Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/wJqnzVOPwxWuqvw_i4OWLo9VFeU.roa
File: wJqnzVOPwxWuqvw_i4OWLo9VFeU.roa (raw, json)
Hash identifier: L/BTnk3/TBlXCiOCFM70hAu5V9IgxxGeqcE092Brop4=
Subject key identifier: C0:9A:A7:CD:53:8F:C3:15:AE:AA:FC:3F:8B:83:96:2E:8F:55:15:E5
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7410
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/wJqnzVOPwxWuqvw_i4OWLo9VFeU.roa
Signing time: Sun 06 Jul 2025 19:44:53 +0000
ROA not before: Sun 06 Jul 2025 19:44:53 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29712 (0x7410)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 6 19:44:53 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=C09AA7CD538FC315AEAAFC3F8B83962E8F5515E5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:cf:5f:de:c9:31:0d:b7:75:44:fb:7b:b3:bc:
67:ab:15:e1:b4:f7:ee:77:09:38:cb:c8:93:8b:e7:
eb:39:2a:e3:be:56:8b:a9:26:d1:b4:25:0b:d7:3a:
bd:05:ed:c1:78:74:de:9d:f0:11:48:db:a4:be:89:
ad:37:8b:01:30:f2:05:0c:cc:8b:d2:2d:2f:f2:57:
8f:2d:8c:97:cd:30:a6:cf:06:01:0d:a3:10:cc:fb:
83:00:ab:c8:8f:cf:93:19:f4:26:06:8b:91:ca:ce:
50:05:0d:a7:64:6d:61:6c:40:7a:f2:ca:a5:84:03:
74:5a:b2:da:88:f6:59:97:16:5a:f7:8c:95:2d:ff:
1d:d6:f6:46:eb:f2:49:14:98:b3:80:47:ef:2c:aa:
b8:12:02:51:b4:cd:4b:7e:65:6d:d6:76:73:10:85:
3e:26:33:ac:28:df:98:1d:43:29:62:85:aa:02:15:
b5:6f:0c:ff:a4:bb:a0:a8:e7:ae:b1:77:f1:3d:eb:
3f:88:e2:37:ac:1b:eb:a5:18:b7:28:e7:63:a9:57:
9a:e9:4a:af:34:5f:d1:6d:9c:af:bb:3f:d2:09:93:
ac:a0:f2:2d:e6:ee:9f:25:3d:d5:aa:f5:a1:dc:a6:
51:66:b3:f7:4b:2f:ee:ee:99:a2:bc:b8:08:b1:19:
2f:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C0:9A:A7:CD:53:8F:C3:15:AE:AA:FC:3F:8B:83:96:2E:8F:55:15:E5
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/wJqnzVOPwxWuqvw_i4OWLo9VFeU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
5f:39:7c:9d:f1:69:62:2b:ef:5b:a2:4f:63:9f:b1:e9:cb:46:
a1:f0:76:dc:6f:62:45:52:9b:58:5b:e1:15:c9:fd:d9:b3:b0:
57:14:05:22:31:be:84:7e:ce:26:09:58:8a:25:ef:86:91:fe:
22:51:f6:ff:f1:b8:99:27:ef:70:4f:c5:80:4f:a5:1d:31:1d:
8f:83:de:b6:bf:b1:a8:70:31:af:ee:1b:d5:af:4c:86:9c:26:
4f:a7:ca:b5:d7:71:3d:7f:fc:96:8c:e9:a6:ff:ed:0c:cb:07:
12:4e:75:ba:30:0a:9e:09:f8:e9:6d:14:71:1b:6b:c0:48:63:
c7:60:4b:98:98:67:7b:7e:a9:17:f5:65:22:cd:d5:a6:18:f9:
18:f9:e5:a5:a9:5a:66:14:1f:57:a6:33:59:fa:15:54:a1:95:
be:fb:ce:48:5f:08:60:40:56:dd:00:5e:6e:7d:5e:03:ec:4d:
d0:d2:d9:5d:c4:a3:2e:40:8c:be:bc:e5:a5:6a:e4:a0:24:7a:
de:20:0c:ff:16:e9:60:e0:a0:9e:2d:b6:9c:f0:15:2d:5e:f5:
a6:6e:2a:b5:fe:23:b6:ca:31:18:26:bd:f5:3e:32:3f:46:83:
8a:44:95:61:ba:3e:07:d7:03:80:df:c7:a4:df:66:6e:e0:62:
04:6d:cd:ad
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdBAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDYx
OTQ0NTNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEMwOUFBN0NENTM4RkMz
MTVBRUFBRkMzRjhCODM5NjJFOEY1NTE1RTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCaz1/eyTENt3VE+3uzvGerFeG09+53CTjLyJOL5+s5KuO+Voup
JtG0JQvXOr0F7cF4dN6d8BFI26S+ia03iwEw8gUMzIvSLS/yV48tjJfNMKbPBgEN
oxDM+4MAq8iPz5MZ9CYGi5HKzlAFDadkbWFsQHryyqWEA3RastqI9lmXFlr3jJUt
/x3W9kbr8kkUmLOAR+8sqrgSAlG0zUt+ZW3WdnMQhT4mM6wo35gdQylihaoCFbVv
DP+ku6Co566xd/E96z+I4jesG+ulGLco52OpV5rpSq80X9FtnK+7P9IJk6yg8i3m
7p8lPdWq9aHcplFms/dLL+7umaK8uAixGS/xAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUwJqnzVOPwxWuqvw/i4OWLo9VFeUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3dKcW56Vk9Qd3hXdXF2
d19pNE9XTG85VkZlVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBfOXyd
8WliK+9bok9jn7Hpy0ah8Hbcb2JFUptYW+EVyf3Zs7BXFAUiMb6Efs4mCViKJe+G
kf4iUfb/8biZJ+9wT8WAT6UdMR2Pg962v7GocDGv7hvVr0yGnCZPp8q113E9f/yW
jOmm/+0MywcSTnW6MAqeCfjpbRRxG2vASGPHYEuYmGd7fqkX9WUizdWmGPkY+eWl
qVpmFB9XpjNZ+hVUoZW++85IXwhgQFbdAF5ufV4D7E3Q0tldxKMuQIy+vOWlauSg
JHreIAz/Fulg4KCeLbac8BUtXvWmbiq1/iO2yjEYJr31PjI/RoOKRJVhuj4H1wOA
38ek32Zu4GIEbc2t
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:47:33 2025 by rpki-client