Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/4ynswRruCcNfZL0AOsn1gVjmpAQ.roa
File: 4ynswRruCcNfZL0AOsn1gVjmpAQ.roa (raw, json)
Hash identifier: QWidmiZYn96Xs3jg1y99iPoT2V/8TJusTWXGi7YQuug=
Subject key identifier: E3:29:EC:C1:1A:EE:09:C3:5F:64:BD:00:3A:C9:F5:81:58:E6:A4:04
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 615A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4ynswRruCcNfZL0AOsn1gVjmpAQ.roa
Signing time: Sat 17 May 2025 16:40:42 +0000
ROA not before: Sat 17 May 2025 16:40:42 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24922 (0x615a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 17 16:40:42 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=E329ECC11AEE09C35F64BD003AC9F58158E6A404
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:5f:0b:d6:b2:51:e0:71:93:ec:4f:e6:38:fc:
cc:c6:ca:00:6f:7d:98:65:8a:a1:18:e0:17:55:3c:
b5:f3:68:5c:65:3a:33:82:bf:9c:c4:4d:31:7c:e1:
2d:f4:1b:60:5a:da:d7:69:19:aa:4f:73:49:1b:7e:
73:54:09:f6:59:24:a9:46:e6:b7:f5:f2:6a:c2:d9:
24:2e:28:9e:f1:c2:a6:df:bd:01:14:72:8c:4a:09:
c2:53:bd:2d:5f:8e:f9:bd:49:27:06:a9:f2:46:3d:
ce:ba:66:59:ab:4d:fc:58:8e:2f:1d:bd:4f:5b:8a:
9b:57:98:9b:48:ef:c2:1b:23:63:67:5e:10:38:f1:
ec:68:fb:cd:a7:30:c7:e7:d1:d6:af:d9:4f:cf:60:
64:0d:9d:09:ed:f4:49:56:1e:79:c3:7b:c3:35:26:
19:09:e3:84:f5:d6:7e:c5:75:ec:f2:d4:26:12:e7:
f4:63:50:3f:57:5e:91:b1:e7:0c:00:cc:19:3f:92:
84:3f:fb:10:a2:00:58:20:5d:bf:4f:e5:62:cb:c3:
a7:0b:ea:d9:1e:95:4f:68:45:bb:aa:6f:20:5f:de:
33:e4:a1:f5:01:a3:7b:83:c1:4a:36:7b:5f:d7:21:
90:a1:0d:9c:c1:55:41:12:b1:1d:55:06:f2:f8:a4:
c3:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:29:EC:C1:1A:EE:09:C3:5F:64:BD:00:3A:C9:F5:81:58:E6:A4:04
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4ynswRruCcNfZL0AOsn1gVjmpAQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
07:b7:69:07:03:68:ab:2d:88:5e:00:ee:30:d4:c8:0e:32:9f:
ce:5b:1c:c4:6a:4f:0b:87:15:80:58:32:2e:0c:f0:76:26:aa:
dc:b4:51:bc:6b:9f:72:61:d2:d3:0e:2c:66:29:bc:41:18:e2:
11:71:b7:6d:58:c1:65:59:7f:5f:e4:f5:e5:7a:6f:c8:6e:7a:
6a:ce:b2:5a:7f:92:79:a4:3d:ae:48:73:e4:43:82:e8:3a:52:
8f:46:9a:17:d3:35:3e:28:53:95:72:88:8f:86:7a:a0:f2:57:
44:f4:65:3f:df:eb:b3:41:21:64:24:95:3e:af:f5:48:3b:38:
54:1e:be:64:bd:65:d1:95:c4:39:3f:2d:df:e4:b4:02:89:58:
3c:11:0b:93:53:d1:67:32:3e:32:05:41:e7:66:e8:ad:4f:30:
fd:22:d5:78:3c:11:a3:65:dc:2a:de:a0:09:f4:49:77:b5:78:
60:72:bc:4a:d7:30:7c:b5:df:32:90:fa:11:78:e4:91:5b:4b:
a7:3c:c4:2b:cc:9e:36:dd:3e:16:5b:22:d5:89:25:9a:d5:f1:
6c:59:bb:33:cc:ae:3d:b5:74:8e:93:0d:44:f7:7d:d2:eb:10:
ff:91:f7:96:a7:0c:38:2d:92:79:a9:36:29:ce:67:e7:39:99:
4a:e6:5f:20
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYVowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTcx
NjQwNDJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEUzMjlFQ0MxMUFFRTA5
QzM1RjY0QkQwMDNBQzlGNTgxNThFNkE0MDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDNXwvWslHgcZPsT+Y4/MzGygBvfZhliqEY4BdVPLXzaFxlOjOC
v5zETTF84S30G2Ba2tdpGapPc0kbfnNUCfZZJKlG5rf18mrC2SQuKJ7xwqbfvQEU
coxKCcJTvS1fjvm9SScGqfJGPc66ZlmrTfxYji8dvU9biptXmJtI78IbI2NnXhA4
8exo+82nMMfn0dav2U/PYGQNnQnt9ElWHnnDe8M1JhkJ44T11n7Fdezy1CYS5/Rj
UD9XXpGx5wwAzBk/koQ/+xCiAFggXb9P5WLLw6cL6tkelU9oRbuqbyBf3jPkofUB
o3uDwUo2e1/XIZChDZzBVUESsR1VBvL4pMNnAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU4ynswRruCcNfZL0AOsn1gVjmpAQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzR5bnN3UnJ1Q2NOZlpM
MEFPc24xZ1ZqbXBBUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAHt2kH
A2irLYheAO4w1MgOMp/OWxzEak8LhxWAWDIuDPB2JqrctFG8a59yYdLTDixmKbxB
GOIRcbdtWMFlWX9f5PXlem/IbnpqzrJaf5J5pD2uSHPkQ4LoOlKPRpoX0zU+KFOV
coiPhnqg8ldE9GU/3+uzQSFkJJU+r/VIOzhUHr5kvWXRlcQ5Py3f5LQCiVg8EQuT
U9FnMj4yBUHnZuitTzD9ItV4PBGjZdwq3qAJ9El3tXhgcrxK1zB8td8ykPoReOSR
W0unPMQrzJ423T4WWyLViSWa1fFsWbszzK49tXSOkw1E933S6xD/kfeWpww4LZJ5
qTYpzmfnOZlK5l8g
-----END CERTIFICATE-----
Generated at Sun Jun 22 02:23:26 2025 by rpki-client