Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/DmYns47DH6WrhEsHW5fkGqgn3_s.roa
File: DmYns47DH6WrhEsHW5fkGqgn3_s.roa (raw, json)
Hash identifier: GyBSkxtCaZkNIl6Maom+uFe/DxMY5QaWziki5kLFJOg=
Subject key identifier: 0E:66:27:B3:8E:C3:1F:A5:AB:84:4B:07:5B:97:E4:1A:A8:27:DF:FB
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 67A4
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/DmYns47DH6WrhEsHW5fkGqgn3_s.roa
Signing time: Tue 03 Jun 2025 11:14:15 +0000
ROA not before: Tue 03 Jun 2025 11:14:15 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26532 (0x67a4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 3 11:14:15 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=0E6627B38EC31FA5AB844B075B97E41AA827DFFB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:32:4b:48:df:8d:e0:be:28:fa:a8:06:30:e3:
31:a1:2b:10:7b:4d:e9:48:d7:35:b3:91:6e:79:cc:
0d:5a:ff:77:cf:85:e0:13:88:f4:54:8e:1d:39:ee:
0d:f7:bf:86:d0:bb:91:de:b1:25:6d:53:30:66:7e:
3b:26:82:10:d2:84:aa:c5:86:ae:17:9b:12:ea:d0:
cf:ee:51:0f:85:02:f9:e6:c0:0e:97:a7:86:63:64:
84:60:55:d8:a8:91:1b:d0:17:b0:58:ad:14:86:3e:
b0:38:0e:7e:34:a3:8a:43:0f:02:44:6b:12:f3:2b:
45:42:99:a5:f2:a2:99:fd:cb:e4:40:36:74:0a:ac:
03:ea:4d:91:de:7b:ec:36:29:e7:3f:63:f8:a0:57:
00:ec:82:3d:be:80:72:1e:b8:cb:b1:a1:a6:7a:6d:
66:bf:ae:bc:ed:0b:32:64:5b:09:58:49:99:b0:89:
e6:2c:d0:8f:6a:53:c3:3f:3d:e0:2e:6a:33:ef:e9:
64:3c:d1:a6:60:95:50:ea:f8:67:04:0a:67:b9:44:
39:2e:9d:14:7b:7d:3a:11:d1:17:5b:09:ac:fc:99:
a9:e0:59:6d:d1:82:13:52:b4:67:7b:dc:5e:3b:91:
cb:28:c3:af:4e:28:82:8d:52:d6:13:cb:1a:f6:3b:
63:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:66:27:B3:8E:C3:1F:A5:AB:84:4B:07:5B:97:E4:1A:A8:27:DF:FB
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/DmYns47DH6WrhEsHW5fkGqgn3_s.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
a4:bb:84:98:c4:7c:83:aa:cd:fb:10:1d:01:51:15:3d:35:01:
2c:be:a1:d3:73:91:1f:c5:f5:14:a9:e4:e3:bf:ba:df:76:81:
4d:53:10:33:38:4b:13:64:9f:1b:1b:cd:7b:34:2c:34:d1:33:
32:4b:89:fe:ae:97:7e:ed:cb:65:bc:38:df:04:49:fe:61:89:
c6:e1:a1:9d:6d:d2:12:54:3d:44:99:55:dd:c2:07:97:5a:a6:
da:24:f2:26:49:65:43:4e:ed:99:4c:30:81:89:66:dc:34:3d:
f4:31:bb:e6:51:ee:37:48:5c:3c:c4:4e:b8:c9:cf:a4:37:fa:
47:70:26:78:d9:39:fb:bd:74:e2:ed:46:2e:32:72:4d:78:71:
85:6d:8e:e4:97:f6:d1:de:e9:4c:dd:6a:90:9d:de:7d:2e:39:
7a:68:5f:e1:5e:50:3f:0f:4e:9e:ee:74:38:43:0e:d3:e7:68:
1f:5f:22:04:af:ff:2d:40:f4:9e:39:97:50:cc:b1:05:56:65:
84:de:08:11:00:1e:ad:4e:41:ce:19:37:97:48:fc:9e:07:13:
3b:8e:42:59:63:ca:de:fb:59:ac:2d:25:5e:8a:92:ed:51:6e:
6a:fd:97:e6:c2:ab:cc:e9:32:8b:ea:21:b6:ae:4b:b2:be:c7:
f8:b8:68:4c
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZ6QwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDMx
MTE0MTVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDBFNjYyN0IzOEVDMzFG
QTVBQjg0NEIwNzVCOTdFNDFBQTgyN0RGRkIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+MktI343gvij6qAYw4zGhKxB7TelI1zWzkW55zA1a/3fPheAT
iPRUjh057g33v4bQu5HesSVtUzBmfjsmghDShKrFhq4XmxLq0M/uUQ+FAvnmwA6X
p4ZjZIRgVdiokRvQF7BYrRSGPrA4Dn40o4pDDwJEaxLzK0VCmaXyopn9y+RANnQK
rAPqTZHee+w2Kec/Y/igVwDsgj2+gHIeuMuxoaZ6bWa/rrztCzJkWwlYSZmwieYs
0I9qU8M/PeAuajPv6WQ80aZglVDq+GcECme5RDkunRR7fToR0RdbCaz8mangWW3R
ghNStGd73F47kcsow69OKIKNUtYTyxr2O2P9AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUDmYns47DH6WrhEsHW5fkGqgn3/swHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0RtWW5zNDdESDZXcmhF
c0hXNWZrR3FnbjNfcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCku4SY
xHyDqs37EB0BURU9NQEsvqHTc5EfxfUUqeTjv7rfdoFNUxAzOEsTZJ8bG817NCw0
0TMyS4n+rpd+7ctlvDjfBEn+YYnG4aGdbdISVD1EmVXdwgeXWqbaJPImSWVDTu2Z
TDCBiWbcND30MbvmUe43SFw8xE64yc+kN/pHcCZ42Tn7vXTi7UYuMnJNeHGFbY7k
l/bR3ulM3WqQnd59Ljl6aF/hXlA/D06e7nQ4Qw7T52gfXyIEr/8tQPSeOZdQzLEF
VmWE3ggRAB6tTkHOGTeXSPyeBxM7jkJZY8re+1msLSVeipLtUW5q/ZfmwqvM6TKL
6iG2rkuyvsf4uGhM
-----END CERTIFICATE-----
Generated at Fri Jun 20 18:08:26 2025 by rpki-client