Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/cp7aPQmT8tO_AcjXOrzXmA37gIc.roa
File: cp7aPQmT8tO_AcjXOrzXmA37gIc.roa (raw, json)
Hash identifier: XkK1eW8QtnGTuvo+PxfAJ5ME4ag2n5EOC3uQPWbje1w=
Subject key identifier: 72:9E:DA:3D:09:93:F2:D3:BF:01:C8:D7:3A:BC:D7:98:0D:FB:80:87
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6716
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/cp7aPQmT8tO_AcjXOrzXmA37gIc.roa
Signing time: Sun 01 Jun 2025 23:41:42 +0000
ROA not before: Sun 01 Jun 2025 23:41:42 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26390 (0x6716)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 1 23:41:42 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=729EDA3D0993F2D3BF01C8D73ABCD7980DFB8087
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:44:24:65:4c:96:45:de:ce:19:65:de:a3:7d:
32:32:ac:7e:40:88:2b:ef:12:11:1b:32:f2:7a:eb:
9c:08:5f:93:75:37:38:a1:3a:5f:57:92:d0:22:17:
91:99:79:7f:35:56:1b:d9:dd:9a:6c:ff:a3:7f:2a:
8e:bc:f1:4c:95:3f:56:e4:fa:c2:72:e7:09:03:56:
97:6a:f3:3a:63:a7:ea:96:f4:9e:b8:46:7b:04:a1:
8a:9a:69:46:68:9f:88:f1:7a:7f:b7:e4:24:76:49:
51:3a:d4:98:39:85:42:d9:7c:c8:9e:b5:29:86:15:
91:34:4a:5f:c9:67:bf:13:d6:a4:9d:3c:db:29:58:
25:cf:7c:1a:c3:1f:83:29:76:7b:28:0e:cb:a1:4f:
cd:26:21:65:e2:5e:21:c1:9b:fd:f1:24:44:08:ce:
d0:52:68:3b:52:65:48:36:49:11:f4:64:8a:95:50:
a3:73:e9:6d:09:2b:92:8b:64:18:d1:f6:2c:d8:2e:
3f:75:08:56:34:08:d1:3a:02:d8:89:03:e2:db:3e:
47:b1:32:b9:86:d2:b7:a5:1a:fc:80:d0:dd:1a:cd:
e3:7c:89:c1:7e:1d:5f:45:f3:61:32:d2:92:85:be:
39:3f:55:d7:13:94:df:ac:d9:70:f0:ec:ba:9c:d2:
28:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:9E:DA:3D:09:93:F2:D3:BF:01:C8:D7:3A:BC:D7:98:0D:FB:80:87
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/cp7aPQmT8tO_AcjXOrzXmA37gIc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
54:f9:0d:57:04:51:e6:01:11:3b:1e:bf:26:66:52:9e:9c:4a:
05:90:3d:3c:b6:c4:2d:1e:34:dc:d7:0a:84:ec:29:c2:77:be:
82:90:af:18:7e:a2:2a:64:77:b9:82:35:b2:83:be:9c:c4:7e:
d2:f6:e7:08:48:89:23:e7:77:8d:d0:e4:b5:e4:95:d7:5b:20:
d1:46:9b:a1:c1:f0:ec:86:6a:e3:c7:5e:4e:ed:c1:82:47:99:
4d:a5:8d:c5:a8:b5:78:2e:93:72:b8:82:4f:74:d0:21:16:79:
58:ca:2a:27:a6:f3:51:c1:82:5a:cb:36:ea:40:3a:6e:b7:ec:
6b:f7:e4:cb:a7:34:10:01:86:3e:1c:65:c9:c4:ed:27:7b:66:
d7:a4:9f:22:ed:e3:4b:58:45:40:9f:d7:d2:11:e0:a8:b8:49:
17:6e:b7:0a:c5:8b:c7:2a:73:cb:e9:7d:ac:40:9a:a6:5c:e8:
83:29:63:0e:c0:98:a2:15:ea:a2:5f:ce:26:36:09:d9:fb:5a:
c5:1c:e2:f5:c1:e6:b5:09:2f:4e:e7:91:91:09:1b:fa:0e:b9:
5d:af:fa:39:7c:69:3a:ca:3f:ba:50:4f:7b:33:42:76:6b:3f:
42:74:31:61:89:63:da:d9:ac:58:19:31:81:22:57:38:da:b7:
f4:8c:ce:13
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZxYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDEy
MzQxNDJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDcyOUVEQTNEMDk5M0Yy
RDNCRjAxQzhENzNBQkNENzk4MERGQjgwODcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9RCRlTJZF3s4ZZd6jfTIyrH5AiCvvEhEbMvJ665wIX5N1Nzih
Ol9XktAiF5GZeX81VhvZ3Zps/6N/Ko688UyVP1bk+sJy5wkDVpdq8zpjp+qW9J64
RnsEoYqaaUZon4jxen+35CR2SVE61Jg5hULZfMietSmGFZE0Sl/JZ78T1qSdPNsp
WCXPfBrDH4MpdnsoDsuhT80mIWXiXiHBm/3xJEQIztBSaDtSZUg2SRH0ZIqVUKNz
6W0JK5KLZBjR9izYLj91CFY0CNE6AtiJA+LbPkexMrmG0relGvyA0N0azeN8icF+
HV9F82Ey0pKFvjk/VdcTlN+s2XDw7Lqc0ignAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUcp7aPQmT8tO/AcjXOrzXmA37gIcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2NwN2FQUW1UOHRPX0Fj
alhPcnpYbUEzN2dJYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBU+Q1X
BFHmARE7Hr8mZlKenEoFkD08tsQtHjTc1wqE7CnCd76CkK8YfqIqZHe5gjWyg76c
xH7S9ucISIkj53eN0OS15JXXWyDRRpuhwfDshmrjx15O7cGCR5lNpY3FqLV4LpNy
uIJPdNAhFnlYyionpvNRwYJayzbqQDput+xr9+TLpzQQAYY+HGXJxO0ne2bXpJ8i
7eNLWEVAn9fSEeCouEkXbrcKxYvHKnPL6X2sQJqmXOiDKWMOwJiiFeqiX84mNgnZ
+1rFHOL1wea1CS9O55GRCRv6Drldr/o5fGk6yj+6UE97M0J2az9CdDFhiWPa2axY
GTGBIlc42rf0jM4T
-----END CERTIFICATE-----
Generated at Sun Jun 22 18:00:20 2025 by rpki-client