Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/3k_MZJKdSVNDaElyiDilhZwPu5w.roa
File: 3k_MZJKdSVNDaElyiDilhZwPu5w.roa (raw, json)
Hash identifier: DeSS6n9i/GrmhndULdFZrdwUjR0gN4y6PeGRMIbW6Ls=
Subject key identifier: DE:4F:CC:64:92:9D:49:53:43:68:49:72:88:38:A5:85:9C:0F:BB:9C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6500
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3k_MZJKdSVNDaElyiDilhZwPu5w.roa
Signing time: Tue 27 May 2025 10:11:08 +0000
ROA not before: Tue 27 May 2025 10:11:08 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25856 (0x6500)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 27 10:11:08 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=DE4FCC64929D4953436849728838A5859C0FBB9C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ee:3e:af:9f:6f:02:06:ee:6f:11:ab:d7:ae:88:
b9:69:a6:84:8a:ca:28:e9:c4:ee:c3:d9:05:bb:77:
19:4a:85:d7:ad:fa:f9:e9:a3:9c:06:eb:45:95:96:
b3:18:d5:58:2f:68:3f:b3:2e:48:c7:c9:bc:6f:3d:
3b:46:02:e0:f2:95:ff:c4:5c:64:cf:9e:8e:f2:01:
a8:49:d8:2b:9d:67:f1:90:9a:57:23:44:3b:76:52:
ea:40:3e:7a:ab:aa:59:96:7b:94:c2:57:25:93:25:
0b:36:7a:a8:04:46:57:a5:03:df:33:19:e1:fb:93:
d4:50:77:45:ef:a7:1e:78:22:bd:b0:29:12:4c:ce:
db:64:ce:2c:aa:00:79:db:5d:54:6b:2f:4b:a2:12:
f2:6b:eb:cd:89:16:63:09:1f:22:4f:04:69:0c:11:
3a:ef:0d:24:eb:29:10:77:25:df:3d:a6:1f:5c:82:
88:a9:21:21:81:c6:76:17:4f:06:33:01:e7:64:40:
bd:11:56:67:fa:f2:87:87:2e:fd:8b:b3:4e:a7:96:
c6:33:05:4c:24:9c:3f:81:01:b7:43:ed:c9:f1:25:
7f:6b:f2:f7:ba:69:6f:8f:df:db:72:ab:3f:f3:25:
93:59:2d:5d:21:b8:8d:e5:a0:a7:ba:15:bc:a9:d8:
18:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:4F:CC:64:92:9D:49:53:43:68:49:72:88:38:A5:85:9C:0F:BB:9C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3k_MZJKdSVNDaElyiDilhZwPu5w.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
58:94:7f:fb:87:e9:4d:e4:9e:97:9e:2f:ba:e2:09:07:84:ff:
3a:dc:c0:44:25:6d:e8:18:96:55:61:88:7c:c4:c1:e8:ae:d0:
81:21:92:80:f8:a2:cf:30:5f:7e:38:39:48:12:4a:08:8d:d2:
cc:d0:cc:fd:b4:ec:63:89:92:6d:f6:0a:34:cc:ec:c2:14:46:
c0:c3:d4:4f:d8:31:0f:49:95:40:79:3f:96:6f:70:a8:be:31:
f0:2c:38:9f:0a:62:70:21:18:6e:6d:14:07:cc:81:7d:6c:62:
d7:a8:38:54:8f:0b:20:d0:c8:a3:41:2a:12:38:c0:91:b7:42:
5d:e7:ee:96:f4:eb:78:22:a1:bb:15:cc:15:a9:bc:70:c3:d9:
5d:89:e4:e6:fe:48:f2:2e:10:b4:35:2a:4c:0a:09:92:3a:32:
13:94:8c:65:f1:e4:2f:29:1b:cb:77:38:0f:58:5f:e3:db:35:
14:04:47:6b:a1:42:42:0b:21:04:0b:a6:e2:3e:5a:f7:6c:4b:
1e:44:0a:78:6d:66:d6:54:5d:c4:93:c6:97:a7:07:02:8c:6b:
59:3b:8d:d1:3b:20:09:5b:88:da:46:d4:58:0b:b2:39:77:77:
e2:31:72:4a:da:64:72:90:bc:33:45:3d:48:ac:52:38:b8:6c:
2a:53:c5:f7
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZQAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1Mjcx
MDExMDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKERFNEZDQzY0OTI5RDQ5
NTM0MzY4NDk3Mjg4MzhBNTg1OUMwRkJCOUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDuPq+fbwIG7m8Rq9euiLlppoSKyijpxO7D2QW7dxlKhdet+vnp
o5wG60WVlrMY1VgvaD+zLkjHybxvPTtGAuDylf/EXGTPno7yAahJ2CudZ/GQmlcj
RDt2UupAPnqrqlmWe5TCVyWTJQs2eqgERlelA98zGeH7k9RQd0Xvpx54Ir2wKRJM
zttkziyqAHnbXVRrL0uiEvJr682JFmMJHyJPBGkMETrvDSTrKRB3Jd89ph9cgoip
ISGBxnYXTwYzAedkQL0RVmf68oeHLv2Ls06nlsYzBUwknD+BAbdD7cnxJX9r8ve6
aW+P39tyqz/zJZNZLV0huI3loKe6Fbyp2BgVAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU3k/MZJKdSVNDaElyiDilhZwPu5wwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzNrX01aSktkU1ZORGFF
bHlpRGlsaFp3UHU1dy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBYlH/7
h+lN5J6Xni+64gkHhP863MBEJW3oGJZVYYh8xMHortCBIZKA+KLPMF9+ODlIEkoI
jdLM0Mz9tOxjiZJt9go0zOzCFEbAw9RP2DEPSZVAeT+Wb3CovjHwLDifCmJwIRhu
bRQHzIF9bGLXqDhUjwsg0MijQSoSOMCRt0Jd5+6W9Ot4IqG7FcwVqbxww9ldieTm
/kjyLhC0NSpMCgmSOjITlIxl8eQvKRvLdzgPWF/j2zUUBEdroUJCCyEEC6biPlr3
bEseRAp4bWbWVF3Ek8aXpwcCjGtZO43ROyAJW4jaRtRYC7I5d3fiMXJK2mRykLwz
RT1IrFI4uGwqU8X3
-----END CERTIFICATE-----
Generated at Sun Jun 22 09:35:09 2025 by rpki-client