Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/zN4MEQCbO3qPqU2Zh-isFzH_0l4.roa
File: zN4MEQCbO3qPqU2Zh-isFzH_0l4.roa (raw, json)
Hash identifier: y29oT8fJafOq4NWnpoq1145WLohbJqsaIBtnjh95QsY=
Subject key identifier: CC:DE:0C:11:00:9B:3B:7A:8F:A9:4D:99:87:E8:AC:17:31:FF:D2:5E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6D90
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zN4MEQCbO3qPqU2Zh-isFzH_0l4.roa
Signing time: Thu 19 Jun 2025 11:54:06 +0000
ROA not before: Thu 19 Jun 2025 11:54:06 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28048 (0x6d90)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 19 11:54:06 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=CCDE0C11009B3B7A8FA94D9987E8AC1731FFD25E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:b2:e3:20:c4:aa:48:51:49:0d:1f:78:99:c9:
a3:b0:f4:ac:e8:79:a0:c0:43:55:65:f9:d6:6b:23:
26:92:d7:71:fa:1f:eb:6c:79:95:6b:6e:eb:29:06:
d0:fd:2d:43:fa:c1:3c:fe:90:6e:5c:90:cf:3c:a2:
dd:8a:88:dd:ca:27:02:9c:b6:b4:15:39:01:a9:ac:
9e:87:ab:4a:17:4a:7b:fb:4d:78:dd:b6:43:9a:dd:
dd:30:e4:34:d2:55:3a:9d:5f:80:b4:80:ae:2f:12:
f1:04:8d:15:2e:31:32:3b:c6:d3:db:bc:a6:f4:ba:
f2:8a:5a:49:82:72:1f:34:3d:c4:0b:5f:72:44:63:
0a:dd:55:06:fe:a7:39:b7:05:f0:c0:dc:69:64:b6:
a8:c4:16:02:80:2b:d8:aa:55:ba:84:7f:1d:4a:39:
be:62:82:ef:c7:9a:b4:12:d6:5d:57:6d:73:c7:8b:
53:89:63:d0:79:69:de:81:e7:d1:7c:63:05:47:f6:
ce:b2:42:e4:5e:fe:6d:fc:50:a1:28:c9:ee:1e:d8:
38:e7:e2:27:f8:0d:86:8c:36:08:7d:eb:91:b2:c0:
dc:5e:4e:ab:b3:0d:24:ca:5f:df:b4:e5:c8:d1:52:
af:47:aa:dc:08:51:5d:c4:7c:89:37:5a:b2:da:c7:
8e:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:DE:0C:11:00:9B:3B:7A:8F:A9:4D:99:87:E8:AC:17:31:FF:D2:5E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zN4MEQCbO3qPqU2Zh-isFzH_0l4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
23:d3:53:f1:09:02:b8:3c:19:a2:4b:c9:33:94:ba:69:a4:87:
01:83:95:2d:76:f1:e2:cc:74:0d:1c:73:bc:60:3a:bf:cb:78:
35:6a:17:1f:53:25:84:68:18:a1:32:f1:98:cf:72:ea:b0:46:
32:12:cc:0d:31:36:5b:ef:4e:22:76:99:56:ef:59:95:ca:85:
0f:7a:59:14:83:58:b9:85:b5:8e:1d:a2:00:32:ca:0f:88:85:
46:c7:f2:81:24:fc:30:e9:51:29:c2:db:6e:d3:44:27:e3:9a:
22:db:24:43:4f:27:58:d3:1a:2d:94:bb:d0:12:9a:53:e3:69:
a8:32:4f:85:57:36:12:bd:f0:1d:f6:d6:20:33:db:f2:6e:ec:
89:69:f2:50:16:69:13:84:09:88:80:81:5c:9c:be:6e:b9:e5:
cf:0c:f0:52:f3:af:90:6a:e0:58:2f:dc:ed:d5:99:42:90:d7:
41:56:d0:28:27:18:be:1b:36:eb:18:95:37:ac:e3:6d:0c:65:
f0:09:0a:12:a4:1d:bb:0e:fa:b3:cb:08:01:ab:91:31:bd:64:
14:cd:15:95:99:e1:2d:9d:b5:03:29:3e:10:5a:a2:f2:47:b7:
94:7b:b1:58:bd:fa:fc:81:7b:b9:d3:30:12:03:ac:3e:54:53:
99:ff:96:7a
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbZAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTkx
MTU0MDZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKENDREUwQzExMDA5QjNC
N0E4RkE5NEQ5OTg3RThBQzE3MzFGRkQyNUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDdsuMgxKpIUUkNH3iZyaOw9KzoeaDAQ1Vl+dZrIyaS13H6H+ts
eZVrbuspBtD9LUP6wTz+kG5ckM88ot2KiN3KJwKctrQVOQGprJ6Hq0oXSnv7TXjd
tkOa3d0w5DTSVTqdX4C0gK4vEvEEjRUuMTI7xtPbvKb0uvKKWkmCch80PcQLX3JE
YwrdVQb+pzm3BfDA3GlktqjEFgKAK9iqVbqEfx1KOb5igu/HmrQS1l1XbXPHi1OJ
Y9B5ad6B59F8YwVH9s6yQuRe/m38UKEoye4e2Djn4if4DYaMNgh965GywNxeTquz
DSTKX9+05cjRUq9HqtwIUV3EfIk3WrLax45NAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUzN4MEQCbO3qPqU2Zh+isFzH/0l4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3pONE1FUUNiTzNxUHFV
MlpoLWlzRnpIXzBsNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAj01Px
CQK4PBmiS8kzlLpppIcBg5UtdvHizHQNHHO8YDq/y3g1ahcfUyWEaBihMvGYz3Lq
sEYyEswNMTZb704idplW71mVyoUPelkUg1i5hbWOHaIAMsoPiIVGx/KBJPww6VEp
wttu00Qn45oi2yRDTydY0xotlLvQEppT42moMk+FVzYSvfAd9tYgM9vybuyJafJQ
FmkThAmIgIFcnL5uueXPDPBS86+QauBYL9zt1ZlCkNdBVtAoJxi+GzbrGJU3rONt
DGXwCQoSpB27DvqzywgBq5ExvWQUzRWVmeEtnbUDKT4QWqLyR7eUe7FYvfr8gXu5
0zASA6w+VFOZ/5Z6
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:34:21 2025 by rpki-client