Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/EsDIb44LYbihCRlJ2CdjwfLrZ18.roa
File: EsDIb44LYbihCRlJ2CdjwfLrZ18.roa (raw, json)
Hash identifier: z0ejivq/1FaGhvYiY16AaXvfP9QoVfxppbtOlyT5blo=
Subject key identifier: 12:C0:C8:6F:8E:0B:61:B8:A1:09:19:49:D8:27:63:C1:F2:EB:67:5F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6BAE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/EsDIb44LYbihCRlJ2CdjwfLrZ18.roa
Signing time: Sat 14 Jun 2025 05:42:18 +0000
ROA not before: Sat 14 Jun 2025 05:42:18 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27566 (0x6bae)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 14 05:42:18 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=12C0C86F8E0B61B8A1091949D82763C1F2EB675F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:b5:82:85:4b:a7:4f:34:d9:4b:8a:d5:bd:07:
5e:2b:56:c1:9f:56:e6:7a:1b:e8:f8:f1:5d:b2:d5:
b5:68:56:7b:db:4e:67:ba:b7:5c:f7:cf:ee:fd:ad:
e6:2d:de:e1:e9:99:95:84:72:73:05:8f:9a:70:48:
be:28:1d:d5:e9:30:5d:f6:f1:06:ba:13:ba:a0:6f:
a9:b0:0d:4f:b9:ef:75:06:32:72:94:fc:9d:50:38:
19:38:e3:41:01:f1:7c:5d:79:7e:32:98:08:9e:fe:
f6:6a:c1:15:41:18:29:55:78:80:d0:21:89:4b:42:
03:c2:12:41:df:48:25:24:5f:57:89:15:a8:61:1c:
37:97:01:6d:c8:a0:b5:fb:56:60:df:f7:74:6f:1c:
6d:02:6f:83:52:85:a5:8d:09:f0:53:e0:a7:0d:83:
77:0a:a2:92:73:d2:77:fc:28:0e:b3:33:65:da:ae:
9c:e4:7e:f2:ce:3f:32:b3:da:29:e9:d7:d3:f6:55:
89:8d:e1:7f:cb:b0:99:f8:e7:4e:5d:40:44:2a:c0:
c2:a7:69:f1:98:ba:76:18:a1:e8:41:c2:c2:b5:ac:
4b:9a:66:08:5b:69:c7:ba:18:dd:fe:8b:d6:f5:d4:
7f:ce:35:ed:71:01:3c:a4:24:74:54:1d:f5:e6:40:
93:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
12:C0:C8:6F:8E:0B:61:B8:A1:09:19:49:D8:27:63:C1:F2:EB:67:5F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/EsDIb44LYbihCRlJ2CdjwfLrZ18.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
8b:2b:0b:c2:5b:50:3a:f4:1d:a6:41:b0:72:87:b3:61:05:c9:
f8:30:ea:c6:8e:4d:dd:2d:e5:ce:dd:5a:50:28:68:f9:30:53:
bf:1b:ab:eb:a4:d9:db:31:d1:1e:18:ac:ef:73:18:01:d8:f1:
31:11:69:3b:53:96:dd:55:47:ea:8c:6f:00:73:aa:9c:d2:8f:
03:75:c9:ff:0b:2c:f9:e4:36:e2:cf:11:19:5a:72:ed:c1:4f:
16:2a:c1:63:2f:fb:22:16:28:32:2a:c0:6f:74:3a:2a:32:64:
49:b6:f7:4d:27:d0:0a:b4:b3:77:e5:bf:a9:7b:0b:7d:a1:c3:
8c:62:56:09:ff:5e:c8:72:fc:8b:8b:d9:02:9d:7c:c5:d9:ed:
44:a7:25:d3:25:f4:e9:09:06:24:9b:67:59:97:db:e8:c3:ad:
34:47:cb:d6:a7:02:cd:73:e5:6b:62:f0:3e:e8:1a:1e:ab:81:
8a:aa:45:35:9e:e1:91:44:48:7e:ce:33:3f:27:b0:13:13:1e:
a3:09:d3:e7:fc:7c:43:bb:a4:cc:96:20:0e:55:53:bf:9c:8f:
5d:ab:72:29:3b:93:a9:8a:82:09:ba:47:05:b6:23:0b:2e:2d:
6a:70:e1:ce:b2:2d:58:83:a9:3c:19:55:89:2f:1c:7b:26:2c:
14:89:44:0f
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICa64wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTQw
NTQyMThaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDEyQzBDODZGOEUwQjYx
QjhBMTA5MTk0OUQ4Mjc2M0MxRjJFQjY3NUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDhtYKFS6dPNNlLitW9B14rVsGfVuZ6G+j48V2y1bVoVnvbTme6
t1z3z+79reYt3uHpmZWEcnMFj5pwSL4oHdXpMF328Qa6E7qgb6mwDU+573UGMnKU
/J1QOBk440EB8XxdeX4ymAie/vZqwRVBGClVeIDQIYlLQgPCEkHfSCUkX1eJFahh
HDeXAW3IoLX7VmDf93RvHG0Cb4NShaWNCfBT4KcNg3cKopJz0nf8KA6zM2Xarpzk
fvLOPzKz2inp19P2VYmN4X/LsJn4505dQEQqwMKnafGYunYYoehBwsK1rEuaZghb
ace6GN3+i9b11H/ONe1xATykJHRUHfXmQJPlAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUEsDIb44LYbihCRlJ2CdjwfLrZ18wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0VzREliNDRMWWJpaENS
bEoyQ2Rqd2ZMcloxOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCLKwvC
W1A69B2mQbByh7NhBcn4MOrGjk3dLeXO3VpQKGj5MFO/G6vrpNnbMdEeGKzvcxgB
2PExEWk7U5bdVUfqjG8Ac6qc0o8Ddcn/Cyz55DbizxEZWnLtwU8WKsFjL/siFigy
KsBvdDoqMmRJtvdNJ9AKtLN35b+pewt9ocOMYlYJ/17IcvyLi9kCnXzF2e1EpyXT
JfTpCQYkm2dZl9vow600R8vWpwLNc+VrYvA+6Boeq4GKqkU1nuGRREh+zjM/J7AT
Ex6jCdPn/HxDu6TMliAOVVO/nI9dq3IpO5OpioIJukcFtiMLLi1qcOHOsi1Yg6k8
GVWJLxx7JiwUiUQP
-----END CERTIFICATE-----
Generated at Sun Jun 22 09:42:56 2025 by rpki-client