Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/zXoSYX76H0FeAHCsm6bN8ge7OAM.roa
File: zXoSYX76H0FeAHCsm6bN8ge7OAM.roa (raw, json)
Hash identifier: 7cl+ZeFOny7BpIRm1fSza6aUR6TJ7260W5+YAlzkPGs=
Subject key identifier: CD:7A:12:61:7E:FA:1F:41:5E:00:70:AC:9B:A6:CD:F2:07:BB:38:03
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6FE4
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zXoSYX76H0FeAHCsm6bN8ge7OAM.roa
Signing time: Wed 25 Jun 2025 16:44:31 +0000
ROA not before: Wed 25 Jun 2025 16:44:31 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28644 (0x6fe4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 25 16:44:31 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=CD7A12617EFA1F415E0070AC9BA6CDF207BB3803
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f0:ae:5a:b9:5e:8e:d2:fa:4c:ad:05:42:ab:0f:
0f:28:f3:14:05:3e:e8:d7:f8:27:e6:34:78:e9:64:
2b:e2:ef:b8:5e:54:b3:e6:36:19:cc:77:d5:75:2b:
4a:96:97:5b:61:98:ca:a8:98:c8:5a:86:69:e3:a9:
17:9e:65:82:b6:7a:77:b0:89:88:ce:0e:23:75:45:
5a:22:19:4e:c6:95:a9:43:da:af:1a:56:29:47:09:
ad:bb:bd:04:f9:d2:ee:84:25:1c:8c:c1:9a:94:4d:
ac:c5:4e:fc:d4:48:d5:06:6a:f1:d9:c8:74:54:35:
ae:0a:c0:29:b6:12:bb:55:4d:33:2a:5b:fa:ef:f0:
d8:7e:e8:a4:6d:52:ec:08:90:b2:fe:3e:4f:19:cb:
29:5f:e2:ee:05:3f:85:33:a1:a3:7f:17:36:06:19:
13:94:e1:fa:96:29:0e:b8:21:41:1a:c5:bd:10:ba:
93:6e:d8:16:bd:75:38:db:86:88:ac:90:0f:bc:dc:
44:13:e3:a7:99:a3:08:27:96:6d:57:98:57:82:7d:
c8:d4:ed:65:9c:aa:0d:46:20:7b:91:3f:ea:70:93:
4f:fc:6c:62:6f:d6:79:bc:af:9e:f2:2c:ef:e7:a6:
46:6e:08:d6:6f:32:b3:f3:1f:cc:f8:a0:6c:96:43:
36:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:7A:12:61:7E:FA:1F:41:5E:00:70:AC:9B:A6:CD:F2:07:BB:38:03
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zXoSYX76H0FeAHCsm6bN8ge7OAM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
9d:6e:bf:68:d5:d3:3a:3f:4c:88:1f:28:7b:de:f5:22:a3:e4:
2f:9b:a4:dd:16:ec:ff:05:b7:2d:a8:ce:07:c5:b7:0e:d7:f8:
ab:62:9e:7e:c0:f1:25:26:a1:97:69:0e:b7:4a:08:a5:20:a4:
be:14:85:16:47:33:e2:e6:07:94:c6:39:39:9b:89:8e:2b:43:
52:4b:5d:3b:24:d1:9b:5f:80:6d:d2:52:fe:81:db:2d:cf:05:
c9:05:c5:d4:11:cb:7c:73:fb:9f:dd:8e:02:6f:9e:e2:0a:71:
75:98:cb:7f:40:7c:3a:97:60:d5:2a:db:57:28:84:0b:02:35:
e3:ef:66:4b:a0:54:da:3e:f7:7e:d6:33:57:cc:fc:7b:e0:2f:
e8:39:09:01:7d:5a:15:32:41:5e:4f:33:e2:49:32:07:e7:6c:
ab:ed:e7:6d:70:13:cf:59:57:73:ce:bf:25:31:04:af:0e:22:
37:94:34:43:7c:51:da:48:9b:80:0d:27:d9:d2:dc:aa:3c:4a:
9f:28:b6:f9:2f:d6:25:be:89:1d:a5:7d:25:e6:e3:55:b6:5a:
03:e0:52:d0:02:6b:82:d1:a0:da:d8:b4:02:a5:d6:8c:86:59:
a3:2f:a2:c7:9e:0e:0a:5e:08:c5:49:ee:40:cd:bd:a9:8f:87:
61:f1:f8:fa
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICb+QwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjUx
NjQ0MzFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKENEN0ExMjYxN0VGQTFG
NDE1RTAwNzBBQzlCQTZDREYyMDdCQjM4MDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDwrlq5Xo7S+kytBUKrDw8o8xQFPujX+CfmNHjpZCvi77heVLPm
NhnMd9V1K0qWl1thmMqomMhahmnjqReeZYK2enewiYjODiN1RVoiGU7GlalD2q8a
VilHCa27vQT50u6EJRyMwZqUTazFTvzUSNUGavHZyHRUNa4KwCm2ErtVTTMqW/rv
8Nh+6KRtUuwIkLL+Pk8Zyylf4u4FP4UzoaN/FzYGGROU4fqWKQ64IUEaxb0QupNu
2Ba9dTjbhoiskA+83EQT46eZowgnlm1XmFeCfcjU7WWcqg1GIHuRP+pwk0/8bGJv
1nm8r57yLO/npkZuCNZvMrPzH8z4oGyWQzZ5AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUzXoSYX76H0FeAHCsm6bN8ge7OAMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3pYb1NZWDc2SDBGZUFI
Q3NtNmJOOGdlN09BTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCdbr9o
1dM6P0yIHyh73vUio+Qvm6TdFuz/BbctqM4HxbcO1/irYp5+wPElJqGXaQ63Sgil
IKS+FIUWRzPi5geUxjk5m4mOK0NSS107JNGbX4Bt0lL+gdstzwXJBcXUEct8c/uf
3Y4Cb57iCnF1mMt/QHw6l2DVKttXKIQLAjXj72ZLoFTaPvd+1jNXzPx74C/oOQkB
fVoVMkFeTzPiSTIH52yr7edtcBPPWVdzzr8lMQSvDiI3lDRDfFHaSJuADSfZ0tyq
PEqfKLb5L9YlvokdpX0l5uNVtloD4FLQAmuC0aDa2LQCpdaMhlmjL6LHng4KXgjF
Se5Azb2pj4dh8fj6
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:37:40 2025 by rpki-client