Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/z04U7goOzVEB_NFBzi2gFkjedtY.roa
File: z04U7goOzVEB_NFBzi2gFkjedtY.roa (raw, json)
Hash identifier: mFDGfExPMKKdHhjVrTtzeBnXIOy5djwzQmzFZUopQPU=
Subject key identifier: CF:4E:14:EE:0A:0E:CD:51:01:FC:D1:41:CE:2D:A0:16:48:DE:76:D6
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6C4E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/z04U7goOzVEB_NFBzi2gFkjedtY.roa
Signing time: Sun 15 Jun 2025 21:42:24 +0000
ROA not before: Sun 15 Jun 2025 21:42:24 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27726 (0x6c4e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 15 21:42:24 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=CF4E14EE0A0ECD5101FCD141CE2DA01648DE76D6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:0e:de:22:33:e7:d9:62:c3:7c:06:cf:9d:d1:
1a:6a:40:9c:27:87:b8:33:21:fc:46:d0:15:4a:a9:
52:4e:a8:9a:ff:ac:65:59:81:82:36:51:3a:68:97:
19:68:83:20:71:49:84:ed:6c:4b:48:b2:ab:c0:25:
31:11:a9:83:fc:d7:dc:52:a8:a0:22:8c:60:98:3d:
31:c5:a1:f4:43:b4:69:91:71:b1:31:df:b3:00:f3:
15:c4:c7:f3:88:8f:13:96:d8:e2:7b:0d:d1:28:4d:
aa:30:d1:17:ee:32:c0:94:79:77:c9:03:73:f4:06:
8a:57:63:c5:ca:41:1f:b9:2c:88:e1:ce:db:38:d5:
90:a2:91:b2:fa:92:a8:fb:90:97:61:5c:9d:69:4c:
f8:e6:76:3c:ea:de:d3:e5:2a:06:df:a2:03:cb:65:
0b:d9:a3:8f:17:69:a5:13:58:9c:4d:4c:50:d9:f5:
d8:6e:ef:d0:70:f3:64:1f:e0:b6:25:94:d2:5e:6f:
5e:14:94:e6:12:78:03:f7:3d:a3:38:6f:e9:de:f0:
7e:d7:08:cd:30:34:59:91:d4:21:fd:39:04:26:94:
1b:28:a0:e9:c3:b2:00:d8:20:9e:b5:48:e2:11:74:
ba:0c:6f:27:8e:5e:e5:41:db:59:8d:e8:7e:a5:33:
8d:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:4E:14:EE:0A:0E:CD:51:01:FC:D1:41:CE:2D:A0:16:48:DE:76:D6
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/z04U7goOzVEB_NFBzi2gFkjedtY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
06:df:24:c7:f3:f1:1c:f4:87:de:7f:dd:a5:0d:ca:aa:ed:ac:
8b:0f:e7:dc:bc:49:28:4d:6f:64:de:06:3b:d5:2f:e8:21:24:
fd:ee:9f:48:3f:2d:35:7d:d2:1d:c4:85:62:2e:9a:5f:45:ea:
98:7c:71:76:2b:b2:8c:89:9d:94:37:04:4d:ad:5c:c3:6c:2e:
24:08:10:96:45:71:05:08:16:1d:2e:9d:42:ff:ce:85:6c:c4:
a0:3f:a8:4b:f5:63:fe:8f:8e:7f:08:a8:bb:60:d1:50:79:74:
34:e2:c0:16:be:ba:98:e9:7d:fe:6a:8b:f6:64:e3:7d:75:00:
49:a7:46:91:e6:4c:8d:52:d8:2f:04:a7:ba:8b:09:41:9b:e2:
ef:5c:7c:d1:1d:2f:6f:2a:aa:5d:e1:2d:cf:7e:a4:61:39:d8:
45:37:69:d2:5f:1d:70:77:3a:4f:9c:a9:c1:ab:e9:72:4b:85:
ff:ad:1c:8a:4b:1e:e4:b4:26:0b:1d:96:1a:88:1a:f5:50:51:
52:95:4d:58:df:41:81:13:71:f7:1d:7c:44:b6:2f:ee:6d:27:
c0:f9:53:10:04:3a:bf:9f:12:b8:6f:2e:6c:58:3a:c4:e4:79:
f2:e0:03:b7:10:0d:e0:2b:b6:3f:5f:b9:f1:97:76:66:ff:df:
b2:5b:3c:57
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbE4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTUy
MTQyMjRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKENGNEUxNEVFMEEwRUNE
NTEwMUZDRDE0MUNFMkRBMDE2NDhERTc2RDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCdDt4iM+fZYsN8Bs+d0RpqQJwnh7gzIfxG0BVKqVJOqJr/rGVZ
gYI2UTpolxlogyBxSYTtbEtIsqvAJTERqYP819xSqKAijGCYPTHFofRDtGmRcbEx
37MA8xXEx/OIjxOW2OJ7DdEoTaow0RfuMsCUeXfJA3P0BopXY8XKQR+5LIjhzts4
1ZCikbL6kqj7kJdhXJ1pTPjmdjzq3tPlKgbfogPLZQvZo48XaaUTWJxNTFDZ9dhu
79Bw82Qf4LYllNJeb14UlOYSeAP3PaM4b+ne8H7XCM0wNFmR1CH9OQQmlBsooOnD
sgDYIJ61SOIRdLoMbyeOXuVB21mN6H6lM43nAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUz04U7goOzVEB/NFBzi2gFkjedtYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3owNFU3Z29PelZFQl9O
RkJ6aTJnRmtqZWR0WS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAG3yTH
8/Ec9Ifef92lDcqq7ayLD+fcvEkoTW9k3gY71S/oIST97p9IPy01fdIdxIViLppf
ReqYfHF2K7KMiZ2UNwRNrVzDbC4kCBCWRXEFCBYdLp1C/86FbMSgP6hL9WP+j45/
CKi7YNFQeXQ04sAWvrqY6X3+aov2ZON9dQBJp0aR5kyNUtgvBKe6iwlBm+LvXHzR
HS9vKqpd4S3PfqRhOdhFN2nSXx1wdzpPnKnBq+lyS4X/rRyKSx7ktCYLHZYaiBr1
UFFSlU1Y30GBE3H3HXxEti/ubSfA+VMQBDq/nxK4by5sWDrE5Hny4AO3EA3gK7Y/
X7nxl3Zm/9+yWzxX
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:47:45 2025 by rpki-client