:CD:3E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 70A8
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rtZwJm8vrhGD2zJ1aEoTwlnGzT4.roa
Signing time: Fri 27 Jun 2025 17:44:38 +0000
ROA not before: Fri 27 Jun 2025 17:44:38 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28840 (0x70a8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 27 17:44:38 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=AED670266F2FAE1183DB3275684A13C259C6CD3E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:ca:e1:07:38:a7:4c:5d:fc:96:d2:c8:20:f3:
07:37:82:d7:7f:53:a5:2b:51:04:58:fb:90:5f:0d:
d9:22:26:3b:c6:0d:09:91:48:dd:3c:c0:53:fe:ac:
7a:c5:ae:2a:bd:23:df:3c:5a:71:44:54:9e:a4:31:
51:2e:cd:56:c0:14:f6:ae:6f:14:ed:d2:81:df:d3:
48:58:f2:5c:86:20:50:ad:02:61:13:e7:d9:2f:0a:
6c:0d:6e:7d:42:f6:b9:f6:0b:20:39:bd:3c:39:f1:
31:d5:50:35:0d:db:c6:d8:4c:e3:dd:c7:a7:5a:51:
81:be:09:fa:b2:4d:46:4e:3d:b6:27:c0:a8:0c:63:
51:da:07:e2:d7:f7:e5:c0:cf:2b:aa:fc:2f:c8:a9:
02:bb:58:ca:f5:65:fc:1c:d5:58:fc:95:6e:f9:78:
a3:d8:47:0a:79:68:72:ad:b3:c6:3b:bb:37:58:d9:
53:2c:1e:7e:16:3a:d4:04:4c:ed:9d:98:a3:9a:16:
35:68:2c:85:a3:6e:d0:a6:2a:f9:a9:2b:a2:59:95:
6d:c0:c5:0d:ad:af:96:22:6a:7b:de:f0:da:61:3e:
f9:4b:b2:41:3d:58:52:30:9e:dd:a1:1c:73:4d:c4:
1a:34:d3:89:59:30:6b:cb:10:2f:8a:15:f6:ec:07:
fc:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:D6:70:26:6F:2F:AE:11:83:DB:32:75:68:4A:13:C2:59:C6:CD:3E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rtZwJm8vrhGD2zJ1aEoTwlnGzT4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
a4:ba:ec:9e:d7:87:f3:cc:c5:74:fc:e7:70:c2:ec:a8:17:18:
0b:f2:53:dd:92:da:09:96:5d:eb:eb:58:c7:60:4d:84:ad:5a:
ab:65:4a:49:d3:48:e3:c6:97:00:74:ef:dc:e7:8c:4f:7c:00:
e0:51:bb:ed:6d:2a:9c:d1:ff:3d:bb:9e:50:50:49:cb:8b:e7:
22:1f:23:34:ca:98:da:94:66:56:99:e3:f9:78:59:01:2a:7d:
01:a9:41:4d:ca:e7:88:51:eb:d5:84:63:57:2e:c8:08:e6:d1:
29:3b:87:3b:a4:79:1c:34:dc:5f:06:a8:7d:40:c7:08:72:ef:
c3:f7:a9:e0:51:35:3e:80:71:0a:3a:bc:79:9a:f6:2c:33:2c:
53:f0:07:59:78:78:f0:bc:77:ca:3c:de:fa:cd:b4:05:da:93:
6a:19:e9:7b:01:77:97:8f:7b:55:77:67:5f:6b:22:29:18:56:
ee:44:79:fd:7c:24:d1:45:94:9c:3d:c2:e6:53:55:0f:de:41:
91:90:a2:f1:a5:18:16:b6:2f:bb:9e:c7:c5:8d:00:cd:ab:b1:
bc:be:1a:56:74:53:66:c3:78:8a:9e:d7:cb:58:8a:d6:27:7d:
a8:ce:d8:8c:ea:d3:06:39:32:a6:41:86:96:df:24:e8:1f:5f:
29:f8:f9:c4
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcKgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2Mjcx
NzQ0MzhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEFFRDY3MDI2NkYyRkFF
MTE4M0RCMzI3NTY4NEExM0MyNTlDNkNEM0UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDLyuEHOKdMXfyW0sgg8wc3gtd/U6UrUQRY+5BfDdkiJjvGDQmR
SN08wFP+rHrFriq9I988WnFEVJ6kMVEuzVbAFPaubxTt0oHf00hY8lyGIFCtAmET
59kvCmwNbn1C9rn2CyA5vTw58THVUDUN28bYTOPdx6daUYG+CfqyTUZOPbYnwKgM
Y1HaB+LX9+XAzyuq/C/IqQK7WMr1Zfwc1Vj8lW75eKPYRwp5aHKts8Y7uzdY2VMs
Hn4WOtQETO2dmKOaFjVoLIWjbtCmKvmpK6JZlW3AxQ2tr5Yianve8NphPvlLskE9
WFIwnt2hHHNNxBo004lZMGvLEC+KFfbsB/zLAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUrtZwJm8vrhGD2zJ1aEoTwlnGzT4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3J0WndKbTh2cmhHRDJ6
SjFhRW9Ud2xuR3pUNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCkuuye
14fzzMV0/OdwwuyoFxgL8lPdktoJll3r61jHYE2ErVqrZUpJ00jjxpcAdO/c54xP
fADgUbvtbSqc0f89u55QUEnLi+ciHyM0ypjalGZWmeP5eFkBKn0BqUFNyueIUevV
hGNXLsgI5tEpO4c7pHkcNNxfBqh9QMcIcu/D96ngUTU+gHEKOrx5mvYsMyxT8AdZ
eHjwvHfKPN76zbQF2pNqGel7AXeXj3tVd2dfayIpGFbuRHn9fCTRRZScPcLmU1UP
3kGRkKLxpRgWti+7nsfFjQDNq7G8vhpWdFNmw3iKntfLWIrWJ32oztiM6tMGOTKm
QYaW3yToH18p+PnE
-----END CERTIFICATE-----
Generated at Sun Jul 20 20:46:39 2025 by rpki-client