Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/tzRWE4Ebb-HRMSQJouH0_Nv88Kg.roa
File: tzRWE4Ebb-HRMSQJouH0_Nv88Kg.roa (raw, json)
Hash identifier: gLzZHN1TDN4D3uilcLlKuc3V6c3+SGqbByRcMsTDTQs=
Subject key identifier: B7:34:56:13:81:1B:6F:E1:D1:31:24:09:A2:E1:F4:FC:DB:FC:F0:A8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 707E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tzRWE4Ebb-HRMSQJouH0_Nv88Kg.roa
Signing time: Fri 27 Jun 2025 07:14:47 +0000
ROA not before: Fri 27 Jun 2025 07:14:47 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28798 (0x707e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 27 07:14:47 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B7345613811B6FE1D1312409A2E1F4FCDBFCF0A8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:10:df:47:43:71:86:2b:af:77:44:71:da:0a:
07:20:d9:e1:f5:a1:64:70:d1:c4:91:91:bb:02:a2:
40:4e:66:47:09:30:67:cd:e2:ab:67:0c:5f:91:09:
83:72:02:ce:96:6f:9c:ff:82:01:bc:99:32:f0:70:
c2:19:c0:8b:18:0d:b4:38:8a:3b:1b:d3:0a:79:4e:
7c:be:8d:d6:e5:17:db:28:75:01:76:be:99:4b:2e:
02:aa:8f:b8:4d:9c:49:7d:5b:71:9b:b0:73:58:12:
0c:ea:ad:f7:15:09:5a:9c:03:a1:ec:d5:31:27:58:
37:16:2b:84:7c:e4:0b:55:77:a1:2d:15:41:61:26:
64:cd:ce:0d:76:65:99:2c:3e:84:5b:c1:06:e6:36:
4d:d2:76:55:a7:f8:94:4a:61:c1:d3:c2:79:dc:ac:
c2:e9:5b:66:16:32:28:30:05:db:13:02:02:23:20:
5b:dc:81:3a:cb:47:4e:cc:64:ba:f6:b4:d5:98:b5:
8f:a4:d1:c3:72:76:e3:a9:ca:62:d8:1a:87:9d:fc:
c9:3f:73:71:d8:d3:12:27:6d:4f:ad:d0:03:11:18:
e8:f0:db:88:0c:0f:ee:99:31:16:de:d5:e6:64:4c:
ea:86:35:52:44:65:2b:db:fb:1c:36:c1:e9:2e:a0:
91:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:34:56:13:81:1B:6F:E1:D1:31:24:09:A2:E1:F4:FC:DB:FC:F0:A8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tzRWE4Ebb-HRMSQJouH0_Nv88Kg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
b4:69:63:dc:25:73:af:51:63:58:ce:16:67:5f:0d:51:e8:f3:
50:af:e7:4f:a1:12:49:56:6c:cc:f7:80:fb:ae:1a:13:df:f2:
83:e6:9f:9c:09:d1:06:b6:46:c3:ae:0f:b9:16:00:03:58:21:
79:ed:90:7a:35:ce:84:31:fd:df:e4:9b:23:43:a7:42:b8:d0:
e4:d0:e7:5a:93:1a:17:a2:fb:f0:9b:c1:0b:16:5f:d8:02:81:
06:ec:d1:2c:ff:09:63:c9:12:e8:f7:a2:b7:a3:5b:15:2b:b3:
39:d3:18:4d:35:43:80:19:2c:42:f9:ba:f7:fb:8d:bf:c4:4a:
9a:2c:ff:9c:d5:5a:3f:f9:7a:78:f8:b2:08:63:13:1f:ff:34:
ef:f0:81:9c:ac:3f:78:8f:1b:2f:4a:c9:d0:67:d2:d8:c2:11:
10:14:de:e9:26:af:4c:0d:38:66:5e:da:73:ac:b0:ab:ab:95:
40:35:1f:eb:1f:85:79:c0:2b:cf:b6:e5:2a:dd:f5:2a:b7:dc:
0b:90:40:82:2a:fa:b0:17:c6:31:2f:79:aa:8e:d7:a0:ff:a3:
19:70:c0:41:85:11:d7:c8:fa:15:66:68:de:7b:21:c0:1e:7a:
09:00:7e:05:c7:5e:c4:92:8d:4e:ce:bc:36:23:c7:5b:12:f0:
9b:78:20:43
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcH4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2Mjcw
NzE0NDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEI3MzQ1NjEzODExQjZG
RTFEMTMxMjQwOUEyRTFGNEZDREJGQ0YwQTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDhEN9HQ3GGK693RHHaCgcg2eH1oWRw0cSRkbsCokBOZkcJMGfN
4qtnDF+RCYNyAs6Wb5z/ggG8mTLwcMIZwIsYDbQ4ijsb0wp5Tny+jdblF9sodQF2
vplLLgKqj7hNnEl9W3GbsHNYEgzqrfcVCVqcA6Hs1TEnWDcWK4R85AtVd6EtFUFh
JmTNzg12ZZksPoRbwQbmNk3SdlWn+JRKYcHTwnncrMLpW2YWMigwBdsTAgIjIFvc
gTrLR07MZLr2tNWYtY+k0cNyduOpymLYGoed/Mk/c3HY0xInbU+t0AMRGOjw24gM
D+6ZMRbe1eZkTOqGNVJEZSvb+xw2wekuoJE7AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUtzRWE4Ebb+HRMSQJouH0/Nv88KgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3R6UldFNEViYi1IUk1T
UUpvdUgwX052ODhLZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQC0aWPc
JXOvUWNYzhZnXw1R6PNQr+dPoRJJVmzM94D7rhoT3/KD5p+cCdEGtkbDrg+5FgAD
WCF57ZB6Nc6EMf3f5JsjQ6dCuNDk0OdakxoXovvwm8ELFl/YAoEG7NEs/wljyRLo
96K3o1sVK7M50xhNNUOAGSxC+br3+42/xEqaLP+c1Vo/+Xp4+LIIYxMf/zTv8IGc
rD94jxsvSsnQZ9LYwhEQFN7pJq9MDThmXtpzrLCrq5VANR/rH4V5wCvPtuUq3fUq
t9wLkECCKvqwF8YxL3mqjteg/6MZcMBBhRHXyPoVZmjeeyHAHnoJAH4Fx17Eko1O
zrw2I8dbEvCbeCBD
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:40:03 2025 by rpki-client