Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/3qxcjI1qdvbBxvE_Z36oGSKr1gk.roa
File: 3qxcjI1qdvbBxvE_Z36oGSKr1gk.roa (raw, json)
Hash identifier: AfRr8wk+lZ3TAlsEt7btEaK7WYKwxR+DLTEICYW3Ev4=
Subject key identifier: DE:AC:5C:8C:8D:6A:76:F6:C1:C6:F1:3F:67:7E:A8:19:22:AB:D6:09
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 607A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3qxcjI1qdvbBxvE_Z36oGSKr1gk.roa
Signing time: Thu 15 May 2025 08:40:21 +0000
ROA not before: Thu 15 May 2025 08:40:21 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24698 (0x607a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 15 08:40:21 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=DEAC5C8C8D6A76F6C1C6F13F677EA81922ABD609
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:fe:01:f3:3d:14:8f:ef:23:6c:ea:c7:1a:0a:
ba:bb:5d:b9:6a:77:fa:03:97:47:38:d2:b5:f4:e2:
bf:39:64:d1:81:48:fc:3a:01:89:81:4a:7f:ff:b9:
15:99:82:35:ca:5a:27:ac:bf:9b:3b:b6:11:9d:34:
d0:c6:84:6c:a3:44:e6:30:ee:bb:19:af:b9:14:14:
87:8b:46:62:11:6f:18:9a:63:41:2f:7f:7b:24:d7:
13:11:bd:c8:df:f6:b8:b3:f5:24:ec:84:ba:df:e1:
94:05:f2:a9:69:87:97:da:98:89:e5:f9:2d:0f:58:
88:10:00:aa:f4:d1:88:cb:7b:eb:f4:5b:47:c8:1b:
8a:b2:cd:00:f4:ff:cd:2a:1e:b7:a0:82:f9:6e:81:
d6:1d:6a:10:c9:62:df:96:4c:49:43:4f:9d:53:d4:
58:de:89:b1:c7:a7:d4:17:c9:6e:d9:8a:71:c4:e3:
72:f8:54:3e:6a:e1:90:8b:2d:58:32:f9:f7:b0:31:
8c:77:c8:33:cb:dc:1c:eb:1a:0d:14:28:14:c0:78:
b6:d2:7b:b9:50:54:7a:bc:92:3c:0d:d4:32:93:cd:
57:d2:4c:66:0e:32:19:29:6d:c8:f2:af:6c:59:d9:
17:41:89:1c:4a:6c:47:1f:25:c7:73:e9:61:2c:4c:
7d:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:AC:5C:8C:8D:6A:76:F6:C1:C6:F1:3F:67:7E:A8:19:22:AB:D6:09
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3qxcjI1qdvbBxvE_Z36oGSKr1gk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
1f:e1:61:35:b8:41:06:98:41:58:c1:8f:85:38:f4:22:60:bb:
b2:04:c3:c4:d3:1d:0b:6d:60:36:86:cb:8f:f9:26:c8:fb:c6:
3b:7e:e4:5a:22:bd:98:f9:b4:2d:92:e1:f4:77:c3:1b:32:1d:
21:5c:0a:a5:39:03:d9:d4:56:31:03:2d:e0:4e:be:e6:59:de:
4c:d0:e2:7d:2f:b5:60:f9:ea:dc:29:e2:53:2c:be:a6:3d:4e:
a9:f4:02:04:d8:6b:16:88:76:2f:52:48:1b:be:53:f1:43:73:
ab:47:3f:7f:da:be:f8:de:0e:2c:d1:01:82:1c:98:76:d1:cb:
19:ed:5c:20:25:ee:06:87:54:c6:08:72:83:c9:2c:00:b7:c5:
2e:2f:e6:87:2f:74:fc:88:c4:af:b1:26:9d:95:04:14:f0:c8:
8f:1b:34:a3:16:8f:09:cb:75:af:c8:49:fb:9e:ec:2d:5c:1c:
f2:df:7d:92:40:27:6d:a0:8c:fd:bb:a3:6e:95:b0:1e:4d:34:
ba:fb:ed:23:4e:2d:80:d3:cd:ef:cd:f9:96:fa:59:cc:63:77:
03:7f:ef:c5:4b:bb:3f:f3:ca:07:50:0e:19:2b:c7:9d:9a:ad:
7f:38:32:9b:d5:55:33:cd:9c:92:78:31:1c:66:04:52:a4:b3:
7d:bd:77:cd
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYHowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTUw
ODQwMjFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKERFQUM1QzhDOEQ2QTc2
RjZDMUM2RjEzRjY3N0VBODE5MjJBQkQ2MDkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCW/gHzPRSP7yNs6scaCrq7Xblqd/oDl0c40rX04r85ZNGBSPw6
AYmBSn//uRWZgjXKWiesv5s7thGdNNDGhGyjROYw7rsZr7kUFIeLRmIRbxiaY0Ev
f3sk1xMRvcjf9riz9STshLrf4ZQF8qlph5famInl+S0PWIgQAKr00YjLe+v0W0fI
G4qyzQD0/80qHreggvlugdYdahDJYt+WTElDT51T1FjeibHHp9QXyW7ZinHE43L4
VD5q4ZCLLVgy+fewMYx3yDPL3BzrGg0UKBTAeLbSe7lQVHq8kjwN1DKTzVfSTGYO
Mhkpbcjyr2xZ2RdBiRxKbEcfJcdz6WEsTH1jAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU3qxcjI1qdvbBxvE/Z36oGSKr1gkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzNxeGNqSTFxZHZiQnh2
RV9aMzZvR1NLcjFnay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAf4WE1
uEEGmEFYwY+FOPQiYLuyBMPE0x0LbWA2hsuP+SbI+8Y7fuRaIr2Y+bQtkuH0d8Mb
Mh0hXAqlOQPZ1FYxAy3gTr7mWd5M0OJ9L7Vg+ercKeJTLL6mPU6p9AIE2GsWiHYv
UkgbvlPxQ3OrRz9/2r743g4s0QGCHJh20csZ7VwgJe4Gh1TGCHKDySwAt8UuL+aH
L3T8iMSvsSadlQQU8MiPGzSjFo8Jy3WvyEn7nuwtXBzy332SQCdtoIz9u6NulbAe
TTS6++0jTi2A083vzfmW+lnMY3cDf+/FS7s/88oHUA4ZK8edmq1/ODKb1VUzzZyS
eDEcZgRSpLN9vXfN
-----END CERTIFICATE-----
Generated at Sat Jun 21 21:37:58 2025 by rpki-client