Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/vz6rw1g_6kOc9vFYZB8iz0dGb3w.roa
File: vz6rw1g_6kOc9vFYZB8iz0dGb3w.roa (raw, json)
Hash identifier: gt5uPNP5gMgYUMc11XVaXGpjKEdFWCACV5QJkdg9bxg=
Subject key identifier: BF:3E:AB:C3:58:3F:EA:43:9C:F6:F1:58:64:1F:22:CF:47:46:6F:7C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7786
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vz6rw1g_6kOc9vFYZB8iz0dGb3w.roa
Signing time: Wed 16 Jul 2025 01:41:54 +0000
ROA not before: Wed 16 Jul 2025 01:41:54 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30598 (0x7786)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 16 01:41:54 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=BF3EABC3583FEA439CF6F158641F22CF47466F7C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:15:03:e2:4a:c3:e2:4a:32:ce:eb:24:9f:ca:
13:34:6a:42:92:e4:56:eb:de:a8:85:23:d5:c4:96:
66:4b:6a:5a:45:e5:3c:68:f1:8a:e0:7c:89:a2:33:
d5:1d:fe:1c:14:06:fb:d8:ac:f7:cc:0f:a8:43:12:
75:51:fc:26:5b:b4:99:d4:81:68:5a:79:12:3b:d6:
08:07:c8:91:04:c7:b7:3a:5e:12:c5:e1:ea:45:db:
db:b3:37:27:fd:72:a2:eb:c5:9f:35:9e:0d:46:9e:
5b:45:d8:0d:f6:16:16:5d:12:81:d5:bc:e1:3a:4a:
b0:db:55:b7:5c:4e:67:56:65:14:84:b3:07:7b:0c:
80:ad:16:14:b0:89:08:a4:dd:ab:a0:21:f9:0a:01:
8a:45:c5:8e:51:dc:66:b8:83:89:83:6c:49:9a:76:
c4:fc:06:5e:50:f8:69:66:ce:3e:67:a9:74:9f:82:
9a:dc:49:97:ce:6c:7c:6d:84:75:8a:27:98:8e:4a:
cc:76:4c:fc:9b:53:60:3d:7a:a2:f6:c7:17:27:6e:
ca:f7:79:61:7f:4e:c7:04:d6:1c:2a:35:88:5a:02:
d9:f1:e2:c7:cd:3c:68:59:67:83:b2:d6:92:c3:04:
9c:fc:27:f2:7c:c2:66:bc:15:8b:f2:8a:be:8c:23:
be:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:3E:AB:C3:58:3F:EA:43:9C:F6:F1:58:64:1F:22:CF:47:46:6F:7C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vz6rw1g_6kOc9vFYZB8iz0dGb3w.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
4f:7a:c5:d0:b9:5b:a9:72:00:c5:39:b6:f0:bc:ba:0e:9f:9b:
ec:e8:95:44:08:98:6b:96:a8:28:93:09:71:10:85:51:b4:8a:
7c:95:04:87:2f:63:4d:76:7a:7a:52:09:47:7f:40:e4:07:2b:
5d:ca:59:7e:d2:81:44:09:cc:10:38:a0:a7:8c:8d:58:09:9e:
c5:2d:85:bb:33:68:a6:d3:b2:46:d2:6b:21:f5:bb:25:f7:b5:
e9:46:46:0f:74:7d:4b:97:56:5f:a7:0c:3f:9f:bb:16:2a:11:
fb:f1:c1:98:b6:b2:b2:c1:6e:03:f9:67:db:ff:0b:f7:3f:ef:
ea:0f:da:1f:b1:dd:d0:73:a4:54:cf:db:fc:7b:c4:30:84:07:
c9:8c:bc:c4:64:e2:59:78:06:a0:03:6f:cb:04:00:8f:83:40:
33:63:f0:b6:00:fd:03:94:36:e6:a4:c3:52:99:a7:3d:17:80:
4f:46:c3:63:7f:c0:4a:f6:2b:10:54:a5:5e:1a:a4:f8:d9:a1:
83:06:16:f5:3a:f5:77:a3:d3:ec:b7:64:12:66:e3:8f:0b:dd:
6b:54:4a:b6:95:dc:9d:48:3c:fb:bf:a4:56:cb:ee:51:02:7c:
af:4b:53:5a:16:56:43:6d:78:7a:b8:b5:24:69:ef:db:f9:ae:
5e:45:9d:ac
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICd4YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTYw
MTQxNTRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEJGM0VBQkMzNTgzRkVB
NDM5Q0Y2RjE1ODY0MUYyMkNGNDc0NjZGN0MwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDbFQPiSsPiSjLO6ySfyhM0akKS5Fbr3qiFI9XElmZLalpF5Txo
8YrgfImiM9Ud/hwUBvvYrPfMD6hDEnVR/CZbtJnUgWhaeRI71ggHyJEEx7c6XhLF
4epF29uzNyf9cqLrxZ81ng1GnltF2A32FhZdEoHVvOE6SrDbVbdcTmdWZRSEswd7
DICtFhSwiQik3augIfkKAYpFxY5R3Ga4g4mDbEmadsT8Bl5Q+Glmzj5nqXSfgprc
SZfObHxthHWKJ5iOSsx2TPybU2A9eqL2xxcnbsr3eWF/TscE1hwqNYhaAtnx4sfN
PGhZZ4Oy1pLDBJz8J/J8wma8FYvyir6MI75tAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUvz6rw1g/6kOc9vFYZB8iz0dGb3wwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3Z6NnJ3MWdfNmtPYzl2
RllaQjhpejBkR2Izdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBPesXQ
uVupcgDFObbwvLoOn5vs6JVECJhrlqgokwlxEIVRtIp8lQSHL2NNdnp6UglHf0Dk
Bytdyll+0oFECcwQOKCnjI1YCZ7FLYW7M2im07JG0msh9bsl97XpRkYPdH1Ll1Zf
pww/n7sWKhH78cGYtrKywW4D+Wfb/wv3P+/qD9ofsd3Qc6RUz9v8e8QwhAfJjLzE
ZOJZeAagA2/LBACPg0AzY/C2AP0DlDbmpMNSmac9F4BPRsNjf8BK9isQVKVeGqT4
2aGDBhb1OvV3o9Pst2QSZuOPC91rVEq2ldydSDz7v6RWy+5RAnyvS1NaFlZDbXh6
uLUkae/b+a5eRZ2s
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:51:41 2025 by rpki-client