Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/E3zWgftKHB-zx9Y9fDK46UOZ-s8.roa
File: E3zWgftKHB-zx9Y9fDK46UOZ-s8.roa (raw, json)
Hash identifier: g/tESyc4phsbBgg1D274HEk7iRsyjY+ZzhcM2zBBZx0=
Subject key identifier: 13:7C:D6:81:FB:4A:1C:1F:B3:C7:D6:3D:7C:32:B8:E9:43:99:FA:CF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6154
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/E3zWgftKHB-zx9Y9fDK46UOZ-s8.roa
Signing time: Sat 17 May 2025 15:10:42 +0000
ROA not before: Sat 17 May 2025 15:10:42 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24916 (0x6154)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 17 15:10:42 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=137CD681FB4A1C1FB3C7D63D7C32B8E94399FACF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:57:d1:82:b9:51:cc:56:90:03:74:e8:2a:b2:
0a:fa:33:56:87:58:87:6e:27:8c:87:f6:14:11:aa:
9e:32:9d:07:4a:0b:19:2a:ca:e6:6c:33:81:0c:a3:
28:8c:9d:e2:64:29:06:0c:1a:ba:b1:24:42:22:a0:
be:fa:40:ca:77:24:42:67:a6:76:61:3f:81:e5:6a:
88:a7:8b:02:fd:73:bc:05:3a:71:a3:b1:b2:4c:23:
7a:1f:b3:f6:49:3f:fa:2f:6a:25:bc:31:23:e4:97:
6f:bf:43:46:b9:7a:fd:ef:c4:ae:56:af:7f:96:6c:
a5:76:13:5a:40:27:10:18:83:d0:56:7a:62:7c:3c:
8c:84:69:df:48:36:b2:9e:3f:f1:d4:94:fc:7f:18:
ad:a2:d1:2a:bc:5d:bf:53:77:14:a4:b1:6b:be:60:
d9:fd:e8:2b:44:05:b5:06:9c:4e:e1:7c:6e:3d:17:
21:e6:40:e8:5e:e3:2a:44:31:a6:1e:aa:3e:dd:91:
0f:fd:67:b1:98:cd:07:42:f2:1a:e1:b3:3f:5d:3f:
b1:fb:ed:26:79:f2:de:1e:09:b3:4e:d9:61:94:2f:
71:be:dd:cf:b0:90:1d:df:d0:f9:3a:ed:c8:ba:86:
f1:07:6f:f1:27:7a:d1:7e:9d:92:a6:1c:f3:d1:49:
82:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
13:7C:D6:81:FB:4A:1C:1F:B3:C7:D6:3D:7C:32:B8:E9:43:99:FA:CF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/E3zWgftKHB-zx9Y9fDK46UOZ-s8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
ba:70:ce:c5:d9:ee:fc:c7:37:12:2b:52:f3:40:17:5c:51:3b:
3c:80:fb:aa:1b:1f:75:cb:5a:64:a6:45:0e:2f:2c:0d:48:7e:
46:cd:ae:28:a5:5c:a7:67:f2:96:bb:70:2a:d2:60:25:ba:97:
1a:69:ea:c9:9a:ab:63:0d:da:33:a4:96:6c:e2:44:0e:bf:19:
02:44:27:c3:de:4a:6a:54:f1:7a:03:dd:63:de:0f:ea:a4:1e:
3c:85:30:11:b3:9d:69:a5:c6:f5:f0:47:42:d2:16:45:88:d3:
75:00:33:42:b2:6e:f9:0c:97:1b:3b:48:4c:23:42:9e:1d:2c:
a2:ed:00:04:ba:23:41:3e:7c:68:e5:57:78:00:11:44:0a:9e:
d4:f3:2d:2a:ec:04:80:f0:58:14:9c:54:e1:82:1d:89:3a:db:
aa:6b:34:5f:ea:3e:e6:68:47:8e:0f:e3:b9:4f:66:23:c8:8b:
6a:cf:7d:3c:3b:0d:c2:b9:6a:10:f3:8a:06:95:fd:52:51:b7:
89:b5:c1:f2:07:7d:9b:b9:e6:49:c7:d8:96:1b:78:86:78:d0:
47:4c:84:ac:16:c3:d0:7d:41:f0:fc:37:e3:cd:3d:fc:0a:3d:
f0:9a:99:a3:b7:c5:c7:2c:cb:e8:18:d1:e3:a4:57:40:ea:56:
f9:09:3f:9f
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYVQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTcx
NTEwNDJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDEzN0NENjgxRkI0QTFD
MUZCM0M3RDYzRDdDMzJCOEU5NDM5OUZBQ0YwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDRV9GCuVHMVpADdOgqsgr6M1aHWIduJ4yH9hQRqp4ynQdKCxkq
yuZsM4EMoyiMneJkKQYMGrqxJEIioL76QMp3JEJnpnZhP4HlaoiniwL9c7wFOnGj
sbJMI3ofs/ZJP/ovaiW8MSPkl2+/Q0a5ev3vxK5Wr3+WbKV2E1pAJxAYg9BWemJ8
PIyEad9INrKeP/HUlPx/GK2i0Sq8Xb9TdxSksWu+YNn96CtEBbUGnE7hfG49FyHm
QOhe4ypEMaYeqj7dkQ/9Z7GYzQdC8hrhsz9dP7H77SZ58t4eCbNO2WGUL3G+3c+w
kB3f0Pk67ci6hvEHb/EnetF+nZKmHPPRSYLHAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUE3zWgftKHB+zx9Y9fDK46UOZ+s8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0UzeldnZnRLSEIteng5
WTlmREs0NlVPWi1zOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQC6cM7F
2e78xzcSK1LzQBdcUTs8gPuqGx91y1pkpkUOLywNSH5Gza4opVynZ/KWu3Aq0mAl
upcaaerJmqtjDdozpJZs4kQOvxkCRCfD3kpqVPF6A91j3g/qpB48hTARs51ppcb1
8EdC0hZFiNN1ADNCsm75DJcbO0hMI0KeHSyi7QAEuiNBPnxo5Vd4ABFECp7U8y0q
7ASA8FgUnFThgh2JOtuqazRf6j7maEeOD+O5T2YjyItqz308Ow3CuWoQ84oGlf1S
UbeJtcHyB32bueZJx9iWG3iGeNBHTISsFsPQfUHw/DfjzT38Cj3wmpmjt8XHLMvo
GNHjpFdA6lb5CT+f
-----END CERTIFICATE-----
Generated at Fri Jun 20 16:35:21 2025 by rpki-client