Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/7kRUyfQnPwq8mqSbb69ohGxuIKo.roa
File: 7kRUyfQnPwq8mqSbb69ohGxuIKo.roa (raw, json)
Hash identifier: +qu3Q7+TW2dasU2BVvSiNHZyzJ3DN2F7YqPD8njQOYo=
Subject key identifier: EE:44:54:C9:F4:27:3F:0A:BC:9A:A4:9B:6F:AF:68:84:6C:6E:20:AA
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 66E6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/7kRUyfQnPwq8mqSbb69ohGxuIKo.roa
Signing time: Sun 01 Jun 2025 11:41:45 +0000
ROA not before: Sun 01 Jun 2025 11:41:45 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26342 (0x66e6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 1 11:41:45 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=EE4454C9F4273F0ABC9AA49B6FAF68846C6E20AA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:5c:40:75:2e:0e:10:96:43:e0:ba:80:52:fb:
f0:e3:a6:55:d0:95:a5:73:66:aa:07:f6:11:1a:66:
75:66:4b:69:39:51:bb:30:55:0f:b6:4d:92:76:b8:
19:80:b2:54:c9:74:fa:25:f3:7d:c9:6c:3d:c2:a1:
ac:64:cd:a2:3b:ef:ef:1c:c8:1e:c4:d0:78:84:84:
1f:e8:94:dc:5a:fe:4b:ee:5d:d3:2b:85:a9:de:37:
4f:c0:a2:3f:03:fb:4d:90:7e:a4:de:63:7c:fa:83:
36:da:b4:91:bf:42:b8:a7:1d:8f:c3:2d:ba:78:bc:
9d:f5:e5:68:de:0e:02:05:5e:9c:01:e4:39:b7:56:
b5:78:48:d5:e3:05:29:de:38:8a:d9:8d:65:51:04:
68:c5:ea:43:0a:61:84:33:dc:4a:f9:65:c2:bd:be:
53:d0:1e:f7:e2:9d:77:d2:e6:b9:9b:bd:54:c7:48:
82:73:54:ce:e0:cd:ce:0d:3c:e3:9f:bf:2e:ea:6f:
8e:57:a1:fa:db:6d:69:5f:fc:f6:f1:f5:92:c8:5b:
dd:1c:11:3e:3a:ca:9a:f5:1b:e2:46:d8:e8:09:40:
57:6b:70:78:b2:99:27:5d:36:4d:bf:5f:82:7f:98:
00:e8:0f:96:b3:9d:6a:97:60:62:8a:f4:27:a1:fe:
05:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:44:54:C9:F4:27:3F:0A:BC:9A:A4:9B:6F:AF:68:84:6C:6E:20:AA
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/7kRUyfQnPwq8mqSbb69ohGxuIKo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
1c:7d:47:25:4e:b9:72:23:e1:f3:a7:69:50:09:1e:55:d8:19:
a5:27:7d:92:cb:d8:d6:63:0c:88:a0:98:9b:fa:f7:2d:9e:58:
2a:b5:05:c0:77:e8:1f:30:70:8e:c6:ac:41:41:62:17:09:11:
42:71:70:db:0a:59:b8:3e:ce:57:e1:d6:02:96:2a:bb:f5:aa:
15:af:19:7e:00:e6:eb:59:2a:4e:bd:fe:f3:2c:33:bc:72:59:
ca:4a:7a:1b:32:ed:d3:28:09:0b:b7:e6:30:18:ac:98:cc:21:
a6:a9:63:72:3d:f6:af:9f:f1:ca:ea:e6:a3:b8:aa:aa:7e:2d:
a5:3b:12:fc:22:54:8c:be:f3:90:62:a1:14:2e:2d:23:03:4c:
96:68:65:4c:51:38:9f:c8:5c:8c:bd:32:ab:08:a3:7a:b8:dc:
36:f1:bd:1f:69:6c:33:37:a0:43:4f:ca:f5:17:b9:71:69:fc:
ee:35:9b:d5:01:0b:9f:69:8a:a0:3d:42:86:63:ae:02:72:53:
ef:60:6d:3f:a7:2a:cb:12:e3:52:7c:60:36:83:c0:fa:9b:77:
4a:54:6e:19:59:0b:be:91:71:b6:68:48:53:b5:cc:8c:08:05:
1a:dc:80:76:c0:43:22:7e:ba:63:63:3c:52:20:d1:af:0d:1c:
0e:38:f6:07
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZuYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDEx
MTQxNDVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEVFNDQ1NEM5RjQyNzNG
MEFCQzlBQTQ5QjZGQUY2ODg0NkM2RTIwQUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCfXEB1Lg4QlkPguoBS+/DjplXQlaVzZqoH9hEaZnVmS2k5Ubsw
VQ+2TZJ2uBmAslTJdPol833JbD3CoaxkzaI77+8cyB7E0HiEhB/olNxa/kvuXdMr
haneN0/Aoj8D+02QfqTeY3z6gzbatJG/QrinHY/DLbp4vJ315WjeDgIFXpwB5Dm3
VrV4SNXjBSneOIrZjWVRBGjF6kMKYYQz3Er5ZcK9vlPQHvfinXfS5rmbvVTHSIJz
VM7gzc4NPOOfvy7qb45XofrbbWlf/Pbx9ZLIW90cET46ypr1G+JG2OgJQFdrcHiy
mSddNk2/X4J/mADoD5aznWqXYGKK9Ceh/gVPAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU7kRUyfQnPwq8mqSbb69ohGxuIKowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzdrUlV5ZlFuUHdxOG1x
U2JiNjlvaEd4dUlLby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAcfUcl
TrlyI+Hzp2lQCR5V2BmlJ32Sy9jWYwyIoJib+vctnlgqtQXAd+gfMHCOxqxBQWIX
CRFCcXDbClm4Ps5X4dYCliq79aoVrxl+AObrWSpOvf7zLDO8clnKSnobMu3TKAkL
t+YwGKyYzCGmqWNyPfavn/HK6uajuKqqfi2lOxL8IlSMvvOQYqEULi0jA0yWaGVM
UTifyFyMvTKrCKN6uNw28b0faWwzN6BDT8r1F7lxafzuNZvVAQufaYqgPUKGY64C
clPvYG0/pyrLEuNSfGA2g8D6m3dKVG4ZWQu+kXG2aEhTtcyMCAUa3IB2wEMifrpj
YzxSINGvDRwOOPYH
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:54:51 2025 by rpki-client