Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/zg6NKJlQMIvkw2M-IgHXwJ4Ar88.roa
File: zg6NKJlQMIvkw2M-IgHXwJ4Ar88.roa (raw, json)
Hash identifier: kMA512uB9zTs4bKtl9YVrtHhChomvW/Uc+4iupoeHfI=
Subject key identifier: CE:0E:8D:28:99:50:30:8B:E4:C3:63:3E:22:01:D7:C0:9E:00:AF:CF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 706C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zg6NKJlQMIvkw2M-IgHXwJ4Ar88.roa
Signing time: Fri 27 Jun 2025 02:44:30 +0000
ROA not before: Fri 27 Jun 2025 02:44:30 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28780 (0x706c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 27 02:44:30 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=CE0E8D289950308BE4C3633E2201D7C09E00AFCF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:12:4a:68:b7:95:56:6d:45:72:03:37:91:09:
7a:4d:95:19:42:8c:f0:66:dd:2f:53:62:2e:b0:f0:
e8:c6:6f:f7:53:c1:c5:fe:5b:e8:45:ee:a4:63:3e:
95:1a:86:61:1e:af:ff:db:8c:53:d2:d4:3c:5c:27:
96:f9:be:ef:33:5e:e7:9d:fa:08:b6:b9:4c:81:3c:
88:7b:02:c2:a7:82:61:92:8f:ad:b1:e4:02:94:43:
39:0a:f7:cc:3b:4d:1c:2d:3a:be:72:1e:c8:61:cf:
af:30:96:9d:36:3b:04:25:8c:8c:ee:35:f9:16:d0:
bb:69:91:d6:bc:e0:2b:64:73:a6:c9:71:8a:9d:0c:
e8:85:f2:0a:43:48:41:bd:8e:05:d0:3a:1c:59:dc:
9c:b2:a1:3e:f0:6c:92:bc:d3:cd:40:f6:98:4a:ff:
d2:9b:19:1e:bb:2d:dc:5d:44:64:41:3f:ac:f6:52:
9d:ec:63:29:02:d3:47:4a:ff:b3:34:d9:c5:2c:99:
65:a7:b8:6b:fc:6e:9f:b1:9d:07:95:6a:6d:0b:4a:
e8:55:8d:ad:36:4f:d3:d4:72:da:7b:dd:1c:94:2a:
52:f2:f0:e3:34:b2:c8:24:21:c6:f7:c4:70:1d:90:
7a:e1:0c:24:8e:83:59:b3:f6:30:2c:4f:8e:9e:68:
5c:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:0E:8D:28:99:50:30:8B:E4:C3:63:3E:22:01:D7:C0:9E:00:AF:CF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zg6NKJlQMIvkw2M-IgHXwJ4Ar88.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
95:53:18:03:a7:10:8c:5b:03:e0:00:c0:00:d9:1c:07:25:4f:
5a:5c:73:d3:fe:45:11:ee:ce:61:17:0f:07:6d:d6:cd:79:e8:
ed:48:f3:03:45:87:8d:12:a9:da:0c:57:34:f6:3d:3d:fc:3e:
d2:64:71:29:e0:af:d4:fc:cb:04:46:f5:4f:87:ae:26:a4:3a:
95:f8:ee:05:fb:d9:68:64:cf:e1:a7:a0:22:0d:7a:9b:cc:61:
da:1b:5b:87:11:f0:36:22:90:c9:d8:4b:5a:ec:d0:0b:b2:2f:
f8:67:c5:df:2f:85:fa:41:94:de:e7:89:c6:bd:4d:dd:7a:cc:
ab:58:9a:ba:e7:47:a3:8d:5a:bf:d7:b9:c4:88:7e:41:eb:2b:
45:ed:48:a0:1b:67:63:c8:d8:04:31:3a:64:17:30:85:ba:de:
63:57:41:a3:5e:c7:d2:7b:13:fd:02:74:b7:06:6d:0b:50:9f:
f8:f5:b7:6d:05:6f:76:1f:f6:43:de:bf:5f:85:c1:bf:8c:8f:
07:bc:84:fd:5a:9d:52:e7:9d:94:3e:f6:ab:a7:86:49:94:05:
bb:41:fa:10:a1:4a:cd:e3:c1:f4:8b:a3:6f:20:3d:84:5f:e9:
dd:4f:b0:b8:f7:af:fa:2b:ac:dc:5c:cf:8f:9c:c9:8e:6d:45:
3c:d0:23:9c
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcGwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2Mjcw
MjQ0MzBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKENFMEU4RDI4OTk1MDMw
OEJFNEMzNjMzRTIyMDFEN0MwOUUwMEFGQ0YwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC5Ekpot5VWbUVyAzeRCXpNlRlCjPBm3S9TYi6w8OjGb/dTwcX+
W+hF7qRjPpUahmEer//bjFPS1DxcJ5b5vu8zXued+gi2uUyBPIh7AsKngmGSj62x
5AKUQzkK98w7TRwtOr5yHshhz68wlp02OwQljIzuNfkW0Ltpkda84Ctkc6bJcYqd
DOiF8gpDSEG9jgXQOhxZ3JyyoT7wbJK8081A9phK/9KbGR67LdxdRGRBP6z2Up3s
YykC00dK/7M02cUsmWWnuGv8bp+xnQeVam0LSuhVja02T9PUctp73RyUKlLy8OM0
ssgkIcb3xHAdkHrhDCSOg1mz9jAsT46eaFzjAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUzg6NKJlQMIvkw2M+IgHXwJ4Ar88wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3pnNk5LSmxRTUl2a3cy
TS1JZ0hYd0o0QXI4OC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCVUxgD
pxCMWwPgAMAA2RwHJU9aXHPT/kUR7s5hFw8HbdbNeejtSPMDRYeNEqnaDFc09j09
/D7SZHEp4K/U/MsERvVPh64mpDqV+O4F+9loZM/hp6AiDXqbzGHaG1uHEfA2IpDJ
2Eta7NALsi/4Z8XfL4X6QZTe54nGvU3desyrWJq650ejjVq/17nEiH5B6ytF7Uig
G2djyNgEMTpkFzCFut5jV0GjXsfSexP9AnS3Bm0LUJ/49bdtBW92H/ZD3r9fhcG/
jI8HvIT9Wp1S552UPvarp4ZJlAW7QfoQoUrN48H0i6NvID2EX+ndT7C496/6K6zc
XM+PnMmObUU80COc
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:45:32 2025 by rpki-client