Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/2zxto4eU4XaQvSjG6ZkGhXhHSw8.roa
File: 2zxto4eU4XaQvSjG6ZkGhXhHSw8.roa (raw, json)
Hash identifier: +YEFVrCZq57V164m0IgcXx3TJXkLz5Mzu1ivQibNtpQ=
Subject key identifier: DB:3C:6D:A3:87:94:E1:76:90:BD:28:C6:E9:99:06:85:78:47:4B:0F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6AD8
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2zxto4eU4XaQvSjG6ZkGhXhHSw8.roa
Signing time: Thu 12 Jun 2025 00:12:08 +0000
ROA not before: Thu 12 Jun 2025 00:12:08 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27352 (0x6ad8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 12 00:12:08 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=DB3C6DA38794E17690BD28C6E999068578474B0F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:2b:0c:c7:57:10:d3:bf:06:3f:7c:62:c8:cf:
27:8d:36:88:58:36:e3:95:63:99:73:c0:4a:18:cc:
23:00:5b:37:0d:ce:a8:94:cc:73:4d:24:23:d2:41:
65:65:a0:11:55:79:c4:56:be:2c:81:31:f9:fb:d1:
a9:14:85:c4:e2:44:c6:87:32:59:ad:71:85:ad:fb:
68:4b:84:00:cc:b2:81:60:98:a6:62:1b:e0:b5:87:
7b:2a:63:82:50:26:0b:96:25:13:26:f1:ed:2b:c7:
1c:34:a6:19:95:bd:d0:53:8e:c9:c0:35:28:09:b3:
9a:63:32:c5:85:e9:0c:bc:04:fc:07:f7:be:0c:e6:
fa:75:fb:30:0e:42:88:37:0d:60:fe:48:1d:33:cf:
e1:4d:28:56:c9:2f:08:49:13:a0:38:27:45:61:82:
39:a7:c8:e7:b1:23:99:02:03:a9:01:8e:29:25:b2:
04:82:47:38:9f:e9:59:e2:57:c3:f2:21:83:9c:f1:
00:fb:20:a0:af:d5:8b:d4:6a:84:42:78:25:f5:4c:
39:b9:a5:9d:e4:08:dc:a4:7f:dc:a6:a5:7b:3d:22:
73:c8:66:ef:4d:8e:c2:3e:fe:2d:43:27:5c:cd:f7:
f2:28:22:2e:8f:66:98:99:29:a2:66:fd:a0:bc:f2:
63:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:3C:6D:A3:87:94:E1:76:90:BD:28:C6:E9:99:06:85:78:47:4B:0F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2zxto4eU4XaQvSjG6ZkGhXhHSw8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
16:44:46:3f:b7:73:d8:ee:60:47:5d:c5:07:4b:0a:e6:d0:92:
d9:fd:08:fc:6d:42:a1:19:eb:a8:1e:32:41:4e:9c:b7:b1:e8:
12:7e:83:47:9a:d6:00:27:57:d7:95:19:23:5a:1a:d0:be:82:
80:a6:e6:2d:f7:28:5d:4b:92:6e:42:27:6e:26:2c:5e:9a:27:
a9:65:2c:6c:04:30:c5:a3:bc:50:24:62:df:6d:60:3d:d8:9d:
ee:53:16:aa:cf:c3:08:b5:39:89:14:f7:a8:4e:83:b0:fa:52:
f0:2a:b0:85:7f:8f:37:69:dc:d3:ae:59:a5:2b:02:9b:f9:94:
1c:ed:9d:92:22:73:b5:81:ba:d4:f4:bc:1e:28:d5:2b:87:51:
ee:e0:6b:da:1a:93:ac:b7:c8:dd:4c:79:7f:cd:26:1b:66:fe:
eb:52:b9:da:e1:8d:fa:35:1a:94:6c:e3:c7:05:25:df:72:2d:
af:5c:eb:a1:af:fc:e9:8e:fe:9e:9c:6e:79:9d:11:ea:6a:cb:
37:41:61:1b:18:4c:09:ab:34:12:74:73:29:48:76:7a:e6:f3:
91:56:dd:22:db:48:6f:9c:3d:04:ab:94:d7:f8:e6:a1:b7:ed:
b5:31:3e:3f:57:82:29:f4:6c:36:a2:7c:da:f8:06:1c:c5:f7:
90:65:8c:99
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICatgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTIw
MDEyMDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKERCM0M2REEzODc5NEUx
NzY5MEJEMjhDNkU5OTkwNjg1Nzg0NzRCMEYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7KwzHVxDTvwY/fGLIzyeNNohYNuOVY5lzwEoYzCMAWzcNzqiU
zHNNJCPSQWVloBFVecRWviyBMfn70akUhcTiRMaHMlmtcYWt+2hLhADMsoFgmKZi
G+C1h3sqY4JQJguWJRMm8e0rxxw0phmVvdBTjsnANSgJs5pjMsWF6Qy8BPwH974M
5vp1+zAOQog3DWD+SB0zz+FNKFbJLwhJE6A4J0VhgjmnyOexI5kCA6kBjiklsgSC
Rzif6VniV8PyIYOc8QD7IKCv1YvUaoRCeCX1TDm5pZ3kCNykf9ympXs9InPIZu9N
jsI+/i1DJ1zN9/IoIi6PZpiZKaJm/aC88mPTAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU2zxto4eU4XaQvSjG6ZkGhXhHSw8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzJ6eHRvNGVVNFhhUXZT
akc2WmtHaFhoSFN3OC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAWREY/
t3PY7mBHXcUHSwrm0JLZ/Qj8bUKhGeuoHjJBTpy3segSfoNHmtYAJ1fXlRkjWhrQ
voKApuYt9yhdS5JuQiduJixemiepZSxsBDDFo7xQJGLfbWA92J3uUxaqz8MItTmJ
FPeoToOw+lLwKrCFf483adzTrlmlKwKb+ZQc7Z2SInO1gbrU9LweKNUrh1Hu4Gva
GpOst8jdTHl/zSYbZv7rUrna4Y36NRqUbOPHBSXfci2vXOuhr/zpjv6enG55nRHq
ass3QWEbGEwJqzQSdHMpSHZ65vORVt0i20hvnD0Eq5TX+Oaht+21MT4/V4Ip9Gw2
onza+AYcxfeQZYyZ
-----END CERTIFICATE-----
Generated at Mon Jun 23 02:49:59 2025 by rpki-client