Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/e7uaN4tKPGVyusLK-CooKnIXrmc.roa
File: e7uaN4tKPGVyusLK-CooKnIXrmc.roa (raw, json)
Hash identifier: O0x8BTtfvGOoV9DwlbdWDTl5I0vC6S7KOL1ORFzJVho=
Subject key identifier: 7B:BB:9A:37:8B:4A:3C:65:72:BA:C2:CA:F8:2A:28:2A:72:17:AE:67
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6478
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/e7uaN4tKPGVyusLK-CooKnIXrmc.roa
Signing time: Mon 26 May 2025 00:13:21 +0000
ROA not before: Mon 26 May 2025 00:13:21 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25720 (0x6478)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 26 00:13:21 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=7BBB9A378B4A3C6572BAC2CAF82A282A7217AE67
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:a7:e7:e8:9b:fb:a2:32:7d:90:11:02:e8:c1:
57:da:4c:81:88:f3:87:f8:15:63:33:b3:b5:23:da:
80:46:67:2f:a5:d6:e6:9d:54:6a:1c:3a:66:fd:93:
a3:2c:a0:02:38:8f:19:eb:04:b3:c2:45:58:47:fe:
f7:2c:f2:3a:a0:43:a1:0e:b6:1e:84:ef:34:cd:07:
0c:cd:fb:03:5a:62:63:dc:b3:c1:31:89:35:cf:f4:
20:d0:45:41:cb:1a:87:e7:3f:c0:80:04:a7:c1:97:
b4:7d:16:6d:23:c7:5b:2f:68:a8:6d:d5:f1:0c:fb:
d1:1d:0e:8a:ad:97:20:11:f1:a1:2e:47:29:a4:0c:
d0:e0:fc:d6:ca:cb:47:7d:23:11:00:9e:92:e9:e5:
3f:ae:27:4d:f6:a9:2f:8b:2c:ec:5c:7f:aa:cd:94:
b2:ef:34:fd:c2:a4:e9:29:d6:68:5a:63:e6:4a:da:
5e:20:27:84:2f:24:56:67:c9:ac:a5:e1:18:c4:16:
ac:c1:31:eb:3c:c1:e3:ff:6f:0d:e7:68:34:6d:1a:
b7:70:38:cc:be:c2:08:4d:b3:27:f4:ff:8b:46:37:
b8:41:17:e6:27:7b:ed:29:a0:42:fe:b6:fc:bf:1a:
07:3a:bf:eb:57:39:39:2d:87:81:25:83:6c:cb:f8:
7b:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7B:BB:9A:37:8B:4A:3C:65:72:BA:C2:CA:F8:2A:28:2A:72:17:AE:67
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/e7uaN4tKPGVyusLK-CooKnIXrmc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
6e:4c:c8:cb:df:8d:c6:e0:88:ed:63:78:5f:62:42:fe:6a:df:
a0:fb:7f:ed:61:74:9f:42:55:53:9a:65:62:2a:75:20:43:57:
86:1b:23:ef:2c:13:37:4f:a6:80:8a:82:2a:a9:71:28:3c:34:
b8:8e:fb:ea:f2:d1:40:17:d5:dd:be:f3:94:99:e9:0b:ef:b0:
36:37:4d:78:3f:df:32:18:43:d5:f8:59:dc:87:61:7d:f5:46:
e8:89:22:d2:b0:42:98:ef:44:4b:b8:76:4b:1b:64:92:3d:e2:
c1:90:d5:98:f6:1d:5a:67:09:55:40:1e:c9:65:6d:9d:ff:c0:
64:bd:36:89:0a:9e:b8:52:53:24:67:ca:37:94:44:cd:d1:df:
8e:3d:ef:30:b8:13:60:a7:89:66:60:ba:21:12:8d:75:bd:7f:
58:cd:b7:11:15:f0:f7:da:9d:0b:40:7a:83:47:0f:c2:d3:19:
b8:6a:a1:a2:14:f8:7f:2c:52:2e:eb:f1:8a:d5:e2:4d:2d:59:
be:d0:9d:96:71:95:e7:a9:2a:10:d6:22:49:0a:3b:38:31:ae:
4c:59:6c:7f:80:8f:3e:69:62:70:63:f6:e0:12:54:d8:0b:2e:
12:cd:26:36:84:df:e0:6d:d9:43:7b:b6:fe:8e:db:9c:8d:8c:
ec:27:ac:25
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZHgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjYw
MDEzMjFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDdCQkI5QTM3OEI0QTND
NjU3MkJBQzJDQUY4MkEyODJBNzIxN0FFNjcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDQp+fom/uiMn2QEQLowVfaTIGI84f4FWMzs7Uj2oBGZy+l1uad
VGocOmb9k6MsoAI4jxnrBLPCRVhH/vcs8jqgQ6EOth6E7zTNBwzN+wNaYmPcs8Ex
iTXP9CDQRUHLGofnP8CABKfBl7R9Fm0jx1svaKht1fEM+9EdDoqtlyAR8aEuRymk
DNDg/NbKy0d9IxEAnpLp5T+uJ032qS+LLOxcf6rNlLLvNP3CpOkp1mhaY+ZK2l4g
J4QvJFZnyayl4RjEFqzBMes8weP/bw3naDRtGrdwOMy+wghNsyf0/4tGN7hBF+Yn
e+0poEL+tvy/Ggc6v+tXOTkth4Elg2zL+Hu1AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUe7uaN4tKPGVyusLK+CooKnIXrmcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2U3dWFONHRLUEdWeXVz
TEstQ29vS25JWHJtYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBuTMjL
343G4IjtY3hfYkL+at+g+3/tYXSfQlVTmmViKnUgQ1eGGyPvLBM3T6aAioIqqXEo
PDS4jvvq8tFAF9XdvvOUmekL77A2N014P98yGEPV+Fnch2F99UboiSLSsEKY70RL
uHZLG2SSPeLBkNWY9h1aZwlVQB7JZW2d/8BkvTaJCp64UlMkZ8o3lETN0d+OPe8w
uBNgp4lmYLohEo11vX9YzbcRFfD32p0LQHqDRw/C0xm4aqGiFPh/LFIu6/GK1eJN
LVm+0J2WcZXnqSoQ1iJJCjs4Ma5MWWx/gI8+aWJwY/bgElTYCy4SzSY2hN/gbdlD
e7b+jtucjYzsJ6wl
-----END CERTIFICATE-----
Generated at Sun Jun 15 09:22:52 2025 by rpki-client