Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/sdP-GxKCYA_0MBo6qpNufD9aqR0.roa
File: sdP-GxKCYA_0MBo6qpNufD9aqR0.roa (raw, json)
Hash identifier: ldrhMMdHp56fZbkZTik0kg4YTBnar2RYZyOlaZ7Z7yI=
Subject key identifier: B1:D3:FE:1B:12:82:60:0F:F4:30:1A:3A:AA:93:6E:7C:3F:5A:A9:1D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6F4A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/sdP-GxKCYA_0MBo6qpNufD9aqR0.roa
Signing time: Tue 24 Jun 2025 08:14:16 +0000
ROA not before: Tue 24 Jun 2025 08:14:16 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28490 (0x6f4a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 24 08:14:16 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B1D3FE1B1282600FF4301A3AAA936E7C3F5AA91D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:b5:2f:49:44:13:dd:50:8a:67:13:3e:42:f8:
4d:20:35:05:49:06:ce:f4:70:ad:a5:79:06:02:cc:
9c:d1:c8:36:b8:70:1b:87:39:cb:87:2d:c4:46:33:
a8:a6:81:43:03:3c:d3:de:23:a1:b6:f3:02:f8:28:
e0:0c:9b:de:e6:15:28:c5:e4:fa:26:2a:ae:df:db:
c5:ef:20:3f:0f:c5:b5:9b:4b:de:00:a1:13:42:1b:
f1:e0:43:66:f2:9c:f9:c2:77:ba:3a:5f:06:b3:a7:
aa:f8:b0:9d:dd:01:8f:53:91:51:6c:1f:4c:bd:aa:
aa:75:5f:52:c5:e5:f9:f2:54:36:3a:86:d5:63:f2:
fc:8a:dc:09:16:8b:22:f7:66:68:4e:3e:58:66:23:
eb:16:bf:d8:e5:46:26:59:98:e0:e8:d8:46:b3:24:
83:51:ed:b6:70:ce:0e:72:8a:7b:a2:ea:16:59:03:
80:aa:31:0b:86:71:b7:f4:c3:19:50:ee:33:c6:90:
42:35:26:a4:05:e7:21:72:8e:d9:e0:44:40:51:16:
a4:24:7d:4d:51:ab:5f:6e:60:6b:30:4e:71:48:5b:
b0:a4:61:3c:e2:fd:b9:6d:bc:48:bf:d6:a7:b0:b5:
04:4f:14:34:ea:29:07:4e:b7:52:f3:03:60:b6:fa:
ed:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:D3:FE:1B:12:82:60:0F:F4:30:1A:3A:AA:93:6E:7C:3F:5A:A9:1D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/sdP-GxKCYA_0MBo6qpNufD9aqR0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
bc:bc:18:f8:84:1d:16:6c:01:27:d4:3a:1d:e4:f2:be:73:b2:
ed:35:43:50:2b:fe:0f:7b:59:64:c4:3b:18:7b:03:8e:a0:19:
9d:b3:4d:3b:a1:29:b6:1e:6c:66:94:0b:1e:fb:31:9a:74:6c:
ce:2c:c4:46:1b:ce:8d:81:8e:52:49:7a:d1:99:01:96:34:9e:
d5:12:98:19:94:3b:f5:f0:8b:b3:f6:94:31:22:2d:94:f1:c8:
34:cd:b4:48:b3:60:99:21:00:61:4e:3f:b1:df:c7:aa:ad:3b:
d1:a4:12:3f:32:dc:45:ab:37:7e:b6:87:8c:05:5d:4e:9f:f4:
6d:ae:6d:ad:99:15:a2:fb:ca:55:9b:e1:94:af:1b:87:97:05:
c6:d4:91:1e:c4:7a:e4:10:b4:5b:19:d2:c4:02:1c:c7:ed:14:
9b:f8:00:fc:2e:b8:c0:ec:47:a4:de:23:21:08:22:9e:f5:2a:
da:41:4b:9d:bd:a9:6b:21:30:ca:37:0c:6a:7d:aa:61:c4:34:
ba:7b:01:da:22:24:de:a6:bc:ff:fc:17:c8:4b:c3:fa:db:df:
4e:95:4a:42:19:23:aa:45:a2:c2:17:c8:b1:c8:d4:75:80:7a:
10:f6:a2:16:ed:ef:6f:dc:c9:01:80:ed:58:40:94:11:6a:23:
06:0b:31:f1
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICb0owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjQw
ODE0MTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEIxRDNGRTFCMTI4MjYw
MEZGNDMwMUEzQUFBOTM2RTdDM0Y1QUE5MUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDItS9JRBPdUIpnEz5C+E0gNQVJBs70cK2leQYCzJzRyDa4cBuH
OcuHLcRGM6imgUMDPNPeI6G28wL4KOAMm97mFSjF5PomKq7f28XvID8PxbWbS94A
oRNCG/HgQ2bynPnCd7o6Xwazp6r4sJ3dAY9TkVFsH0y9qqp1X1LF5fnyVDY6htVj
8vyK3AkWiyL3ZmhOPlhmI+sWv9jlRiZZmODo2EazJINR7bZwzg5yinui6hZZA4Cq
MQuGcbf0wxlQ7jPGkEI1JqQF5yFyjtngREBRFqQkfU1Rq19uYGswTnFIW7CkYTzi
/bltvEi/1qewtQRPFDTqKQdOt1LzA2C2+u1NAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUsdP+GxKCYA/0MBo6qpNufD9aqR0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3NkUC1HeEtDWUFfME1C
bzZxcE51ZkQ5YXFSMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQC8vBj4
hB0WbAEn1Dod5PK+c7LtNUNQK/4Pe1lkxDsYewOOoBmds007oSm2HmxmlAse+zGa
dGzOLMRGG86NgY5SSXrRmQGWNJ7VEpgZlDv18Iuz9pQxIi2U8cg0zbRIs2CZIQBh
Tj+x38eqrTvRpBI/MtxFqzd+toeMBV1On/Rtrm2tmRWi+8pVm+GUrxuHlwXG1JEe
xHrkELRbGdLEAhzH7RSb+AD8LrjA7Eek3iMhCCKe9SraQUudvalrITDKNwxqfaph
xDS6ewHaIiTeprz//BfIS8P6299OlUpCGSOqRaLCF8ixyNR1gHoQ9qIW7e9v3MkB
gO1YQJQRaiMGCzHx
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:39:16 2025 by rpki-client