Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/68QMSsIPMkE0SubyXL9EraY0dyw.roa
File: 68QMSsIPMkE0SubyXL9EraY0dyw.roa (raw, json)
Hash identifier: eZvCJ/PVgAZEoz4Wgy/ny9HDiMHJbxQekRq/MCSYjf8=
Subject key identifier: EB:C4:0C:4A:C2:0F:32:41:34:4A:E6:F2:5C:BF:44:AD:A6:34:77:2C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6B0C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/68QMSsIPMkE0SubyXL9EraY0dyw.roa
Signing time: Thu 12 Jun 2025 13:12:36 +0000
ROA not before: Thu 12 Jun 2025 13:12:36 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27404 (0x6b0c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 12 13:12:36 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=EBC40C4AC20F3241344AE6F25CBF44ADA634772C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:40:1a:90:a0:56:76:1d:28:03:c2:3e:fc:1b:
8f:fd:b7:8b:2c:64:7c:37:62:2a:0e:b4:af:6b:c1:
f8:e1:a6:7d:02:46:d7:e3:ec:98:38:9e:ca:53:a7:
2b:e8:e0:dd:d3:7f:bd:ba:c5:76:64:ad:f7:32:7f:
35:36:94:48:f9:ee:d7:94:df:a9:eb:3d:5c:a5:35:
f5:2e:46:66:54:be:e4:de:53:19:08:ce:9e:33:83:
7a:79:0a:de:1c:d0:0a:21:70:ff:a6:27:c9:3c:63:
66:86:97:0b:a6:5e:2c:c4:19:b4:42:a0:75:41:3a:
ac:f3:d8:d1:40:1d:d1:57:e2:57:f8:27:df:e6:f0:
f1:1b:9c:b3:18:6d:d7:34:fb:85:97:d5:98:fd:36:
90:f1:95:04:ea:e2:d9:65:cc:1b:46:a4:76:ad:68:
57:31:a9:d0:53:ae:1e:67:38:c8:8a:45:fd:72:5d:
f3:f9:c0:78:61:9f:07:94:e4:c6:11:84:ad:02:fd:
a7:67:cc:1d:45:2d:b1:60:2a:1a:a8:32:9c:5e:2b:
09:da:9a:4d:4a:46:87:6c:e6:d5:ac:aa:db:fd:60:
8a:75:73:56:e0:fe:0b:8c:0e:a2:74:4d:d7:da:72:
21:3d:64:11:05:84:e3:f0:67:56:18:1d:b5:54:53:
c6:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EB:C4:0C:4A:C2:0F:32:41:34:4A:E6:F2:5C:BF:44:AD:A6:34:77:2C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/68QMSsIPMkE0SubyXL9EraY0dyw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
71:fd:73:b5:81:37:e2:63:95:92:59:21:08:17:67:cd:10:67:
18:c9:a8:41:20:dc:61:4b:a5:22:6f:6e:9b:7d:c5:d3:b4:fc:
c0:fd:f4:9a:88:9b:79:0d:74:dc:1d:a2:91:09:47:e3:9e:3c:
97:3d:64:a4:d9:ee:6c:92:a7:51:bc:23:b0:a9:2a:00:c7:4e:
3f:7a:57:31:7f:6b:8e:20:78:09:de:0b:2a:71:14:b5:2e:aa:
65:35:dc:a7:8c:f8:d4:ff:ed:0f:6c:e7:ef:c3:b0:6c:3e:83:
0a:ab:68:b5:92:7a:b0:ad:16:83:b2:51:21:cc:6f:8f:cf:60:
26:50:da:79:a4:6b:88:0b:ae:e9:35:68:98:d8:36:e9:af:83:
86:15:f7:49:d4:89:ec:5b:d5:a7:e9:77:05:26:5e:f9:98:56:
ee:d1:f3:cb:cf:72:73:e5:a4:9a:b4:65:88:a9:5b:8d:e8:45:
1f:65:d9:a0:d2:13:b7:20:44:17:e3:de:af:5f:ba:10:71:30:
ea:43:5a:28:10:d9:8d:c1:9f:95:e8:e2:e4:41:87:ef:9e:53:
8c:2a:5b:19:08:50:a3:90:5c:60:2b:de:44:f2:a3:87:cb:45:
dd:20:e8:e6:40:85:9e:5c:24:f8:63:a2:77:57:6b:7d:e7:0f:
ff:55:55:e3
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICawwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTIx
MzEyMzZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEVCQzQwQzRBQzIwRjMy
NDEzNDRBRTZGMjVDQkY0NEFEQTYzNDc3MkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDQQBqQoFZ2HSgDwj78G4/9t4ssZHw3YioOtK9rwfjhpn0CRtfj
7Jg4nspTpyvo4N3Tf726xXZkrfcyfzU2lEj57teU36nrPVylNfUuRmZUvuTeUxkI
zp4zg3p5Ct4c0AohcP+mJ8k8Y2aGlwumXizEGbRCoHVBOqzz2NFAHdFX4lf4J9/m
8PEbnLMYbdc0+4WX1Zj9NpDxlQTq4tllzBtGpHataFcxqdBTrh5nOMiKRf1yXfP5
wHhhnweU5MYRhK0C/adnzB1FLbFgKhqoMpxeKwnamk1KRods5tWsqtv9YIp1c1bg
/guMDqJ0TdfaciE9ZBEFhOPwZ1YYHbVUU8Z3AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU68QMSsIPMkE0SubyXL9EraY0dywwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzY4UU1Tc0lQTWtFMFN1
YnlYTDlFcmFZMGR5dy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBx/XO1
gTfiY5WSWSEIF2fNEGcYyahBINxhS6Uib26bfcXTtPzA/fSaiJt5DXTcHaKRCUfj
njyXPWSk2e5skqdRvCOwqSoAx04/elcxf2uOIHgJ3gsqcRS1LqplNdynjPjU/+0P
bOfvw7BsPoMKq2i1knqwrRaDslEhzG+Pz2AmUNp5pGuIC67pNWiY2Dbpr4OGFfdJ
1InsW9Wn6XcFJl75mFbu0fPLz3Jz5aSatGWIqVuN6EUfZdmg0hO3IEQX496vX7oQ
cTDqQ1ooENmNwZ+V6OLkQYfvnlOMKlsZCFCjkFxgK95E8qOHy0XdIOjmQIWeXCT4
Y6J3V2t95w//VVXj
-----END CERTIFICATE-----
Generated at Sun Jun 22 10:58:51 2025 by rpki-client