Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/sKJYnVFtnHVRV2XbWRIa0zJ4qDc.roa
File: sKJYnVFtnHVRV2XbWRIa0zJ4qDc.roa (raw, json)
Hash identifier: EveeNaJ4m9wMrBiUYgMpXszkZ2ozjcr+UfY8TZ2slt4=
Subject key identifier: B0:A2:58:9D:51:6D:9C:75:51:57:65:DB:59:12:1A:D3:32:78:A8:37
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 774A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/sKJYnVFtnHVRV2XbWRIa0zJ4qDc.roa
Signing time: Tue 15 Jul 2025 10:41:47 +0000
ROA not before: Tue 15 Jul 2025 10:41:47 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30538 (0x774a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 15 10:41:47 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B0A2589D516D9C75515765DB59121AD33278A837
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:72:58:c6:40:d6:f2:a1:34:0f:ee:db:4e:7d:
cb:46:c4:89:54:b4:17:4b:ca:0e:d6:5a:34:76:97:
56:02:b5:6a:91:9c:83:fd:e0:17:12:05:29:a4:03:
46:7c:eb:97:7b:3f:18:4d:14:03:24:6d:2e:7e:eb:
49:58:51:45:8f:28:b1:34:58:f7:88:53:b4:c9:ab:
ea:90:51:6f:da:7b:f3:79:4c:96:6d:a2:74:a0:03:
42:02:de:ee:78:d1:53:1d:dd:b0:74:58:78:3c:fc:
8d:3c:49:3c:3f:cc:9d:d3:72:d4:3b:b4:7b:3d:33:
4d:20:82:66:2d:2f:1b:68:6b:65:79:20:22:40:04:
4f:98:71:c9:b2:da:4d:12:74:e1:74:3b:74:ce:46:
df:e3:23:45:25:ea:5b:b4:9d:a8:30:38:2b:94:c4:
3f:62:a8:e5:5a:55:d8:60:59:ca:01:be:f1:40:bb:
1b:17:64:e1:cc:7a:6c:ff:29:36:78:73:5d:9e:a8:
da:5a:5d:90:df:1f:80:ae:5c:b6:e4:b3:bb:41:9a:
75:5d:e1:38:f1:80:4a:a9:9d:01:de:5a:a5:7a:9b:
e2:27:7e:68:2c:a4:98:2a:a9:b8:8d:3e:54:8e:0d:
17:e0:ee:e7:66:59:fc:5e:ad:56:68:d1:ee:c4:c5:
0e:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:A2:58:9D:51:6D:9C:75:51:57:65:DB:59:12:1A:D3:32:78:A8:37
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/sKJYnVFtnHVRV2XbWRIa0zJ4qDc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
78:54:d1:01:d4:96:cb:89:de:03:8c:35:e4:df:9f:cf:f2:25:
94:ff:24:d3:9f:84:35:84:bc:aa:9a:2c:a8:8c:69:a2:c8:99:
a8:cd:e9:0f:58:78:7f:65:01:af:91:0c:81:ad:7e:f6:dd:21:
ca:fd:b1:f6:9c:3c:bf:20:ee:97:89:85:ef:ef:e5:8f:33:29:
98:56:a2:4e:53:09:a6:5c:ed:88:82:30:de:ff:4d:98:9f:34:
7a:4d:5c:04:0e:7c:12:b6:84:ba:52:79:be:a9:b0:dd:14:64:
a3:d6:6b:b2:55:f5:53:f8:f9:bb:08:73:97:d1:ac:c8:5a:a0:
e9:b0:4f:db:32:95:60:76:26:bc:e8:e2:45:2d:3f:32:1e:0d:
86:26:0d:33:12:72:1a:89:86:78:46:ef:50:30:53:94:6e:90:
84:47:cc:3f:90:9d:cb:11:83:b0:34:b0:05:23:70:c1:98:61:
c6:a6:b4:69:99:03:74:9e:03:22:70:8c:4e:5e:e5:6f:19:10:
cb:6b:14:04:89:e9:17:53:c0:51:76:7b:4f:c5:3e:76:3d:ea:
1d:af:5e:0b:a0:ba:1a:5f:e5:e5:ca:88:fc:ec:02:f8:eb:bb:
07:47:5c:06:c2:e9:50:88:5b:9a:73:46:86:ed:50:a5:44:af:
fd:b0:0a:a6
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICd0owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTUx
MDQxNDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEIwQTI1ODlENTE2RDlD
NzU1MTU3NjVEQjU5MTIxQUQzMzI3OEE4MzcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDGcljGQNbyoTQP7ttOfctGxIlUtBdLyg7WWjR2l1YCtWqRnIP9
4BcSBSmkA0Z865d7PxhNFAMkbS5+60lYUUWPKLE0WPeIU7TJq+qQUW/ae/N5TJZt
onSgA0IC3u540VMd3bB0WHg8/I08STw/zJ3TctQ7tHs9M00ggmYtLxtoa2V5ICJA
BE+Yccmy2k0SdOF0O3TORt/jI0Ul6lu0nagwOCuUxD9iqOVaVdhgWcoBvvFAuxsX
ZOHMemz/KTZ4c12eqNpaXZDfH4CuXLbks7tBmnVd4TjxgEqpnQHeWqV6m+Infmgs
pJgqqbiNPlSODRfg7udmWfxerVZo0e7ExQ65AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUsKJYnVFtnHVRV2XbWRIa0zJ4qDcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3NLSlluVkZ0bkhWUlYy
WGJXUklhMHpKNHFEYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB4VNEB
1JbLid4DjDXk35/P8iWU/yTTn4Q1hLyqmiyojGmiyJmozekPWHh/ZQGvkQyBrX72
3SHK/bH2nDy/IO6XiYXv7+WPMymYVqJOUwmmXO2IgjDe/02YnzR6TVwEDnwStoS6
Unm+qbDdFGSj1muyVfVT+Pm7CHOX0azIWqDpsE/bMpVgdia86OJFLT8yHg2GJg0z
EnIaiYZ4Ru9QMFOUbpCER8w/kJ3LEYOwNLAFI3DBmGHGprRpmQN0ngMicIxOXuVv
GRDLaxQEiekXU8BRdntPxT52Peodr14LoLoaX+Xlyoj87AL467sHR1wGwulQiFua
c0aG7VClRK/9sAqm
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:32:14 2025 by rpki-client