Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/wLAOnyvWhOUmYd288L1_tOKh0gQ.roa
File: wLAOnyvWhOUmYd288L1_tOKh0gQ.roa (raw, json)
Hash identifier: nwyj/VB0pEmOsjez5OIejsFNK8/v5CU6Gt6IPsvsTC8=
Subject key identifier: C0:B0:0E:9F:2B:D6:84:E5:26:61:DD:BC:F0:BD:7F:B4:E2:A1:D2:04
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7206
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/wLAOnyvWhOUmYd288L1_tOKh0gQ.roa
Signing time: Tue 01 Jul 2025 09:18:09 +0000
ROA not before: Tue 01 Jul 2025 09:18:09 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29190 (0x7206)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 1 09:18:09 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=C0B00E9F2BD684E52661DDBCF0BD7FB4E2A1D204
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:61:9e:9b:1a:f8:21:d4:13:59:90:21:f2:8d:
06:c5:70:e2:d8:57:e8:e2:9f:86:36:da:62:84:e6:
83:ab:38:07:c9:bc:ca:c0:ed:fc:82:8b:ff:6f:b9:
bc:f0:6d:90:58:18:da:71:db:26:62:3c:aa:38:0e:
4f:3b:fe:9a:1e:9f:d1:d5:34:40:4c:cf:d4:8e:f8:
7d:08:06:b6:98:2b:02:c3:59:f7:e6:23:b8:af:53:
ae:91:ef:cf:28:c9:ac:dc:a2:9a:1b:e4:9f:26:91:
97:77:47:54:9c:2c:cd:32:9a:5e:9e:50:60:fd:2f:
bd:1f:0d:8a:ff:95:67:e1:3e:e1:6c:41:80:75:6e:
eb:3c:2a:02:8b:e5:e9:a0:02:24:e2:19:cb:ac:e9:
57:50:bb:26:4d:71:f6:f3:55:f7:89:ef:5b:9e:4c:
95:58:b6:26:34:2c:c3:8b:6f:74:8b:79:db:06:3b:
83:5d:13:5d:10:0c:e0:88:40:1b:2b:8a:a0:2b:a1:
03:10:4c:82:bb:49:ba:e2:68:ca:f5:53:4c:9d:f7:
88:2b:8c:82:16:de:65:a5:7a:fc:f8:43:e1:c7:0a:
e7:b0:ce:c5:5c:a9:2e:50:26:97:a7:75:62:25:33:
62:63:f1:6e:f2:e3:aa:6f:46:c0:51:82:c8:ab:9c:
e9:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C0:B0:0E:9F:2B:D6:84:E5:26:61:DD:BC:F0:BD:7F:B4:E2:A1:D2:04
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/wLAOnyvWhOUmYd288L1_tOKh0gQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
bb:d0:62:bf:4f:ac:47:1d:86:f4:76:61:60:81:63:35:b9:a0:
34:cb:92:cc:65:32:3c:93:b4:60:e1:cb:36:03:29:7e:29:41:
a5:1a:70:58:f3:27:1e:21:86:21:8d:4e:6e:3d:fa:1b:20:f7:
33:cd:e9:b4:27:ff:98:1d:2d:4e:bd:b6:51:a7:47:e5:ae:fe:
b6:d7:4c:8f:9f:4e:27:c8:33:b4:2e:16:75:08:41:7f:6a:54:
fd:0a:b9:6d:b2:c2:14:9c:46:fa:2a:ef:2c:ab:44:1e:f9:ad:
9c:fc:3a:b3:ea:06:2c:01:a3:16:1c:15:f5:9f:ba:c3:78:74:
fe:a0:4f:91:4d:be:76:0b:49:da:f9:c0:82:70:62:6c:ca:be:
c2:cc:4d:40:91:0a:02:5b:24:2c:aa:f8:5b:62:06:f8:b0:e4:
28:6e:17:3e:97:4d:b6:9d:3e:84:eb:aa:c1:9f:1c:c5:10:ea:
4e:61:e0:90:31:0a:85:89:79:d5:e0:e8:4a:73:42:2a:02:19:
66:fc:de:bd:34:22:d3:f4:12:3c:e0:eb:bf:95:a2:8e:77:da:
cb:2a:d8:97:b4:bb:70:81:04:9f:52:9e:3b:e4:13:dc:c3:b2:
75:2c:3e:a1:0d:0c:46:08:2a:e6:3f:b1:57:f2:eb:0d:85:ed:
62:dd:26:d9
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcgYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDEw
OTE4MDlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEMwQjAwRTlGMkJENjg0
RTUyNjYxRERCQ0YwQkQ3RkI0RTJBMUQyMDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9YZ6bGvgh1BNZkCHyjQbFcOLYV+jin4Y22mKE5oOrOAfJvMrA
7fyCi/9vubzwbZBYGNpx2yZiPKo4Dk87/poen9HVNEBMz9SO+H0IBraYKwLDWffm
I7ivU66R788oyazcopob5J8mkZd3R1ScLM0yml6eUGD9L70fDYr/lWfhPuFsQYB1
bus8KgKL5emgAiTiGcus6VdQuyZNcfbzVfeJ71ueTJVYtiY0LMOLb3SLedsGO4Nd
E10QDOCIQBsriqAroQMQTIK7SbriaMr1U0yd94grjIIW3mWlevz4Q+HHCuewzsVc
qS5QJpendWIlM2Jj8W7y46pvRsBRgsirnOk/AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUwLAOnyvWhOUmYd288L1/tOKh0gQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3dMQU9ueXZXaE9VbVlk
Mjg4TDFfdE9LaDBnUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQC70GK/
T6xHHYb0dmFggWM1uaA0y5LMZTI8k7Rg4cs2Ayl+KUGlGnBY8yceIYYhjU5uPfob
IPczzem0J/+YHS1OvbZRp0flrv6210yPn04nyDO0LhZ1CEF/alT9CrltssIUnEb6
Ku8sq0Qe+a2c/Dqz6gYsAaMWHBX1n7rDeHT+oE+RTb52C0na+cCCcGJsyr7CzE1A
kQoCWyQsqvhbYgb4sOQobhc+l022nT6E66rBnxzFEOpOYeCQMQqFiXnV4OhKc0Iq
Ahlm/N69NCLT9BI84Ou/laKOd9rLKtiXtLtwgQSfUp475BPcw7J1LD6hDQxGCCrm
P7FX8usNhe1i3SbZ
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:35:11 2025 by rpki-client