Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/tZq6dVUpO-j4rIRFfVtKjdtEs7A.roa
File: tZq6dVUpO-j4rIRFfVtKjdtEs7A.roa (raw, json)
Hash identifier: 3USIt4r/vUOO1lW3OLtFjDAHd88mjebRqof49wjna48=
Subject key identifier: B5:9A:BA:75:55:29:3B:E8:F8:AC:84:45:7D:5B:4A:8D:DB:44:B3:B0
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7318
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tZq6dVUpO-j4rIRFfVtKjdtEs7A.roa
Signing time: Fri 04 Jul 2025 05:44:55 +0000
ROA not before: Fri 04 Jul 2025 05:44:55 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29464 (0x7318)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 4 05:44:55 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B59ABA7555293BE8F8AC84457D5B4A8DDB44B3B0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:e5:30:0d:0a:f0:28:f6:72:f1:5b:51:ab:e5:
7e:1b:c4:c4:c0:b3:f9:ba:88:a2:37:a1:a8:12:ae:
2c:3c:b4:f1:8d:1f:e9:2a:8d:6f:27:91:ae:02:e0:
e3:bd:5e:e2:73:84:85:aa:b1:a6:d8:46:2b:d9:30:
6e:bc:68:0f:54:93:8a:d6:19:fd:d9:16:45:f1:71:
bb:17:5d:42:1c:29:66:d9:b4:ed:38:ee:55:58:51:
26:86:5b:f5:2f:48:13:ba:1e:8a:57:9e:9e:2e:fe:
c9:b4:67:6b:47:e5:9a:c9:83:ab:69:22:84:ba:47:
9f:a6:5d:06:a6:2f:cc:81:c4:5d:eb:95:bb:c7:04:
bf:2f:5a:fb:84:d9:9e:83:bf:ca:cb:49:62:01:ae:
dc:5f:89:69:f0:b0:a3:40:88:12:df:54:60:ca:36:
96:18:82:df:c0:65:16:f6:b4:1f:00:7b:c6:cc:4e:
97:60:ff:de:b2:c6:ea:21:0b:f6:2e:e8:6c:0e:b7:
b3:ca:5f:55:d1:ea:b7:3c:02:c8:cf:92:54:9c:3c:
6b:1c:94:dd:d7:9a:80:86:ca:3a:07:78:d7:35:c3:
21:a1:f0:13:58:27:85:63:07:27:44:e6:ee:1a:23:
41:09:e4:c5:d0:bf:3b:a5:34:24:49:45:7a:51:35:
42:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:9A:BA:75:55:29:3B:E8:F8:AC:84:45:7D:5B:4A:8D:DB:44:B3:B0
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tZq6dVUpO-j4rIRFfVtKjdtEs7A.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
88:e9:28:3c:a9:a5:d5:79:fd:43:d4:ed:a7:8e:a1:a7:ae:4b:
fd:89:a2:d1:d7:7b:a0:80:42:d2:61:5a:5b:3f:a4:dd:74:db:
c5:65:c0:dc:d9:30:3a:21:03:05:62:cf:4c:75:d3:04:d4:ad:
f6:6a:11:b7:1b:90:31:62:4d:9c:7f:a8:eb:96:bf:e5:07:44:
3a:f0:fe:a2:2f:fb:78:57:14:6f:29:2c:52:01:34:a8:f4:c5:
fc:cb:f5:80:ef:25:ac:65:5a:6a:e0:a0:03:32:4a:3d:b6:ec:
a9:94:75:27:75:20:5f:73:46:98:51:5a:eb:1c:2f:d0:75:5c:
ff:db:d1:ee:42:dc:51:6a:97:87:ec:6a:09:51:d3:00:ab:4d:
b7:02:6a:71:d0:2c:3d:06:64:90:b5:d1:46:58:4a:fb:73:35:
dc:42:6c:ab:85:45:62:16:41:cf:2f:73:53:00:98:a7:2d:d8:
7e:56:c3:cb:83:be:ef:83:fa:52:74:f0:77:56:86:f1:f6:c3:
cc:a1:68:6f:0d:fc:52:c2:ec:50:97:c3:61:4e:c6:33:b6:d4:
61:8e:7b:61:b7:08:4b:69:90:60:15:7d:ad:dc:39:64:e1:b4:
d2:cc:8f:ec:5a:f2:bf:6a:a9:13:8c:71:83:00:3e:d7:54:6c:
9c:b8:8b:2d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcxgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDQw
NTQ0NTVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEI1OUFCQTc1NTUyOTNC
RThGOEFDODQ0NTdENUI0QThEREI0NEIzQjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCk5TANCvAo9nLxW1Gr5X4bxMTAs/m6iKI3oagSriw8tPGNH+kq
jW8nka4C4OO9XuJzhIWqsabYRivZMG68aA9Uk4rWGf3ZFkXxcbsXXUIcKWbZtO04
7lVYUSaGW/UvSBO6HopXnp4u/sm0Z2tH5ZrJg6tpIoS6R5+mXQamL8yBxF3rlbvH
BL8vWvuE2Z6Dv8rLSWIBrtxfiWnwsKNAiBLfVGDKNpYYgt/AZRb2tB8Ae8bMTpdg
/96yxuohC/Yu6GwOt7PKX1XR6rc8AsjPklScPGsclN3XmoCGyjoHeNc1wyGh8BNY
J4VjBydE5u4aI0EJ5MXQvzulNCRJRXpRNUIlAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUtZq6dVUpO+j4rIRFfVtKjdtEs7AwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3RacTZkVlVwTy1qNHJJ
UkZmVnRLamR0RXM3QS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCI6Sg8
qaXVef1D1O2njqGnrkv9iaLR13uggELSYVpbP6TddNvFZcDc2TA6IQMFYs9MddME
1K32ahG3G5AxYk2cf6jrlr/lB0Q68P6iL/t4VxRvKSxSATSo9MX8y/WA7yWsZVpq
4KADMko9tuyplHUndSBfc0aYUVrrHC/QdVz/29HuQtxRapeH7GoJUdMAq023Ampx
0Cw9BmSQtdFGWEr7czXcQmyrhUViFkHPL3NTAJinLdh+VsPLg77vg/pSdPB3Vobx
9sPMoWhvDfxSwuxQl8NhTsYzttRhjnthtwhLaZBgFX2t3Dlk4bTSzI/sWvK/aqkT
jHGDAD7XVGycuIst
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:50:45 2025 by rpki-client