Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/-Cd03MtOUZzUONe7Xb_p1aHoFXQ.roa
File: -Cd03MtOUZzUONe7Xb_p1aHoFXQ.roa (raw, json)
Hash identifier: VFF0NL3ZgSBqNgej4Usw3iGOZrNgEWH41TuVJeb1JCY=
Subject key identifier: F8:27:74:DC:CB:4E:51:9C:D4:38:D7:BB:5D:BF:E9:D5:A1:E8:15:74
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5FEE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-Cd03MtOUZzUONe7Xb_p1aHoFXQ.roa
Signing time: Tue 13 May 2025 21:40:23 +0000
ROA not before: Tue 13 May 2025 21:40:23 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24558 (0x5fee)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 13 21:40:23 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=F82774DCCB4E519CD438D7BB5DBFE9D5A1E81574
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:b8:c7:3e:db:1b:0c:b6:af:16:ee:ef:43:3a:
92:7a:c2:26:f7:d9:7c:8b:4f:f4:be:5a:45:93:19:
14:74:e1:0a:1d:d9:22:7e:1b:02:a7:04:0a:1b:25:
78:97:02:94:35:f6:16:db:d8:ee:e5:a6:75:d8:02:
9b:b0:31:4c:39:95:27:13:4a:83:22:e8:1e:96:eb:
f4:76:d1:1a:8e:87:42:f7:2b:83:b7:af:c9:a5:3e:
14:54:0d:16:68:e9:ed:ac:f4:bd:d3:af:ff:95:79:
26:69:20:3b:38:d1:fd:a5:14:c7:a2:92:e0:77:06:
04:91:35:a8:07:a1:bc:a3:72:00:00:9f:4e:d7:c8:
f9:f5:b9:01:1e:ec:0c:cc:8c:de:75:d2:d2:eb:00:
54:4e:5c:2f:3d:74:c0:1f:74:8a:95:a7:25:6d:f0:
4d:c6:12:b7:39:ae:30:ef:3c:01:43:a9:4f:2b:92:
a3:25:4a:c1:42:9a:3c:f1:bd:b7:8e:aa:f8:03:71:
a0:2f:1c:c1:21:76:9a:10:cc:a8:08:ad:46:c8:4d:
20:4b:69:2f:47:55:e0:4a:02:b7:05:8a:5c:09:60:
5f:85:fe:17:f4:3d:3a:d0:b3:b4:a2:58:93:31:66:
42:0e:1b:26:49:11:62:dd:d7:04:76:bd:c0:e6:c7:
5e:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:27:74:DC:CB:4E:51:9C:D4:38:D7:BB:5D:BF:E9:D5:A1:E8:15:74
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-Cd03MtOUZzUONe7Xb_p1aHoFXQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
30:a2:36:88:39:fb:82:8f:40:70:d6:17:63:9a:97:22:71:3f:
2d:93:78:cf:fe:55:44:bc:f6:ae:ff:3f:5b:2b:be:7f:50:5a:
99:eb:43:43:7e:dc:8a:40:83:b0:50:69:9d:28:29:a4:e3:32:
c4:40:52:6a:8f:69:fb:fe:10:39:24:6a:b3:78:2e:33:1b:cc:
53:e3:37:9d:ab:66:04:63:9c:ce:54:7a:e1:f4:de:3d:b3:c7:
bc:10:25:8a:51:01:71:f3:90:34:51:a0:0b:07:b4:c0:ff:97:
8d:d6:66:7a:b3:79:c2:c0:ed:7e:4b:b3:e0:12:6a:62:9c:0b:
d8:a0:50:fe:cf:b1:b5:8a:49:7c:af:10:3e:c7:6b:a4:9e:4f:
97:08:dc:af:3f:54:7b:ef:4c:bb:fb:8f:53:2f:4b:3d:4e:da:
73:52:e3:e4:08:1f:de:f2:9b:24:97:80:8a:da:8a:48:6e:5c:
be:18:67:c3:1d:79:b1:b5:b5:74:a6:ad:67:45:83:bd:bc:15:
c5:6a:41:df:d7:ae:a6:55:71:c6:a3:f9:86:95:20:87:c5:f1:
b5:c3:11:bc:8f:ff:9b:58:ba:8b:91:37:d7:dc:2e:e5:22:03:
16:ad:88:40:9b:b9:ec:31:e2:a4:52:c7:ad:82:d5:32:e6:93:
2f:0c:78:c2
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICX+4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTMy
MTQwMjNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEY4Mjc3NERDQ0I0RTUx
OUNENDM4RDdCQjVEQkZFOUQ1QTFFODE1NzQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDYuMc+2xsMtq8W7u9DOpJ6wib32XyLT/S+WkWTGRR04Qod2SJ+
GwKnBAobJXiXApQ19hbb2O7lpnXYApuwMUw5lScTSoMi6B6W6/R20RqOh0L3K4O3
r8mlPhRUDRZo6e2s9L3Tr/+VeSZpIDs40f2lFMeikuB3BgSRNagHobyjcgAAn07X
yPn1uQEe7AzMjN510tLrAFROXC89dMAfdIqVpyVt8E3GErc5rjDvPAFDqU8rkqMl
SsFCmjzxvbeOqvgDcaAvHMEhdpoQzKgIrUbITSBLaS9HVeBKArcFilwJYF+F/hf0
PTrQs7SiWJMxZkIOGyZJEWLd1wR2vcDmx15/AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU+Cd03MtOUZzUONe7Xb/p1aHoFXQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3Ly1DZDAzTXRPVVp6VU9O
ZTdYYl9wMWFIb0ZYUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAwojaI
OfuCj0Bw1hdjmpcicT8tk3jP/lVEvPau/z9bK75/UFqZ60NDftyKQIOwUGmdKCmk
4zLEQFJqj2n7/hA5JGqzeC4zG8xT4zedq2YEY5zOVHrh9N49s8e8ECWKUQFx85A0
UaALB7TA/5eN1mZ6s3nCwO1+S7PgEmpinAvYoFD+z7G1ikl8rxA+x2uknk+XCNyv
P1R770y7+49TL0s9TtpzUuPkCB/e8pskl4CK2opIbly+GGfDHXmxtbV0pq1nRYO9
vBXFakHf166mVXHGo/mGlSCHxfG1wxG8j/+bWLqLkTfX3C7lIgMWrYhAm7nsMeKk
UsetgtUy5pMvDHjC
-----END CERTIFICATE-----
Generated at Fri Jun 20 21:08:12 2025 by rpki-client