Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/zrijmyq6Kge3Z9g9C1QGIXJfo9s.roa
File: zrijmyq6Kge3Z9g9C1QGIXJfo9s.roa (raw, json)
Hash identifier: YFnQrQKwY0yc871Zk1nZzkONZ5vdUG/HBHuZyUFiaeU=
Subject key identifier: CE:B8:A3:9B:2A:BA:2A:07:B7:67:D8:3D:0B:54:06:21:72:5F:A3:DB
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 758E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zrijmyq6Kge3Z9g9C1QGIXJfo9s.roa
Signing time: Thu 10 Jul 2025 19:15:18 +0000
ROA not before: Thu 10 Jul 2025 19:15:18 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30094 (0x758e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 10 19:15:18 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=CEB8A39B2ABA2A07B767D83D0B540621725FA3DB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:fa:6b:70:45:ba:dc:51:47:72:d4:08:ee:1e:cb:
bf:15:a5:f7:a5:63:98:dd:03:b0:bf:a5:e2:4e:f8:
d5:45:0e:7f:75:b3:5c:c9:3e:00:55:0d:6b:8b:93:
21:81:6f:ab:5b:d7:22:fb:d7:59:e0:b7:65:d1:d6:
2c:c7:a6:f6:1a:f0:37:b4:e4:5c:df:5a:69:80:fb:
94:0c:12:fc:5c:43:88:97:1c:e5:d2:ae:c9:f4:ee:
9a:db:99:8f:a9:02:69:ff:18:53:65:89:57:15:69:
6c:b4:be:4f:67:a0:b0:97:c5:5c:84:f0:de:3b:27:
15:ab:48:d1:e2:2c:08:a8:8b:e9:cd:48:bd:7b:0d:
64:06:80:c4:6b:fd:78:c2:f4:48:0f:9e:bf:6e:f5:
f5:37:aa:dd:8a:e4:4c:30:6f:dc:b6:96:05:07:5c:
10:7b:fe:f3:c6:76:59:b8:90:75:99:02:7c:47:69:
3e:6e:9e:86:db:06:7c:fb:f5:b1:fd:6a:ac:a9:ac:
89:eb:1c:b8:d7:d4:42:9e:ac:c5:45:1a:fb:8c:34:
24:7c:3f:8e:37:c9:1a:8f:cf:49:28:e2:0a:b3:55:
19:f8:53:23:76:64:38:53:3f:30:e6:a0:ce:14:0c:
37:de:62:b4:64:ea:1d:01:76:fa:5f:30:0c:61:af:
62:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:B8:A3:9B:2A:BA:2A:07:B7:67:D8:3D:0B:54:06:21:72:5F:A3:DB
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zrijmyq6Kge3Z9g9C1QGIXJfo9s.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
a2:ff:ad:5d:78:9f:d8:a1:d3:0e:01:3c:14:2c:e3:08:bc:e1:
81:1f:ea:32:53:9d:90:a2:75:16:38:97:29:c8:8b:58:12:0d:
85:66:94:32:f7:dd:aa:c0:0f:b9:3a:96:02:61:38:3b:c6:c0:
87:6f:1b:11:d7:8a:e7:64:0b:66:ee:15:c5:8a:15:30:b5:02:
69:a0:37:98:31:93:82:9b:98:15:c0:0f:6b:97:fc:ac:5c:b4:
f6:69:77:3a:1e:5f:26:17:f6:32:35:d2:6a:e3:c9:24:f6:10:
ba:2e:ef:62:8a:7c:75:2f:b1:cc:2c:50:5f:22:87:27:56:07:
d8:dc:88:e3:8a:f8:9c:37:09:64:66:31:d2:bb:8e:1a:67:26:
a9:66:db:36:38:43:79:60:a0:05:48:84:b6:7c:e5:66:3b:3d:
bb:65:60:79:ff:ef:05:f4:46:c3:cf:e8:c4:d5:6e:88:c6:9e:
59:af:33:30:6f:03:0a:1d:fd:eb:04:6c:68:8a:29:f2:bd:e6:
f3:9f:d2:ce:68:7a:5c:5c:c5:7e:59:7d:6b:54:dd:e3:4b:1b:
c0:3e:8c:d5:0d:e6:6b:c2:50:4e:1c:f5:d0:2a:29:b5:1d:04:
d9:77:80:ce:bb:c4:38:a8:f3:6f:e4:87:fb:32:45:4c:02:58:
df:9d:f5:c8
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdY4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTAx
OTE1MThaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKENFQjhBMzlCMkFCQTJB
MDdCNzY3RDgzRDBCNTQwNjIxNzI1RkEzREIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD6a3BFutxRR3LUCO4ey78VpfelY5jdA7C/peJO+NVFDn91s1zJ
PgBVDWuLkyGBb6tb1yL711ngt2XR1izHpvYa8De05FzfWmmA+5QMEvxcQ4iXHOXS
rsn07prbmY+pAmn/GFNliVcVaWy0vk9noLCXxVyE8N47JxWrSNHiLAioi+nNSL17
DWQGgMRr/XjC9EgPnr9u9fU3qt2K5Ewwb9y2lgUHXBB7/vPGdlm4kHWZAnxHaT5u
nobbBnz79bH9aqyprInrHLjX1EKerMVFGvuMNCR8P443yRqPz0ko4gqzVRn4UyN2
ZDhTPzDmoM4UDDfeYrRk6h0BdvpfMAxhr2LRAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUzrijmyq6Kge3Z9g9C1QGIXJfo9swHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3pyaWpteXE2S2dlM1o5
ZzlDMVFHSVhKZm85cy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCi/61d
eJ/YodMOATwULOMIvOGBH+oyU52QonUWOJcpyItYEg2FZpQy992qwA+5OpYCYTg7
xsCHbxsR14rnZAtm7hXFihUwtQJpoDeYMZOCm5gVwA9rl/ysXLT2aXc6Hl8mF/Yy
NdJq48kk9hC6Lu9iinx1L7HMLFBfIocnVgfY3IjjivicNwlkZjHSu44aZyapZts2
OEN5YKAFSIS2fOVmOz27ZWB5/+8F9EbDz+jE1W6Ixp5ZrzMwbwMKHf3rBGxoiiny
vebzn9LOaHpcXMV+WX1rVN3jSxvAPozVDeZrwlBOHPXQKim1HQTZd4DOu8Q4qPNv
5If7MkVMAljfnfXI
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:54:48 2025 by rpki-client