Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/z5qSKZy5e066Xnl0YbmeQGH8XhE.roa
File: z5qSKZy5e066Xnl0YbmeQGH8XhE.roa (raw, json)
Hash identifier: 7TcLiHbWeV4tr+iGn4sJGS2XH+RvWRnVsCFzbUJvuoQ=
Subject key identifier: CF:9A:92:29:9C:B9:7B:4E:BA:5E:79:74:61:B9:9E:40:61:FC:5E:11
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 764E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/z5qSKZy5e066Xnl0YbmeQGH8XhE.roa
Signing time: Sat 12 Jul 2025 19:41:36 +0000
ROA not before: Sat 12 Jul 2025 19:41:36 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30286 (0x764e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 12 19:41:36 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=CF9A92299CB97B4EBA5E797461B99E4061FC5E11
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:fb:a4:55:24:f1:07:e9:7b:3c:87:6f:9a:e2:
37:b8:91:4e:bb:51:7d:9f:f4:ae:22:e9:b9:2f:46:
e7:5e:74:ba:dd:df:39:60:3e:44:2a:0a:41:49:ba:
fa:df:65:97:34:ce:1b:34:88:d0:93:98:99:3b:55:
9e:e2:0a:2a:31:45:65:c9:77:45:1d:aa:73:b3:c0:
cb:ae:96:bd:48:96:76:af:19:a0:3d:b8:70:cf:72:
b6:b7:ef:c2:39:3f:f4:bf:42:10:d4:35:63:50:80:
d4:91:7e:5d:74:f8:02:b9:44:83:3b:b5:34:f6:fe:
c9:0f:85:93:63:c7:64:c4:d7:8d:25:40:ec:c2:7c:
d6:97:24:02:ad:64:27:2e:09:2e:72:7e:55:60:93:
fc:d0:4a:52:a0:d4:88:53:32:5c:de:98:9c:c8:68:
db:b8:e4:f8:d8:90:ad:19:8d:96:f6:9e:bd:2d:9f:
57:f1:4d:bb:6d:24:52:c4:73:ed:62:e1:fc:6e:e9:
6a:6f:95:a0:3f:3f:82:8c:4b:ef:70:1c:9c:97:44:
bc:3c:3c:2e:bd:2f:a0:56:ff:bc:9d:49:b2:6f:97:
bc:50:c6:8a:8f:3c:58:7a:f9:eb:52:4f:f7:e0:af:
b6:0b:10:0b:4f:ee:c2:8c:7f:59:b7:22:fd:8a:8f:
5f:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:9A:92:29:9C:B9:7B:4E:BA:5E:79:74:61:B9:9E:40:61:FC:5E:11
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/z5qSKZy5e066Xnl0YbmeQGH8XhE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
2d:99:aa:4c:d9:af:9f:70:2f:eb:49:3e:99:22:06:27:ad:a4:
5e:50:15:96:2e:fd:00:89:d1:00:e9:86:c3:39:31:1a:32:95:
66:68:c7:90:1c:07:65:1a:ee:2e:57:f5:c3:58:06:6c:ca:b9:
51:39:b1:32:87:d6:bd:d6:b4:7e:66:60:b1:b8:28:17:e4:d0:
d9:24:6c:6a:21:a4:cb:e8:64:0a:65:7d:63:70:77:df:01:2d:
40:43:21:b5:1a:6d:0d:b9:ca:bd:81:bc:bf:a8:e3:92:f0:c1:
90:cc:60:09:52:6a:52:72:c4:a7:f4:fb:c5:ed:60:ad:bb:9d:
4f:2f:5b:5b:03:7f:50:e8:e8:26:8e:06:e6:da:71:b6:07:90:
80:00:63:92:11:e0:d7:64:1d:71:c0:84:cc:66:36:60:c6:f8:
b3:e8:e9:51:f7:8f:38:cc:19:7e:de:2d:e4:5a:a7:a7:f2:45:
a1:c0:81:46:8a:75:53:3d:44:df:90:67:6a:b2:02:1d:af:81:
fb:ca:e8:32:bb:c7:f6:22:99:b5:2f:1d:e7:3e:33:d6:4d:7b:
25:a9:93:df:a2:cf:79:f7:ec:b0:55:be:d5:00:1a:a7:62:a6:
46:b7:30:b4:d0:8d:0f:60:d2:cf:1d:d7:9f:d3:50:b4:0b:77:
11:c6:4a:47
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdk4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTIx
OTQxMzZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKENGOUE5MjI5OUNCOTdC
NEVCQTVFNzk3NDYxQjk5RTQwNjFGQzVFMTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6+6RVJPEH6Xs8h2+a4je4kU67UX2f9K4i6bkvRudedLrd3zlg
PkQqCkFJuvrfZZc0zhs0iNCTmJk7VZ7iCioxRWXJd0UdqnOzwMuulr1IlnavGaA9
uHDPcra378I5P/S/QhDUNWNQgNSRfl10+AK5RIM7tTT2/skPhZNjx2TE140lQOzC
fNaXJAKtZCcuCS5yflVgk/zQSlKg1IhTMlzemJzIaNu45PjYkK0ZjZb2nr0tn1fx
TbttJFLEc+1i4fxu6WpvlaA/P4KMS+9wHJyXRLw8PC69L6BW/7ydSbJvl7xQxoqP
PFh6+etST/fgr7YLEAtP7sKMf1m3Iv2Kj1+bAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUz5qSKZy5e066Xnl0YbmeQGH8XhEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3o1cVNLWnk1ZTA2Nlhu
bDBZYm1lUUdIOFhoRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAtmapM
2a+fcC/rST6ZIgYnraReUBWWLv0AidEA6YbDOTEaMpVmaMeQHAdlGu4uV/XDWAZs
yrlRObEyh9a91rR+ZmCxuCgX5NDZJGxqIaTL6GQKZX1jcHffAS1AQyG1Gm0Nucq9
gby/qOOS8MGQzGAJUmpScsSn9PvF7WCtu51PL1tbA39Q6Ogmjgbm2nG2B5CAAGOS
EeDXZB1xwITMZjZgxviz6OlR9484zBl+3i3kWqen8kWhwIFGinVTPUTfkGdqsgId
r4H7yugyu8f2Ipm1Lx3nPjPWTXslqZPfos959+ywVb7VABqnYqZGtzC00I0PYNLP
Hdef01C0C3cRxkpH
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:53:18 2025 by rpki-client