Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/5d8MlNMjnhxyYFPQBXMZoUsxRnU.roa
File: 5d8MlNMjnhxyYFPQBXMZoUsxRnU.roa (raw, json)
Hash identifier: tQ610sGhhAidOmeTQVpt8oH+AXUBUlyobZUmOOe8I0c=
Subject key identifier: E5:DF:0C:94:D3:23:9E:1C:72:60:53:D0:05:73:19:A1:4B:31:46:75
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 63EA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/5d8MlNMjnhxyYFPQBXMZoUsxRnU.roa
Signing time: Sat 24 May 2025 12:40:56 +0000
ROA not before: Sat 24 May 2025 12:40:56 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25578 (0x63ea)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 24 12:40:56 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=E5DF0C94D3239E1C726053D0057319A14B314675
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:e9:fd:8e:7a:05:ab:99:67:47:d4:91:8b:64:
2d:1f:6c:dd:ad:34:8d:ff:5a:3a:a7:a1:41:f6:cc:
35:0f:c0:06:9a:7d:cc:1e:50:f2:57:b8:4a:31:80:
8b:9c:d5:a0:6a:c6:f3:25:16:cc:ac:4c:d9:e2:74:
be:1f:5e:88:d3:b7:eb:de:4a:cf:df:b0:74:7c:d8:
25:70:a1:91:7f:60:a7:d7:c9:a2:be:7a:13:f0:19:
68:97:ed:ae:ef:ca:a9:f3:df:af:cc:25:29:10:a8:
28:10:1e:86:d5:90:23:4d:44:e1:df:d2:b5:f1:48:
70:00:bf:8b:19:47:4b:b9:af:35:09:79:4e:0b:43:
55:da:e2:4f:b8:7d:27:a0:ce:49:a9:63:d6:71:bd:
db:12:5a:ea:56:e5:e1:28:e2:5c:3a:dc:26:1e:d4:
e1:30:c8:a4:20:a8:f6:c0:f4:c5:66:d8:9f:e0:4a:
35:6f:4d:7a:41:0b:38:cc:56:3f:d2:3c:a8:19:cb:
66:b6:96:13:86:a2:18:e8:6b:d2:d7:4b:71:0f:10:
5e:30:b1:cb:85:57:0b:40:f0:72:b7:1b:13:ef:0d:
c6:26:13:6a:47:e0:14:de:43:f7:8c:2c:9d:0a:93:
e9:46:f6:a2:29:e5:4a:9a:89:bc:7a:3f:a1:48:31:
cf:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E5:DF:0C:94:D3:23:9E:1C:72:60:53:D0:05:73:19:A1:4B:31:46:75
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/5d8MlNMjnhxyYFPQBXMZoUsxRnU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
53:80:9b:1c:66:37:7f:0c:09:34:73:35:99:b4:69:9b:d2:70:
d6:3e:73:05:ec:19:58:b6:f0:0d:00:39:47:7a:01:09:65:ec:
b0:32:c9:2b:9a:b6:94:24:dc:8b:76:8b:b2:63:7c:50:43:f0:
fa:db:c4:38:1b:8f:36:9b:30:41:2c:18:e5:fd:86:b4:d3:41:
90:c3:56:e7:6a:4a:19:95:87:54:29:06:ff:8a:ff:60:4f:52:
58:ee:76:7b:42:cb:16:8b:f2:29:1e:a5:1c:99:d1:6c:8d:61:
5a:22:25:b0:11:2a:d1:42:6d:77:a9:4d:31:0a:6f:5a:ab:c5:
5c:3b:4a:d9:d7:82:7d:f5:61:7e:48:81:71:70:94:a6:ef:87:
ff:ce:95:6d:87:0d:da:01:30:c8:60:b1:80:8d:f6:51:22:87:
67:4e:3d:74:2f:6d:06:d4:65:1c:6d:1c:af:5a:f9:24:17:84:
5c:62:13:93:d6:fa:3f:55:c9:49:31:8c:ce:8e:6d:77:24:b0:
18:62:a2:5f:34:20:d8:4c:86:91:36:a6:b6:b9:f2:8f:26:8a:
9b:59:d1:ec:3e:37:da:e3:2b:83:f0:d4:d1:5c:b3:eb:aa:7d:
2a:23:77:8c:9e:0b:a0:85:c4:28:2c:84:01:29:0d:40:64:a8:
02:56:bc:24
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICY+owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjQx
MjQwNTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEU1REYwQzk0RDMyMzlF
MUM3MjYwNTNEMDA1NzMxOUExNEIzMTQ2NzUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCf6f2OegWrmWdH1JGLZC0fbN2tNI3/WjqnoUH2zDUPwAaafcwe
UPJXuEoxgIuc1aBqxvMlFsysTNnidL4fXojTt+veSs/fsHR82CVwoZF/YKfXyaK+
ehPwGWiX7a7vyqnz36/MJSkQqCgQHobVkCNNROHf0rXxSHAAv4sZR0u5rzUJeU4L
Q1Xa4k+4fSegzkmpY9ZxvdsSWupW5eEo4lw63CYe1OEwyKQgqPbA9MVm2J/gSjVv
TXpBCzjMVj/SPKgZy2a2lhOGohjoa9LXS3EPEF4wscuFVwtA8HK3GxPvDcYmE2pH
4BTeQ/eMLJ0Kk+lG9qIp5Uqaibx6P6FIMc81AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU5d8MlNMjnhxyYFPQBXMZoUsxRnUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzVkOE1sTk1qbmh4eVlG
UFFCWE1ab1VzeFJuVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBTgJsc
Zjd/DAk0czWZtGmb0nDWPnMF7BlYtvANADlHegEJZeywMskrmraUJNyLdouyY3xQ
Q/D628Q4G482mzBBLBjl/Ya000GQw1bnakoZlYdUKQb/iv9gT1JY7nZ7QssWi/Ip
HqUcmdFsjWFaIiWwESrRQm13qU0xCm9aq8VcO0rZ14J99WF+SIFxcJSm74f/zpVt
hw3aATDIYLGAjfZRIodnTj10L20G1GUcbRyvWvkkF4RcYhOT1vo/VclJMYzOjm13
JLAYYqJfNCDYTIaRNqa2ufKPJoqbWdHsPjfa4yuD8NTRXLPrqn0qI3eMngughcQo
LIQBKQ1AZKgCVrwk
-----END CERTIFICATE-----
Generated at Sun Jun 22 01:02:29 2025 by rpki-client