Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/sWNKSaQIrqxpzHL0G9ei3M0oTQM.roa
File: sWNKSaQIrqxpzHL0G9ei3M0oTQM.roa (raw, json)
Hash identifier: lApnHz5yOn4byWsQ2YnBZrYzaHptwY70kNnzMByjfe8=
Subject key identifier: B1:63:4A:49:A4:08:AE:AC:69:CC:72:F4:1B:D7:A2:DC:CD:28:4D:03
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 70CE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/sWNKSaQIrqxpzHL0G9ei3M0oTQM.roa
Signing time: Sat 28 Jun 2025 03:14:34 +0000
ROA not before: Sat 28 Jun 2025 03:14:34 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28878 (0x70ce)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 28 03:14:34 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B1634A49A408AEAC69CC72F41BD7A2DCCD284D03
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:70:14:48:40:23:ec:00:ba:32:17:2a:9e:a6:
ce:19:82:2b:1f:8d:a2:ab:4a:2b:b7:2f:37:62:b1:
d1:6d:ac:88:8d:c5:12:c9:1d:05:12:91:df:6a:39:
75:a1:31:3b:ad:b7:d1:ce:ce:26:01:1a:33:b1:4d:
ea:91:67:ad:11:0d:ac:cb:93:43:6f:17:05:b3:d9:
48:bb:b7:c1:37:e2:20:49:7f:9d:7c:e5:2b:d9:ab:
c0:49:ed:67:0c:a6:e7:07:3c:71:46:87:c5:de:d9:
1a:4c:2c:cb:47:03:4b:22:ab:87:0c:5b:bd:0b:31:
7c:94:f4:cd:dd:20:1f:dd:82:53:79:a3:7b:34:5b:
e5:fd:bd:22:7c:23:c0:83:03:27:00:68:09:05:2e:
45:07:26:a9:3b:35:27:c5:fe:c4:87:41:e6:bc:3c:
11:e5:9d:f0:50:eb:fb:a6:1d:fb:a8:ec:4e:0c:26:
a9:dc:91:c7:92:c0:61:5b:d0:5b:b6:22:cd:64:c7:
c0:5d:6f:a7:5d:89:79:2b:33:f7:48:c5:3d:58:22:
3e:f8:54:ac:76:9c:7b:d3:85:56:a4:11:07:ef:e2:
92:7b:b0:1d:2b:39:89:3f:f7:3a:7e:d7:f2:79:f5:
a0:4c:c6:32:7c:c2:d6:4a:ab:8b:2d:86:2c:31:43:
98:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:63:4A:49:A4:08:AE:AC:69:CC:72:F4:1B:D7:A2:DC:CD:28:4D:03
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/sWNKSaQIrqxpzHL0G9ei3M0oTQM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
bc:50:50:9f:73:00:fc:60:f7:85:36:32:18:70:51:93:36:6a:
b7:91:ea:a3:82:8a:93:73:ba:cb:8a:69:6d:93:3f:3c:47:e0:
46:14:50:ca:7e:97:33:38:7d:91:c1:9b:b6:45:7f:6d:08:9b:
18:cb:c5:88:f2:b9:85:21:ff:6c:96:13:d4:13:dd:a4:47:ee:
8a:18:9d:a2:5e:5d:1c:fc:81:e0:de:3b:b5:53:80:31:fa:18:
59:98:b9:84:48:82:c6:c2:8e:ac:ed:13:26:43:3f:35:6c:60:
8e:f3:ed:ac:5a:4c:3f:a1:ff:ec:f5:ef:ce:45:26:ce:0a:e6:
9c:3c:80:eb:69:28:04:a7:56:a7:0e:f1:80:c4:93:a1:83:56:
20:69:ee:95:ad:03:59:72:ee:4c:6d:82:d3:d6:91:49:23:28:
48:e4:20:25:d0:b3:b6:df:a1:2c:d7:90:2a:f2:51:52:30:45:
f9:09:92:75:f5:da:cc:2c:47:37:58:2f:0f:23:5d:07:e6:9a:
28:62:b6:51:5b:21:77:e0:64:b3:a1:f5:bb:0a:32:77:57:b2:
4a:42:99:fa:43:e4:ca:9b:a1:6f:c7:68:34:3f:3a:a0:f1:e5:
84:35:40:eb:64:a0:35:6a:6b:61:92:b1:3d:84:52:9b:f5:76:
01:9b:6f:6b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcM4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2Mjgw
MzE0MzRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEIxNjM0QTQ5QTQwOEFF
QUM2OUNDNzJGNDFCRDdBMkRDQ0QyODREMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7cBRIQCPsALoyFyqeps4ZgisfjaKrSiu3LzdisdFtrIiNxRLJ
HQUSkd9qOXWhMTutt9HOziYBGjOxTeqRZ60RDazLk0NvFwWz2Ui7t8E34iBJf518
5SvZq8BJ7WcMpucHPHFGh8Xe2RpMLMtHA0siq4cMW70LMXyU9M3dIB/dglN5o3s0
W+X9vSJ8I8CDAycAaAkFLkUHJqk7NSfF/sSHQea8PBHlnfBQ6/umHfuo7E4MJqnc
kceSwGFb0Fu2Is1kx8Bdb6ddiXkrM/dIxT1YIj74VKx2nHvThVakEQfv4pJ7sB0r
OYk/9zp+1/J59aBMxjJ8wtZKq4sthiwxQ5ipAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUsWNKSaQIrqxpzHL0G9ei3M0oTQMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3NXTktTYVFJcnF4cHpI
TDBHOWVpM00wb1RRTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQC8UFCf
cwD8YPeFNjIYcFGTNmq3keqjgoqTc7rLimltkz88R+BGFFDKfpczOH2RwZu2RX9t
CJsYy8WI8rmFIf9slhPUE92kR+6KGJ2iXl0c/IHg3ju1U4Ax+hhZmLmESILGwo6s
7RMmQz81bGCO8+2sWkw/of/s9e/ORSbOCuacPIDraSgEp1anDvGAxJOhg1Ygae6V
rQNZcu5MbYLT1pFJIyhI5CAl0LO236Es15Aq8lFSMEX5CZJ19drMLEc3WC8PI10H
5pooYrZRWyF34GSzofW7CjJ3V7JKQpn6Q+TKm6Fvx2g0Pzqg8eWENUDrZKA1amth
krE9hFKb9XYBm29r
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:34:01 2025 by rpki-client