Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/57I-BXp-va7HHkhm76qE1As376k.roa
File: 57I-BXp-va7HHkhm76qE1As376k.roa (raw, json)
Hash identifier: glAfyeNWiwHZi97sz03mV9LPTTbyh267o95eccHmqlk=
Subject key identifier: E7:B2:3E:05:7A:7E:BD:AE:C7:1E:48:66:EF:AA:84:D4:0B:37:EF:A9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 66B0
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/57I-BXp-va7HHkhm76qE1As376k.roa
Signing time: Sat 31 May 2025 22:11:39 +0000
ROA not before: Sat 31 May 2025 22:11:39 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26288 (0x66b0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 31 22:11:39 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=E7B23E057A7EBDAEC71E4866EFAA84D40B37EFA9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:64:f2:80:50:40:c0:50:bb:a4:77:bd:36:7f:
60:3d:70:4f:56:72:39:f1:dd:04:eb:0c:d5:9b:4f:
08:31:63:3a:d5:95:ef:58:1e:74:87:58:de:f0:2d:
44:ea:05:47:90:9e:b3:fc:b7:ba:12:67:36:93:38:
8d:55:a6:37:05:b6:10:e9:54:60:7d:ab:71:86:0d:
a1:ab:1e:ad:71:af:a0:58:43:f1:fd:e5:2e:03:f0:
40:d7:98:d5:95:21:32:04:70:12:ee:cc:12:fa:41:
48:f5:59:7b:10:1f:c2:03:aa:29:da:33:18:0b:8f:
74:37:1b:a3:de:ea:ec:7d:c2:fd:7a:24:76:5d:be:
e1:66:f0:80:0e:de:99:f4:87:6b:f8:14:24:70:b0:
8e:a7:ca:16:9b:3e:68:50:f6:66:1d:cd:40:10:a3:
05:10:c6:2c:64:f3:fb:8a:b9:cc:26:61:7b:ec:c4:
88:c3:53:e1:ca:91:69:3e:f6:13:16:ed:25:18:1c:
7a:2f:48:9e:6e:e0:0a:a3:17:2e:b4:5d:a5:82:f4:
08:5e:18:16:e7:c9:23:83:91:56:6d:b8:0c:a2:b5:
34:98:05:20:28:6d:95:c1:4c:f6:d2:6a:4e:90:12:
42:a5:c7:b2:57:f9:8a:27:9f:ac:b1:ab:da:67:fa:
26:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E7:B2:3E:05:7A:7E:BD:AE:C7:1E:48:66:EF:AA:84:D4:0B:37:EF:A9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/57I-BXp-va7HHkhm76qE1As376k.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
aa:13:ad:35:35:77:ec:d3:53:44:a2:76:0c:48:bb:b7:00:c2:
d0:56:e9:bb:9f:eb:8a:2f:36:72:f3:a8:3a:ef:1e:46:5b:49:
ba:4b:b5:bd:1a:23:7e:d0:40:30:34:fa:7a:80:72:86:1e:a9:
fe:d4:3a:13:74:6b:cc:2d:a7:03:22:34:e1:64:df:42:68:b1:
89:c9:11:bb:c3:b9:5d:45:63:c8:7d:2a:e3:6b:75:0f:ce:6f:
43:c9:f0:ce:b9:65:42:8b:10:fa:83:e1:d0:b2:f9:0b:04:94:
1f:bf:b8:43:f4:35:77:89:07:ae:0e:ae:8c:b6:5c:5c:98:17:
fb:bd:a7:29:45:51:fc:37:02:d3:51:07:69:74:3b:38:51:60:
9a:d9:e6:cc:ce:ee:d0:d7:ce:e2:98:77:e9:97:bf:93:8c:62:
fb:2e:d0:53:cc:ac:12:04:81:cb:cb:ac:1c:5f:7b:3b:42:8f:
ed:f0:aa:00:73:40:4b:82:6f:3d:e9:ac:82:f5:ae:7d:9d:1b:
3b:b2:24:ac:a7:8e:4d:4d:69:be:87:3b:ef:92:4d:9c:f2:50:
13:0c:df:71:33:ca:80:55:05:13:2f:b6:52:34:15:18:06:34:
75:2c:72:9c:1c:f4:40:82:84:cd:dc:73:66:dc:44:fd:b3:5b:
64:b6:7c:4b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZrAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MzEy
MjExMzlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEU3QjIzRTA1N0E3RUJE
QUVDNzFFNDg2NkVGQUE4NEQ0MEIzN0VGQTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDIZPKAUEDAULukd702f2A9cE9Wcjnx3QTrDNWbTwgxYzrVle9Y
HnSHWN7wLUTqBUeQnrP8t7oSZzaTOI1VpjcFthDpVGB9q3GGDaGrHq1xr6BYQ/H9
5S4D8EDXmNWVITIEcBLuzBL6QUj1WXsQH8IDqinaMxgLj3Q3G6Pe6ux9wv16JHZd
vuFm8IAO3pn0h2v4FCRwsI6nyhabPmhQ9mYdzUAQowUQxixk8/uKucwmYXvsxIjD
U+HKkWk+9hMW7SUYHHovSJ5u4AqjFy60XaWC9AheGBbnySODkVZtuAyitTSYBSAo
bZXBTPbSak6QEkKlx7JX+Yonn6yxq9pn+iYlAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU57I+BXp+va7HHkhm76qE1As376kwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzU3SS1CWHAtdmE3SEhr
aG03NnFFMUFzMzc2ay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCqE601
NXfs01NEonYMSLu3AMLQVum7n+uKLzZy86g67x5GW0m6S7W9GiN+0EAwNPp6gHKG
Hqn+1DoTdGvMLacDIjThZN9CaLGJyRG7w7ldRWPIfSrja3UPzm9DyfDOuWVCixD6
g+HQsvkLBJQfv7hD9DV3iQeuDq6MtlxcmBf7vacpRVH8NwLTUQdpdDs4UWCa2ebM
zu7Q187imHfpl7+TjGL7LtBTzKwSBIHLy6wcX3s7Qo/t8KoAc0BLgm896ayC9a59
nRs7siSsp45NTWm+hzvvkk2c8lATDN9xM8qAVQUTL7ZSNBUYBjR1LHKcHPRAgoTN
3HNm3ET9s1tktnxL
-----END CERTIFICATE-----
Generated at Sun Jun 22 16:47:06 2025 by rpki-client