Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/4r0y9C5t6veEkjLNbDmguH_vOQw.roa
File: 4r0y9C5t6veEkjLNbDmguH_vOQw.roa (raw, json)
Hash identifier: DrGCaQyJA8epDSjWAVnnBov7azkGSllKma6gHW3CU2I=
Subject key identifier: E2:BD:32:F4:2E:6D:EA:F7:84:92:32:CD:6C:39:A0:B8:7F:EF:39:0C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 618E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4r0y9C5t6veEkjLNbDmguH_vOQw.roa
Signing time: Sun 18 May 2025 05:40:45 +0000
ROA not before: Sun 18 May 2025 05:40:45 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24974 (0x618e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 18 05:40:45 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=E2BD32F42E6DEAF7849232CD6C39A0B87FEF390C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:44:a4:6b:b1:09:ab:59:55:6b:8c:76:db:d5:
f4:d4:1a:9d:6b:9a:03:c0:33:7c:b4:a1:8a:b7:3f:
02:38:0e:9f:3b:1a:12:d6:7d:de:3f:a4:3f:55:f1:
82:cd:95:95:14:8e:f8:38:9d:4b:18:03:be:b8:11:
2d:92:61:e4:7c:76:3e:c8:32:a9:f9:5f:b1:25:89:
d2:00:5b:ed:37:f5:ff:b1:77:f4:89:9c:d8:87:a5:
ee:d1:1f:fa:3d:9a:12:bd:69:c6:48:a9:48:a4:a0:
e7:96:6a:99:50:b2:15:d9:5c:83:e9:c4:c3:62:30:
dc:a5:f5:9f:2b:ed:e0:06:52:d5:a2:54:14:c0:eb:
29:47:19:fc:c8:92:4d:c9:01:17:e2:44:12:9a:b5:
58:86:25:b2:57:21:df:bd:b4:c6:57:fb:10:6c:65:
91:40:9e:13:9a:39:83:d1:47:57:77:b5:64:cc:dc:
19:3b:c1:80:ab:78:23:90:7c:56:66:e2:23:d8:dc:
1d:10:a3:8a:dd:68:7b:bb:07:b2:65:9c:7b:60:24:
ba:5f:45:6c:db:94:95:8d:6a:ba:c2:df:f2:aa:6c:
3b:a6:bc:8b:1a:e0:3c:0d:4b:74:74:91:e1:3b:af:
cb:39:8e:84:e6:22:95:81:db:8c:4c:58:91:49:9a:
64:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:BD:32:F4:2E:6D:EA:F7:84:92:32:CD:6C:39:A0:B8:7F:EF:39:0C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4r0y9C5t6veEkjLNbDmguH_vOQw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
93:12:4f:ce:8b:82:a7:6d:f9:9c:3d:6f:b6:55:a8:a7:98:5f:
93:5e:22:c2:cf:f0:0d:57:8f:57:75:39:12:11:00:6e:82:66:
f7:07:d9:b4:c0:0c:3e:ff:c0:34:14:e5:3c:af:62:19:84:98:
60:a5:94:81:b7:88:bd:5e:bf:71:fc:f3:2c:ed:95:74:65:6c:
46:af:46:e1:aa:6c:bc:20:0e:a6:57:a0:7d:27:6e:7e:28:af:
6f:8c:72:e4:57:cf:d1:0b:87:10:2c:90:0a:4e:21:52:bc:6c:
ad:1f:9c:d0:15:c4:2a:44:ac:8d:30:11:7c:56:3a:03:3e:b4:
21:d8:21:ba:40:09:db:2b:2f:ca:cc:59:16:b3:f9:18:5b:29:
49:b2:46:c8:a4:80:98:74:38:d2:d2:3d:24:b0:44:f2:c6:69:
0d:87:a0:8a:f0:35:1f:4d:d4:97:a2:88:fa:66:e8:61:d4:9b:
b7:71:c8:db:c9:fa:8e:e4:e4:22:a3:19:f0:f8:b8:5d:32:0b:
11:bc:5e:7d:e1:f9:dc:80:64:86:ac:a7:be:0c:1e:7e:d2:b8:
f5:48:a0:2e:3f:74:bb:50:f4:f3:91:9c:a7:63:26:4e:23:21:
95:e1:ad:40:a8:3a:cb:23:68:58:64:f7:10:a5:a1:2a:5e:af:
ad:91:71:69
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYY4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTgw
NTQwNDVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEUyQkQzMkY0MkU2REVB
Rjc4NDkyMzJDRDZDMzlBMEI4N0ZFRjM5MEMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCzRKRrsQmrWVVrjHbb1fTUGp1rmgPAM3y0oYq3PwI4Dp87GhLW
fd4/pD9V8YLNlZUUjvg4nUsYA764ES2SYeR8dj7IMqn5X7ElidIAW+039f+xd/SJ
nNiHpe7RH/o9mhK9acZIqUikoOeWaplQshXZXIPpxMNiMNyl9Z8r7eAGUtWiVBTA
6ylHGfzIkk3JARfiRBKatViGJbJXId+9tMZX+xBsZZFAnhOaOYPRR1d3tWTM3Bk7
wYCreCOQfFZm4iPY3B0Qo4rdaHu7B7JlnHtgJLpfRWzblJWNarrC3/KqbDumvIsa
4DwNS3R0keE7r8s5joTmIpWB24xMWJFJmmQtAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU4r0y9C5t6veEkjLNbDmguH/vOQwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzRyMHk5QzV0NnZlRWtq
TE5iRG1ndUhfdk9Rdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCTEk/O
i4KnbfmcPW+2VainmF+TXiLCz/ANV49XdTkSEQBugmb3B9m0wAw+/8A0FOU8r2IZ
hJhgpZSBt4i9Xr9x/PMs7ZV0ZWxGr0bhqmy8IA6mV6B9J25+KK9vjHLkV8/RC4cQ
LJAKTiFSvGytH5zQFcQqRKyNMBF8VjoDPrQh2CG6QAnbKy/KzFkWs/kYWylJskbI
pICYdDjS0j0ksETyxmkNh6CK8DUfTdSXooj6Zuhh1Ju3ccjbyfqO5OQioxnw+Lhd
MgsRvF594fncgGSGrKe+DB5+0rj1SKAuP3S7UPTzkZynYyZOIyGV4a1AqDrLI2hY
ZPcQpaEqXq+tkXFp
-----END CERTIFICATE-----
Generated at Fri Jun 20 23:08:34 2025 by rpki-client