Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/zo-1Oc2IrY33Q9xxbeH0cufPVMo.roa
File: zo-1Oc2IrY33Q9xxbeH0cufPVMo.roa (raw, json)
Hash identifier: qXPZB4+nHvrNzKaS6rH6AiSa964jtxNqY2m53fku/Dk=
Subject key identifier: CE:8F:B5:39:CD:88:AD:8D:F7:43:DC:71:6D:E1:F4:72:E7:CF:54:CA
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7582
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zo-1Oc2IrY33Q9xxbeH0cufPVMo.roa
Signing time: Thu 10 Jul 2025 16:16:29 +0000
ROA not before: Thu 10 Jul 2025 16:16:29 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30082 (0x7582)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 10 16:16:29 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=CE8FB539CD88AD8DF743DC716DE1F472E7CF54CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:4c:80:45:4e:e8:65:e5:de:1a:d4:7a:b4:71:
1f:fb:c2:61:6d:c0:ed:aa:e3:e4:51:0d:f9:61:4c:
af:df:18:99:97:24:54:e5:f9:68:e0:9c:08:9b:b9:
c2:8b:42:e7:66:0e:92:75:a1:87:96:b1:38:9d:85:
f7:a0:1e:da:89:96:d1:f6:bc:22:82:87:eb:57:15:
31:a7:83:8a:bc:65:a7:d0:e1:88:33:5c:ca:4c:0a:
0e:d2:05:a6:eb:72:7e:e2:cf:c1:c9:22:b9:4a:54:
ec:c0:79:72:29:11:ac:d5:a0:cc:c3:02:91:3e:ae:
c7:e6:c8:4d:66:09:1e:cd:e3:a9:27:15:92:d2:e4:
93:69:3b:5e:74:83:d9:10:a0:9b:e4:88:b5:18:33:
15:fe:4c:c6:c2:20:56:3c:63:2b:86:0f:a0:4f:47:
57:90:0d:da:f0:89:a4:ba:f8:36:54:04:1c:ab:1f:
b8:46:e1:b5:52:05:f6:44:59:57:df:73:30:af:dc:
01:bb:ca:41:39:22:3a:93:67:02:35:ce:3f:1b:9d:
d4:13:15:2a:25:7a:8e:2c:db:71:69:3c:7d:d4:b4:
34:ea:a8:d3:78:1d:f4:ea:3a:fc:eb:b5:d6:2b:38:
a9:e3:3b:9e:57:dc:94:47:86:6c:51:21:1c:9c:e8:
9f:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:8F:B5:39:CD:88:AD:8D:F7:43:DC:71:6D:E1:F4:72:E7:CF:54:CA
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zo-1Oc2IrY33Q9xxbeH0cufPVMo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
62:13:86:c3:35:7c:97:ea:02:2f:64:a2:f3:99:a3:3d:45:c7:
9d:8b:5c:a0:1e:e7:01:27:36:da:2f:81:5f:65:59:94:da:3f:
7c:8d:f2:c8:cb:f6:3a:07:92:bc:e8:5a:09:dc:46:16:ee:77:
2e:be:d4:bd:a7:f2:13:d0:45:e5:fa:b0:36:41:5c:87:39:4e:
37:36:cd:b3:3b:a7:cf:e6:a3:41:41:ad:35:57:b2:61:7e:50:
01:00:c5:d7:57:b2:3e:66:16:93:04:ce:cf:fb:a3:39:91:37:
11:b1:9f:92:be:3a:a4:f3:4f:9d:8a:b9:41:3f:55:10:51:07:
40:78:68:c7:5e:41:15:2e:b4:99:18:c9:24:8c:d5:c5:20:c5:
26:c3:59:9e:47:71:e5:43:fd:04:b8:51:e6:44:9e:74:9f:00:
72:d4:e5:2f:71:c6:1c:cb:f1:36:af:fa:03:18:f2:18:c9:29:
f7:dc:ed:66:33:f1:84:15:68:b4:4f:ff:77:8d:5f:5c:77:61:
52:e3:7c:74:6d:44:92:0b:31:b1:fa:39:93:68:e9:16:7f:e8:
74:29:c5:0e:c5:c9:d2:a3:05:21:31:be:ef:4e:a5:49:82:fe:
77:75:59:9f:70:73:81:63:d0:6e:33:91:58:c7:30:8d:dd:29:
2b:52:75:5a
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdYIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTAx
NjE2MjlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKENFOEZCNTM5Q0Q4OEFE
OERGNzQzREM3MTZERTFGNDcyRTdDRjU0Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCoTIBFTuhl5d4a1Hq0cR/7wmFtwO2q4+RRDflhTK/fGJmXJFTl
+WjgnAibucKLQudmDpJ1oYeWsTidhfegHtqJltH2vCKCh+tXFTGng4q8ZafQ4Ygz
XMpMCg7SBabrcn7iz8HJIrlKVOzAeXIpEazVoMzDApE+rsfmyE1mCR7N46knFZLS
5JNpO150g9kQoJvkiLUYMxX+TMbCIFY8YyuGD6BPR1eQDdrwiaS6+DZUBByrH7hG
4bVSBfZEWVffczCv3AG7ykE5IjqTZwI1zj8bndQTFSoleo4s23FpPH3UtDTqqNN4
HfTqOvzrtdYrOKnjO55X3JRHhmxRIRyc6J9nAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUzo+1Oc2IrY33Q9xxbeH0cufPVMowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3pvLTFPYzJJclkzM1E5
eHhiZUgwY3VmUFZNby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBiE4bD
NXyX6gIvZKLzmaM9Rcedi1ygHucBJzbaL4FfZVmU2j98jfLIy/Y6B5K86FoJ3EYW
7ncuvtS9p/IT0EXl+rA2QVyHOU43Ns2zO6fP5qNBQa01V7JhflABAMXXV7I+ZhaT
BM7P+6M5kTcRsZ+Svjqk80+dirlBP1UQUQdAeGjHXkEVLrSZGMkkjNXFIMUmw1me
R3HlQ/0EuFHmRJ50nwBy1OUvccYcy/E2r/oDGPIYySn33O1mM/GEFWi0T/93jV9c
d2FS43x0bUSSCzGx+jmTaOkWf+h0KcUOxcnSowUhMb7vTqVJgv53dVmfcHOBY9Bu
M5FYxzCN3SkrUnVa
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:45:56 2025 by rpki-client