Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/xAC_9Iw5-zofYbHhXUT9lhA9yZ4.roa
File: xAC_9Iw5-zofYbHhXUT9lhA9yZ4.roa (raw, json)
Hash identifier: CRANIHAky6KXkHrsJiBsXJ8vPfkCFJhO+wRPHndd10g=
Subject key identifier: C4:00:BF:F4:8C:39:FB:3A:1F:61:B1:E1:5D:44:FD:96:10:3D:C9:9E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7688
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xAC_9Iw5-zofYbHhXUT9lhA9yZ4.roa
Signing time: Sun 13 Jul 2025 10:11:41 +0000
ROA not before: Sun 13 Jul 2025 10:11:41 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30344 (0x7688)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 13 10:11:41 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=C400BFF48C39FB3A1F61B1E15D44FD96103DC99E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:e1:fa:15:00:aa:db:a4:22:c0:2a:79:69:17:
b5:d6:df:3c:32:ec:00:e3:b1:8e:33:77:db:03:16:
2c:da:8d:3c:e1:6e:24:ac:61:79:26:7b:a1:c9:72:
0f:0a:40:d2:35:37:25:1b:25:08:cc:9c:fe:3e:f9:
3f:b1:cb:80:d4:46:e3:d1:df:56:10:62:4d:19:38:
d7:d0:e2:85:db:9b:01:41:a1:ed:5a:0e:ea:18:95:
4b:05:7e:99:f3:73:7a:20:26:9e:a8:45:94:c1:46:
8d:a1:28:ac:fb:cc:23:60:01:e5:4a:fa:a7:4f:95:
e2:30:26:a4:fa:13:35:70:9a:5c:e0:1f:6a:fb:ad:
a2:07:09:bf:2d:3d:f2:ea:cc:e3:f1:ea:c6:c0:12:
e8:04:08:bf:90:55:0b:0d:5a:e0:ae:7d:57:09:43:
67:f4:5b:92:86:50:ff:9d:52:5b:7d:be:19:59:36:
f6:65:c3:c3:0f:b5:e7:50:76:8e:f1:f6:d5:83:24:
d5:f2:f5:45:ea:54:a1:cc:54:71:99:e9:4d:b5:e7:
00:5b:9a:72:e5:7f:bb:cd:c8:bd:82:d4:3d:5d:88:
a7:96:ce:ae:e5:63:67:01:a2:c0:d7:22:25:24:fb:
60:26:ee:ef:ec:6b:e0:38:11:47:ab:ba:02:a1:86:
9b:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:00:BF:F4:8C:39:FB:3A:1F:61:B1:E1:5D:44:FD:96:10:3D:C9:9E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xAC_9Iw5-zofYbHhXUT9lhA9yZ4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
ad:40:b1:a7:48:cd:e6:aa:e3:f4:8c:23:66:ef:48:c2:9c:b6:
9b:44:1d:46:89:0a:01:56:36:a8:b1:71:46:61:38:45:6c:c5:
2f:1b:39:1a:3a:fb:a8:ba:cf:80:ff:e7:ac:14:d2:a2:e4:48:
54:1b:6e:0e:98:8b:02:08:e4:2c:b0:a0:68:10:77:30:22:9f:
80:10:54:6d:bc:07:c9:1f:dc:32:8f:23:7f:03:5a:9c:23:94:
36:f1:e8:97:d8:d3:13:99:82:19:ce:3f:87:54:ff:dc:0a:eb:
62:17:95:e3:f2:0f:f3:51:1d:53:df:70:bf:22:0b:25:43:cc:
ce:b6:7b:3c:e4:fe:b0:6c:09:f5:e6:72:9a:91:77:bf:5a:36:
0a:ef:58:f5:91:d7:11:e6:cf:b9:ee:fc:a7:aa:95:62:e1:a9:
58:76:67:83:a4:d9:f3:a6:ac:89:b1:9e:a3:76:f3:43:45:1b:
c5:80:d1:e3:a1:4c:ea:75:9d:44:1e:e4:c7:1e:51:17:2d:63:
a1:b7:0e:bb:55:8d:20:fa:93:8d:ad:d3:f0:06:07:50:8e:b9:
9b:7b:b7:39:4e:70:7c:e6:34:03:9a:1b:99:9e:f2:3f:59:b5:
99:56:f7:53:9a:a4:ea:2b:f9:53:31:c5:fc:bd:5e:47:ea:12:
8e:ba:9f:ab
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdogwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTMx
MDExNDFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEM0MDBCRkY0OEMzOUZC
M0ExRjYxQjFFMTVENDRGRDk2MTAzREM5OUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDN4foVAKrbpCLAKnlpF7XW3zwy7ADjsY4zd9sDFizajTzhbiSs
YXkme6HJcg8KQNI1NyUbJQjMnP4++T+xy4DURuPR31YQYk0ZONfQ4oXbmwFBoe1a
DuoYlUsFfpnzc3ogJp6oRZTBRo2hKKz7zCNgAeVK+qdPleIwJqT6EzVwmlzgH2r7
raIHCb8tPfLqzOPx6sbAEugECL+QVQsNWuCufVcJQ2f0W5KGUP+dUlt9vhlZNvZl
w8MPtedQdo7x9tWDJNXy9UXqVKHMVHGZ6U215wBbmnLlf7vNyL2C1D1diKeWzq7l
Y2cBosDXIiUk+2Am7u/sa+A4EUerugKhhpsnAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUxAC/9Iw5+zofYbHhXUT9lhA9yZ4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3hBQ185SXc1LXpvZlli
SGhYVVQ5bGhBOXlaNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCtQLGn
SM3mquP0jCNm70jCnLabRB1GiQoBVjaosXFGYThFbMUvGzkaOvuous+A/+esFNKi
5EhUG24OmIsCCOQssKBoEHcwIp+AEFRtvAfJH9wyjyN/A1qcI5Q28eiX2NMTmYIZ
zj+HVP/cCutiF5Xj8g/zUR1T33C/IgslQ8zOtns85P6wbAn15nKakXe/WjYK71j1
kdcR5s+57vynqpVi4alYdmeDpNnzpqyJsZ6jdvNDRRvFgNHjoUzqdZ1EHuTHHlEX
LWOhtw67VY0g+pONrdPwBgdQjrmbe7c5TnB85jQDmhuZnvI/WbWZVvdTmqTqK/lT
McX8vV5H6hKOup+r
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:53:33 2025 by rpki-client