Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/RApI7gt9lp70-bFry4VkRIWcGPQ.roa
File: RApI7gt9lp70-bFry4VkRIWcGPQ.roa (raw, json)
Hash identifier: MDcOUZnAmDZK8XHloPCDy04s/lqKTqIo57m6FWtzIlc=
Subject key identifier: 44:0A:48:EE:0B:7D:96:9E:F4:F9:B1:6B:CB:85:64:44:85:9C:18:F4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 69A0
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/RApI7gt9lp70-bFry4VkRIWcGPQ.roa
Signing time: Sun 08 Jun 2025 18:12:08 +0000
ROA not before: Sun 08 Jun 2025 18:12:08 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27040 (0x69a0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 8 18:12:08 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=440A48EE0B7D969EF4F9B16BCB856444859C18F4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:29:14:89:ee:e6:00:b9:a1:66:06:f4:ec:38:
3c:f6:49:db:8c:6a:c4:22:4e:51:7e:d3:5e:4f:01:
41:8b:61:67:ac:5c:f1:8b:60:17:63:3d:23:aa:ac:
bb:2a:08:ba:c5:d4:eb:bb:82:34:b3:25:b8:cf:c5:
49:a8:40:4c:3f:2f:dd:d4:91:d1:18:91:ca:a8:f3:
c4:84:99:e2:c0:99:43:41:7e:4f:b1:2b:12:6c:3e:
5f:29:b9:2d:d8:9b:74:09:8d:c0:26:ff:71:09:00:
59:79:3b:56:30:a3:13:da:cf:43:a4:e4:c9:ae:3b:
67:3c:d9:d2:1a:0e:43:93:08:7d:93:b6:ab:66:8c:
6a:bd:b5:bb:5a:06:5d:20:d1:b6:7b:85:a2:e8:77:
09:3a:74:6d:78:4b:3c:a6:37:b8:9a:2a:7a:62:88:
5f:dd:fb:1d:3b:ca:66:99:c3:6a:bd:71:fc:5a:04:
bd:2b:25:ad:ee:61:05:08:89:51:54:2b:74:3f:33:
e8:60:9a:bd:00:6d:18:a3:c1:8d:aa:ce:69:e5:a6:
6e:3a:d3:04:e2:f5:09:a3:b1:f3:75:72:60:f8:87:
a5:73:69:9c:0a:8b:10:aa:ec:fa:c5:eb:14:d7:4c:
9c:44:c3:43:60:f4:f9:d2:da:62:15:55:c1:31:a6:
c5:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:0A:48:EE:0B:7D:96:9E:F4:F9:B1:6B:CB:85:64:44:85:9C:18:F4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/RApI7gt9lp70-bFry4VkRIWcGPQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
85:9f:06:08:f9:36:7b:74:b5:7a:e8:a2:83:7e:6d:fe:f5:ad:
b5:1d:20:2c:36:ef:77:f8:5e:ee:e0:0f:1e:de:c0:bc:d4:0d:
2e:ba:ee:29:11:a7:2f:d0:1d:a4:ec:4d:8a:7d:b5:25:81:81:
d2:53:de:53:df:57:b2:44:07:ba:c8:55:4d:73:65:18:c1:11:
f0:46:fe:ab:bb:14:c6:a4:23:50:56:c3:d6:b0:16:34:bb:df:
cd:94:1b:8d:d8:20:37:29:42:1a:b3:c6:a0:2a:45:b5:4c:0c:
0d:16:94:4c:7e:33:f4:6f:47:f3:a3:bc:b5:e2:fe:4d:70:b8:
ff:ce:9e:ce:da:5f:07:63:3e:97:1b:cd:77:ba:86:70:64:12:
8c:8b:a6:5e:97:01:96:8d:eb:f1:fb:4e:24:25:e3:d4:30:68:
bb:32:6d:f6:f9:e5:20:4b:98:42:c6:cf:bf:0b:dd:de:5b:ca:
d3:00:2f:52:a9:cf:21:d5:39:28:00:0a:c6:91:c9:bc:01:3c:
ac:db:b5:2b:4c:a5:f9:81:16:b9:e5:73:5e:82:22:66:64:74:
f1:b6:26:a6:6d:35:39:ca:80:a2:b5:99:d5:c9:2c:99:6a:63:
a1:87:73:96:01:4b:5c:a7:70:c6:e2:a4:b9:a9:2c:c7:6f:2c:
79:df:11:80
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICaaAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDgx
ODEyMDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDQ0MEE0OEVFMEI3RDk2
OUVGNEY5QjE2QkNCODU2NDQ0ODU5QzE4RjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDXKRSJ7uYAuaFmBvTsODz2SduMasQiTlF+015PAUGLYWesXPGL
YBdjPSOqrLsqCLrF1Ou7gjSzJbjPxUmoQEw/L93UkdEYkcqo88SEmeLAmUNBfk+x
KxJsPl8puS3Ym3QJjcAm/3EJAFl5O1YwoxPaz0Ok5MmuO2c82dIaDkOTCH2Ttqtm
jGq9tbtaBl0g0bZ7haLodwk6dG14SzymN7iaKnpiiF/d+x07ymaZw2q9cfxaBL0r
Ja3uYQUIiVFUK3Q/M+hgmr0AbRijwY2qzmnlpm460wTi9QmjsfN1cmD4h6VzaZwK
ixCq7PrF6xTXTJxEw0Ng9PnS2mIVVcExpsVZAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQURApI7gt9lp70+bFry4VkRIWcGPQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1JBcEk3Z3Q5bHA3MC1i
RnJ5NFZrUklXY0dQUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCFnwYI
+TZ7dLV66KKDfm3+9a21HSAsNu93+F7u4A8e3sC81A0uuu4pEacv0B2k7E2KfbUl
gYHSU95T31eyRAe6yFVNc2UYwRHwRv6ruxTGpCNQVsPWsBY0u9/NlBuN2CA3KUIa
s8agKkW1TAwNFpRMfjP0b0fzo7y14v5NcLj/zp7O2l8HYz6XG813uoZwZBKMi6Ze
lwGWjevx+04kJePUMGi7Mm32+eUgS5hCxs+/C93eW8rTAC9Sqc8h1TkoAArGkcm8
ATys27UrTKX5gRa55XNegiJmZHTxtiambTU5yoCitZnVySyZamOhh3OWAUtcp3DG
4qS5qSzHbyx53xGA
-----END CERTIFICATE-----
Generated at Sat Jun 21 12:12:23 2025 by rpki-client