Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/1tYNWCCRJgwOmgMjD2ZzhrYWd40.roa
File: 1tYNWCCRJgwOmgMjD2ZzhrYWd40.roa (raw, json)
Hash identifier: bWpd2cmZuA36jfeDYMwPSr/S+RPD6y0ZQtYeEup9dkg=
Subject key identifier: D6:D6:0D:58:20:91:26:0C:0E:9A:03:23:0F:66:73:86:B6:16:77:8D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6888
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1tYNWCCRJgwOmgMjD2ZzhrYWd40.roa
Signing time: Thu 05 Jun 2025 20:11:49 +0000
ROA not before: Thu 05 Jun 2025 20:11:49 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26760 (0x6888)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 5 20:11:49 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=D6D60D582091260C0E9A03230F667386B616778D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:04:4a:2b:ca:42:b0:4f:d8:2d:7e:84:1f:11:
02:d0:35:98:d8:67:a8:28:15:aa:c4:b0:3e:fe:a8:
c2:ac:a5:62:44:a2:d6:d0:2b:a1:39:8a:e9:5b:7d:
e2:6b:1e:f2:ac:74:54:11:78:1b:5b:d0:43:c2:8e:
bc:0e:d8:ce:96:c4:4d:c4:24:00:c6:8f:89:6a:5e:
43:82:ab:f6:3e:61:54:3c:21:02:cc:69:7e:d8:85:
be:8a:4f:6d:18:a3:87:f7:92:de:a8:90:5e:00:72:
6e:85:0c:e0:34:20:79:31:aa:45:c5:25:be:50:8d:
03:50:e9:88:5c:4d:4f:58:2e:01:20:f0:7a:ca:3c:
35:65:e2:32:16:ff:0b:91:a7:dd:62:20:d1:16:bf:
a9:57:00:15:9c:94:a7:50:fb:1a:51:0a:37:6b:81:
15:9d:5c:58:54:ce:21:95:57:58:bf:bb:12:cb:ba:
b3:0f:02:cd:1c:23:b0:95:cc:93:aa:64:30:45:08:
b1:6f:bd:76:b7:10:3d:a4:0a:ba:6a:33:bd:d3:a9:
cb:39:62:59:e8:78:7a:0e:f6:40:2c:4d:8a:23:f9:
57:d1:a0:0c:74:c2:d5:fe:d4:b1:04:ea:2c:77:c2:
0c:79:bf:0f:26:7d:00:21:72:44:da:68:ca:96:5f:
be:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:D6:0D:58:20:91:26:0C:0E:9A:03:23:0F:66:73:86:B6:16:77:8D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1tYNWCCRJgwOmgMjD2ZzhrYWd40.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
58:f8:71:a9:e6:bd:5a:35:d4:3b:d9:fc:d8:31:44:ef:e6:36:
f1:d2:b3:56:a8:c5:b8:56:56:70:85:05:be:ab:bd:bb:a3:91:
91:90:c8:7c:a8:b2:f3:dc:80:94:8f:68:f7:ff:5f:f5:a2:58:
c8:4b:fb:29:14:ce:65:80:5c:cc:fc:2c:b1:56:c7:ab:d5:a0:
af:f2:77:c4:05:df:40:9b:27:a6:bc:18:c2:c9:c9:53:1a:78:
41:93:47:6b:1c:d4:56:4c:59:7d:18:d6:ea:78:5a:dd:8c:04:
8b:56:d2:7b:1f:bd:76:62:3c:da:89:ef:24:57:67:a9:a0:03:
73:1a:e7:c5:a7:f8:0f:12:3a:b2:0f:3c:c2:c4:3a:87:ce:5b:
79:b5:5a:d6:5d:fd:b9:82:4c:8f:33:72:08:02:83:4b:c6:20:
db:5e:03:eb:f0:1f:f3:f0:b5:bc:26:62:b3:93:30:8e:e2:8c:
3c:0c:64:4b:ee:ac:c2:a0:9e:da:a9:d6:ee:d1:89:9a:18:77:
ba:cb:4c:99:49:3c:31:ec:04:46:ce:5f:13:6f:e2:60:bc:ba:
73:5a:7d:a4:e2:07:b3:bc:bd:ad:e7:01:9c:a0:c6:69:11:dc:
50:7c:db:5e:4f:77:75:dc:e7:a9:3b:45:e8:1a:70:de:c8:f0:
96:c1:c9:85
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICaIgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDUy
MDExNDlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEQ2RDYwRDU4MjA5MTI2
MEMwRTlBMDMyMzBGNjY3Mzg2QjYxNjc3OEQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7BEorykKwT9gtfoQfEQLQNZjYZ6goFarEsD7+qMKspWJEotbQ
K6E5iulbfeJrHvKsdFQReBtb0EPCjrwO2M6WxE3EJADGj4lqXkOCq/Y+YVQ8IQLM
aX7Yhb6KT20Yo4f3kt6okF4Acm6FDOA0IHkxqkXFJb5QjQNQ6YhcTU9YLgEg8HrK
PDVl4jIW/wuRp91iINEWv6lXABWclKdQ+xpRCjdrgRWdXFhUziGVV1i/uxLLurMP
As0cI7CVzJOqZDBFCLFvvXa3ED2kCrpqM73Tqcs5YlnoeHoO9kAsTYoj+VfRoAx0
wtX+1LEE6ix3wgx5vw8mfQAhckTaaMqWX77nAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU1tYNWCCRJgwOmgMjD2ZzhrYWd40wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzF0WU5XQ0NSSmd3T21n
TWpEMlp6aHJZV2Q0MC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBY+HGp
5r1aNdQ72fzYMUTv5jbx0rNWqMW4VlZwhQW+q727o5GRkMh8qLLz3ICUj2j3/1/1
oljIS/spFM5lgFzM/CyxVser1aCv8nfEBd9AmyemvBjCyclTGnhBk0drHNRWTFl9
GNbqeFrdjASLVtJ7H712Yjzaie8kV2epoANzGufFp/gPEjqyDzzCxDqHzlt5tVrW
Xf25gkyPM3IIAoNLxiDbXgPr8B/z8LW8JmKzkzCO4ow8DGRL7qzCoJ7aqdbu0Yma
GHe6y0yZSTwx7ARGzl8Tb+JgvLpzWn2k4gezvL2t5wGcoMZpEdxQfNteT3d13Oep
O0XoGnDeyPCWwcmF
-----END CERTIFICATE-----
Generated at Sat Jun 21 14:42:54 2025 by rpki-client