Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/2Cf_wLRp0NHNlQIkpjyBTEy2j18.roa
File: 2Cf_wLRp0NHNlQIkpjyBTEy2j18.roa (raw, json)
Hash identifier: xRwLoT99xp3h0Ffof7ODqTLqYqOKiylABMkcKL3S/uc=
Subject key identifier: D8:27:FF:C0:B4:69:D0:D1:CD:95:02:24:A6:3C:81:4C:4C:B6:8F:5F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6396
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2Cf_wLRp0NHNlQIkpjyBTEy2j18.roa
Signing time: Fri 23 May 2025 15:40:53 +0000
ROA not before: Fri 23 May 2025 15:40:53 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25494 (0x6396)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 23 15:40:53 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=D827FFC0B469D0D1CD950224A63C814C4CB68F5F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:8e:4f:dc:0f:3a:39:39:70:2b:ad:20:84:7e:
ee:d1:14:55:4a:ba:1b:5a:2c:3b:7b:fb:eb:ec:c8:
89:52:c4:98:e8:6a:21:b0:57:73:62:a4:c5:e6:6c:
d9:9d:00:82:e9:d6:19:47:fc:a2:4b:4e:cb:7f:22:
be:38:5e:4e:d6:01:67:20:d2:e7:94:fa:7d:bd:fb:
2a:b9:fb:83:3d:79:e9:34:b4:18:12:29:6b:c6:64:
48:97:e7:99:e3:a1:46:a9:26:71:1e:92:22:a4:74:
b4:03:df:81:7d:28:2e:40:9b:0f:85:53:6b:01:01:
0d:f7:54:85:96:84:19:7c:be:11:b5:9e:8c:f4:54:
59:c9:dc:19:88:49:b1:ce:4d:df:59:29:97:3f:5c:
83:36:1f:a3:91:00:a5:17:e4:f0:9b:b8:ad:d3:1e:
fe:3f:df:c5:e0:2b:a1:8d:c7:3a:1f:52:8c:f3:b4:
19:6c:55:11:cf:f8:b2:38:b2:c3:1d:96:1d:e8:3e:
a4:32:65:6a:f7:d0:1d:a7:b3:db:5c:c6:72:e0:ed:
fa:16:c5:37:43:9a:f6:2d:ae:57:12:37:d4:64:fb:
7b:6b:04:c3:42:ff:11:e3:d8:d9:ac:b1:84:8c:ab:
eb:6e:bb:47:fc:25:58:16:d4:97:64:e0:d3:37:2f:
ec:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:27:FF:C0:B4:69:D0:D1:CD:95:02:24:A6:3C:81:4C:4C:B6:8F:5F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2Cf_wLRp0NHNlQIkpjyBTEy2j18.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
b8:44:e1:74:ec:e1:96:a5:e0:73:ab:7a:76:67:70:80:8c:35:
ec:8f:4a:43:fd:f9:1e:0e:ba:40:88:67:68:06:17:b5:c2:6e:
a2:43:f1:82:9e:41:22:06:ab:6f:77:46:ae:be:da:18:64:53:
30:5a:6d:f4:12:9d:3b:45:c3:86:7c:5c:1d:da:dd:fe:2c:67:
f2:6c:4e:9b:67:bd:45:20:55:ab:ae:f7:64:3d:29:a2:cc:fc:
0d:1a:0f:b3:dc:17:45:cf:9f:96:33:e0:c7:8b:4a:da:97:d0:
1c:aa:ee:5a:ff:40:8d:d8:60:be:65:a7:b5:0e:64:61:39:f3:
23:c5:d1:ab:c7:ad:da:c1:7e:ad:f7:28:31:e4:b9:25:18:34:
6d:c9:18:ff:8d:b9:9a:a8:fc:2a:dd:ee:e7:5d:95:ea:1c:ce:
5e:5b:ac:6f:ff:42:96:6a:67:01:0d:0c:e0:7d:c6:2a:c9:dd:
e7:34:7e:e7:74:0a:9c:36:84:0e:59:d3:01:de:ee:f7:9f:74:
b2:bc:7f:38:7f:a6:82:17:9b:88:7b:94:94:29:2d:03:3e:d8:
30:24:0f:e2:5b:cc:ab:5a:66:67:46:60:4f:f9:e4:41:3f:4b:
7c:5e:03:cc:e6:51:01:ed:68:8d:b6:0a:fe:48:56:d1:67:d5:
77:1f:e0:67
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICY5YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjMx
NTQwNTNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEQ4MjdGRkMwQjQ2OUQw
RDFDRDk1MDIyNEE2M0M4MTRDNENCNjhGNUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCmjk/cDzo5OXArrSCEfu7RFFVKuhtaLDt7++vsyIlSxJjoaiGw
V3NipMXmbNmdAILp1hlH/KJLTst/Ir44Xk7WAWcg0ueU+n29+yq5+4M9eek0tBgS
KWvGZEiX55njoUapJnEekiKkdLQD34F9KC5Amw+FU2sBAQ33VIWWhBl8vhG1noz0
VFnJ3BmISbHOTd9ZKZc/XIM2H6ORAKUX5PCbuK3THv4/38XgK6GNxzofUozztBls
VRHP+LI4ssMdlh3oPqQyZWr30B2ns9tcxnLg7foWxTdDmvYtrlcSN9Rk+3trBMNC
/xHj2NmssYSMq+tuu0f8JVgW1Jdk4NM3L+wJAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU2Cf/wLRp0NHNlQIkpjyBTEy2j18wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzJDZl93TFJwME5ITmxR
SWtwanlCVEV5MmoxOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQC4ROF0
7OGWpeBzq3p2Z3CAjDXsj0pD/fkeDrpAiGdoBhe1wm6iQ/GCnkEiBqtvd0auvtoY
ZFMwWm30Ep07RcOGfFwd2t3+LGfybE6bZ71FIFWrrvdkPSmizPwNGg+z3BdFz5+W
M+DHi0ral9Acqu5a/0CN2GC+Zae1DmRhOfMjxdGrx63awX6t9ygx5LklGDRtyRj/
jbmaqPwq3e7nXZXqHM5eW6xv/0KWamcBDQzgfcYqyd3nNH7ndAqcNoQOWdMB3u73
n3SyvH84f6aCF5uIe5SUKS0DPtgwJA/iW8yrWmZnRmBP+eRBP0t8XgPM5lEB7WiN
tgr+SFbRZ9V3H+Bn
-----END CERTIFICATE-----
Generated at Sun Jun 22 14:39:56 2025 by rpki-client