Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/4U1OLgud7e_qFefxSXjlojhqHyc.roa
File: 4U1OLgud7e_qFefxSXjlojhqHyc.roa (raw, json)
Hash identifier: aDORRkr3JStFyIfp1qo3FSc8dlyCR9LQ5A8J8Mx/oIY=
Subject key identifier: E1:4D:4E:2E:0B:9D:ED:EF:EA:15:E7:F1:49:78:E5:A2:38:6A:1F:27
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 62EA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4U1OLgud7e_qFefxSXjlojhqHyc.roa
Signing time: Wed 21 May 2025 20:40:48 +0000
ROA not before: Wed 21 May 2025 20:40:48 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25322 (0x62ea)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 21 20:40:48 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=E14D4E2E0B9DEDEFEA15E7F14978E5A2386A1F27
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:47:22:99:5f:1e:20:ee:8e:2a:d4:fd:e5:de:
d1:26:64:4c:63:25:52:81:2b:65:44:05:8a:6d:8c:
5c:26:8f:c1:44:70:00:e2:b2:4b:ad:30:d6:bc:d4:
6c:35:bf:4e:13:a5:d5:8f:ff:9a:b3:67:d7:0e:6d:
98:2c:63:c5:24:ac:07:83:46:9b:8f:2f:21:01:c5:
ec:d4:5d:6a:9e:fd:7b:00:dd:74:84:8e:d5:d5:cb:
d5:6d:3c:68:22:8e:38:dd:b1:bd:bf:d4:7a:1f:c9:
89:55:9c:a8:02:36:d7:fb:77:77:b1:d8:6b:82:d8:
eb:91:18:81:ca:d1:63:36:49:5b:84:ec:72:3c:9c:
b0:54:d6:10:fd:6d:1b:9b:c0:f7:da:c0:0b:5d:8f:
f5:7b:2a:08:fa:62:7e:1e:f9:d7:9d:f4:f6:b8:fb:
0e:22:01:04:28:ee:8e:a2:82:4f:9e:fd:f3:f2:8a:
59:98:b1:e3:1a:7c:e8:68:16:af:9b:1f:6c:92:0f:
44:04:5e:ff:eb:1a:6c:f3:9a:7e:a4:d0:ec:08:fa:
9b:65:95:c4:9b:61:d2:28:c8:15:26:8a:48:fb:f5:
6e:8a:36:63:e6:4e:27:20:f5:bc:b3:61:ae:62:5a:
cd:a3:81:5f:20:8a:81:e5:56:c1:a5:ae:07:d8:f6:
72:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:4D:4E:2E:0B:9D:ED:EF:EA:15:E7:F1:49:78:E5:A2:38:6A:1F:27
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4U1OLgud7e_qFefxSXjlojhqHyc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
1f:f0:fd:9d:ab:a4:9b:65:44:c5:44:6a:e6:88:c9:f2:f6:a1:
bc:87:95:5c:45:33:e6:d8:19:b6:ff:35:43:fc:05:64:7a:23:
05:81:d4:75:f5:ea:b2:bc:35:41:85:e2:5e:7d:c8:bc:3e:25:
8f:a8:b1:9d:54:d1:38:50:46:e8:f4:90:d1:88:c0:8f:3c:2d:
21:12:fd:f8:70:8e:65:8c:fb:13:14:a2:75:81:e6:64:18:ea:
7b:ab:b6:6f:9d:0c:e2:c6:95:44:61:5d:cd:87:03:92:b8:e4:
8a:6a:3e:14:7b:ef:13:a1:45:e2:15:62:f8:49:69:75:f9:c3:
19:a8:5a:c6:74:01:41:1a:2d:b5:a8:ae:26:e2:6a:48:ad:f2:
3c:d1:f3:f8:9b:b8:eb:8b:59:0e:2a:94:fe:67:c4:6b:66:8a:
d9:45:f7:57:b0:1a:0a:9f:1d:41:9c:3d:75:8a:b6:bb:1e:83:
c8:23:1d:27:3d:bb:7e:da:2c:d6:5e:7c:72:9a:de:bd:71:8d:
07:1f:6c:af:c7:ce:87:9a:67:45:31:87:88:d4:1d:5b:71:27:
bd:49:c2:08:ac:d1:c6:02:3e:6d:3b:d8:98:b7:7d:4c:93:1c:
b0:73:2c:28:4c:bd:d1:9e:9f:17:ed:e7:53:03:48:34:2e:df:
28:12:58:9b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYuowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjEy
MDQwNDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEUxNEQ0RTJFMEI5REVE
RUZFQTE1RTdGMTQ5NzhFNUEyMzg2QTFGMjcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCnRyKZXx4g7o4q1P3l3tEmZExjJVKBK2VEBYptjFwmj8FEcADi
skutMNa81Gw1v04TpdWP/5qzZ9cObZgsY8UkrAeDRpuPLyEBxezUXWqe/XsA3XSE
jtXVy9VtPGgijjjdsb2/1HofyYlVnKgCNtf7d3ex2GuC2OuRGIHK0WM2SVuE7HI8
nLBU1hD9bRubwPfawAtdj/V7Kgj6Yn4e+ded9Pa4+w4iAQQo7o6igk+e/fPyilmY
seMafOhoFq+bH2ySD0QEXv/rGmzzmn6k0OwI+ptllcSbYdIoyBUmikj79W6KNmPm
Ticg9byzYa5iWs2jgV8gioHlVsGlrgfY9nLPAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU4U1OLgud7e/qFefxSXjlojhqHycwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzRVMU9MZ3VkN2VfcUZl
ZnhTWGpsb2pocUh5Yy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAf8P2d
q6SbZUTFRGrmiMny9qG8h5VcRTPm2Bm2/zVD/AVkeiMFgdR19eqyvDVBheJefci8
PiWPqLGdVNE4UEbo9JDRiMCPPC0hEv34cI5ljPsTFKJ1geZkGOp7q7ZvnQzixpVE
YV3NhwOSuOSKaj4Ue+8ToUXiFWL4SWl1+cMZqFrGdAFBGi21qK4m4mpIrfI80fP4
m7jri1kOKpT+Z8RrZorZRfdXsBoKnx1BnD11ira7HoPIIx0nPbt+2izWXnxymt69
cY0HH2yvx86HmmdFMYeI1B1bcSe9ScIIrNHGAj5tO9iYt31MkxywcywoTL3Rnp8X
7edTA0g0Lt8oElib
-----END CERTIFICATE-----
Generated at Fri Jun 20 19:17:01 2025 by rpki-client