Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/3Symq6E0ttnUgItXWo3kr0OZep4.roa
File: 3Symq6E0ttnUgItXWo3kr0OZep4.roa (raw, json)
Hash identifier: PyLPDfmn8QeQOzDDXB5p6p7Hw6H3Znv2RWqbWlbUVTQ=
Subject key identifier: DD:2C:A6:AB:A1:34:B6:D9:D4:80:8B:57:5A:8D:E4:AF:43:99:7A:9E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6994
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3Symq6E0ttnUgItXWo3kr0OZep4.roa
Signing time: Sun 08 Jun 2025 15:11:58 +0000
ROA not before: Sun 08 Jun 2025 15:11:58 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27028 (0x6994)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 8 15:11:58 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=DD2CA6ABA134B6D9D4808B575A8DE4AF43997A9E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:de:77:8c:7b:a9:b5:48:86:0a:26:df:2c:87:
20:4d:ed:36:be:42:cd:34:59:b7:5b:0a:2a:91:e2:
dc:87:08:a2:b3:2e:c7:f1:e4:74:7b:2a:3b:9e:40:
10:33:d4:8a:b2:aa:76:a9:ca:45:29:06:5f:8e:8d:
2d:7d:a5:0a:97:26:66:43:4b:0c:9f:f5:34:d9:40:
7e:2d:a5:83:4a:2b:c3:ff:3e:ac:1b:42:b4:ee:33:
b2:b0:93:62:5c:5c:dc:16:f5:8f:7a:2c:93:a3:4b:
e5:34:1e:ff:f4:ba:de:34:3c:b4:ac:09:5a:76:85:
50:65:8a:51:ca:d2:b3:fe:b6:89:d0:2a:26:ec:8b:
05:27:90:53:e0:8e:6f:e9:51:3f:a3:62:48:f5:e0:
c6:12:00:49:d6:48:61:83:84:3d:98:3b:7f:e6:cb:
97:73:92:32:73:7f:8d:33:ec:d4:17:0b:74:c8:91:
22:4a:05:b8:67:27:fb:54:23:a1:39:65:ca:47:40:
47:40:94:08:15:41:f2:41:a6:66:77:9e:76:f6:21:
19:9d:b7:86:65:c9:9b:75:41:4a:06:35:ae:5a:74:
17:d2:08:21:70:e6:ed:06:ff:11:62:d6:81:40:53:
f6:b9:0d:57:aa:30:af:75:5f:2e:3a:e7:94:88:4e:
bd:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:2C:A6:AB:A1:34:B6:D9:D4:80:8B:57:5A:8D:E4:AF:43:99:7A:9E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3Symq6E0ttnUgItXWo3kr0OZep4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
70:fb:c7:5b:3b:c7:2f:9c:a1:a5:e8:85:aa:37:b8:9b:f5:31:
5a:13:63:d2:14:7a:35:cd:49:fc:ab:78:12:46:25:f4:8f:4f:
07:74:3c:4a:c8:09:e4:e3:a1:00:82:10:61:de:5d:89:f1:f4:
fc:0e:a3:fb:0f:47:50:4d:76:ab:a7:0a:f4:ab:20:70:19:9d:
74:62:b1:22:32:03:db:f9:8a:f0:17:1c:17:39:7e:52:f2:09:
fa:93:fb:3c:a9:5e:ba:3c:0e:27:07:06:cf:c9:39:ba:2a:eb:
fe:05:5f:63:4c:b6:1c:88:33:6a:50:08:36:80:73:bf:74:25:
2d:df:a5:d9:4b:bd:95:71:f2:41:65:30:69:84:a3:0c:bd:06:
3d:ff:64:dd:1e:b0:35:d5:21:86:07:cf:48:a5:98:77:81:1f:
29:4f:5d:94:06:32:0b:30:99:69:ca:3b:3c:86:4c:80:a3:bd:
64:5e:8d:88:65:5a:d1:57:a8:8d:ff:47:ea:31:14:d7:bc:3c:
52:cb:67:fa:26:b5:a7:e8:36:63:b3:0a:3a:36:b3:28:69:2d:
db:b8:0a:f1:38:c1:1e:4e:b3:d3:56:45:48:6c:26:78:39:9b:
a5:67:89:fd:e0:c3:70:87:3e:fe:de:a1:8f:33:fb:8b:60:2e:
80:fc:52:bc
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICaZQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDgx
NTExNThaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEREMkNBNkFCQTEzNEI2
RDlENDgwOEI1NzVBOERFNEFGNDM5OTdBOUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJ3neMe6m1SIYKJt8shyBN7Ta+Qs00WbdbCiqR4tyHCKKzLsfx
5HR7KjueQBAz1IqyqnapykUpBl+OjS19pQqXJmZDSwyf9TTZQH4tpYNKK8P/Pqwb
QrTuM7Kwk2JcXNwW9Y96LJOjS+U0Hv/0ut40PLSsCVp2hVBlilHK0rP+tonQKibs
iwUnkFPgjm/pUT+jYkj14MYSAEnWSGGDhD2YO3/my5dzkjJzf40z7NQXC3TIkSJK
BbhnJ/tUI6E5ZcpHQEdAlAgVQfJBpmZ3nnb2IRmdt4ZlyZt1QUoGNa5adBfSCCFw
5u0G/xFi1oFAU/a5DVeqMK91Xy4655SITr0HAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU3Symq6E0ttnUgItXWo3kr0OZep4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzNTeW1xNkUwdHRuVWdJ
dFhXbzNrcjBPWmVwNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBw+8db
O8cvnKGl6IWqN7ib9TFaE2PSFHo1zUn8q3gSRiX0j08HdDxKyAnk46EAghBh3l2J
8fT8DqP7D0dQTXarpwr0qyBwGZ10YrEiMgPb+YrwFxwXOX5S8gn6k/s8qV66PA4n
BwbPyTm6Kuv+BV9jTLYciDNqUAg2gHO/dCUt36XZS72VcfJBZTBphKMMvQY9/2Td
HrA11SGGB89IpZh3gR8pT12UBjILMJlpyjs8hkyAo71kXo2IZVrRV6iN/0fqMRTX
vDxSy2f6JrWn6DZjswo6NrMoaS3buArxOMEeTrPTVkVIbCZ4OZulZ4n94MNwhz7+
3qGPM/uLYC6A/FK8
-----END CERTIFICATE-----
Generated at Sun Jun 22 06:44:08 2025 by rpki-client