Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Gtne-Xh8jrIk7Ya6GS3T8Viw2UQ.roa
File: Gtne-Xh8jrIk7Ya6GS3T8Viw2UQ.roa (raw, json)
Hash identifier: rAehJIxfkVtewKPxlUq3W0miH4ry24/NDVoWc7d6TFQ=
Subject key identifier: 1A:D9:DE:F9:78:7C:8E:B2:24:ED:86:BA:19:2D:D3:F1:58:B0:D9:44
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 64C2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Gtne-Xh8jrIk7Ya6GS3T8Viw2UQ.roa
Signing time: Mon 26 May 2025 18:41:08 +0000
ROA not before: Mon 26 May 2025 18:41:08 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25794 (0x64c2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 26 18:41:08 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=1AD9DEF9787C8EB224ED86BA192DD3F158B0D944
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:80:d4:30:01:6c:22:4c:53:b6:64:13:74:a3:
01:c0:f4:59:6c:9a:e5:8b:19:92:89:6a:77:86:83:
09:ed:2b:64:f5:15:f7:c8:86:07:d0:97:34:37:bb:
ad:c1:52:43:0d:f3:60:98:e4:a0:2e:e1:79:f8:49:
a9:2b:5b:38:bd:01:52:9c:ed:45:cc:cf:4d:d9:fa:
9d:a3:bc:6b:e2:ea:43:8f:7f:ba:ab:7f:68:1f:f4:
f7:1e:82:44:3a:28:16:15:b5:2a:49:b8:20:08:c6:
e7:c5:75:6d:c5:74:e1:8c:78:5b:14:c6:2a:95:f5:
a3:8b:27:92:3d:3f:da:09:a5:39:2e:7e:a3:d9:40:
9c:54:78:b7:cf:88:b0:11:19:83:14:23:21:d6:1c:
d4:87:10:46:dc:70:63:34:b8:62:ce:8c:46:cc:6d:
e8:6e:8f:ca:f5:f6:bc:d0:57:30:90:5c:e8:97:ad:
f6:c9:72:94:f1:8a:ac:99:34:29:d7:6f:63:e3:db:
ee:73:be:d5:72:c4:ca:0e:46:b2:85:14:19:7b:3c:
34:f2:02:b1:80:76:83:2d:c1:79:08:0d:2b:fc:0b:
f6:56:c2:32:a6:3e:e2:ad:0b:64:a8:e0:cc:be:39:
bb:9d:28:c1:a9:1f:d1:65:ca:a8:a4:6e:9d:35:d7:
a5:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1A:D9:DE:F9:78:7C:8E:B2:24:ED:86:BA:19:2D:D3:F1:58:B0:D9:44
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Gtne-Xh8jrIk7Ya6GS3T8Viw2UQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
a8:36:c3:8f:5e:c1:92:01:d6:fe:e4:b0:a2:ba:08:69:83:82:
23:25:ac:1b:ff:7d:8c:f9:a6:65:ca:0b:67:9e:92:e6:9d:ae:
e9:b1:47:0e:41:37:9e:9b:e4:30:c9:72:38:16:b3:9a:08:0a:
21:06:b1:77:7d:b8:c1:5f:c3:24:30:23:87:f4:e8:13:34:58:
3e:a5:46:16:a8:93:67:9c:40:4a:2a:12:f1:c7:42:7e:ac:75:
3b:59:a7:8e:77:41:3d:13:85:bd:7f:de:ea:e9:cd:82:eb:97:
41:36:9b:00:40:8a:04:e9:eb:05:6e:4a:94:34:56:50:e1:58:
49:a4:3b:7a:b2:a1:22:7c:de:1d:e5:af:3c:47:2e:34:6d:ed:
83:cc:8d:d0:73:1d:6e:51:2f:f8:93:4e:8f:67:ca:88:a0:0c:
7f:42:2e:4a:a7:a6:30:c5:54:7f:7d:9b:19:12:97:7c:1d:fe:
c1:28:a5:c6:33:7c:22:17:be:53:ed:5d:41:b8:4d:4b:af:56:
43:9d:95:fa:fe:81:ef:1f:d5:bc:61:52:99:5f:3b:36:e2:f1:
6c:df:a6:e5:f1:e4:5b:6a:a6:60:7c:22:02:5d:83:40:d2:2f:
32:9e:a9:97:3e:7e:71:2b:80:6f:d7:4a:ee:aa:1e:ad:2b:6d:
db:e2:47:07
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZMIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjYx
ODQxMDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDFBRDlERUY5Nzg3QzhF
QjIyNEVEODZCQTE5MkREM0YxNThCMEQ5NDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCigNQwAWwiTFO2ZBN0owHA9FlsmuWLGZKJaneGgwntK2T1FffI
hgfQlzQ3u63BUkMN82CY5KAu4Xn4SakrWzi9AVKc7UXMz03Z+p2jvGvi6kOPf7qr
f2gf9PcegkQ6KBYVtSpJuCAIxufFdW3FdOGMeFsUxiqV9aOLJ5I9P9oJpTkufqPZ
QJxUeLfPiLARGYMUIyHWHNSHEEbccGM0uGLOjEbMbehuj8r19rzQVzCQXOiXrfbJ
cpTxiqyZNCnXb2Pj2+5zvtVyxMoORrKFFBl7PDTyArGAdoMtwXkIDSv8C/ZWwjKm
PuKtC2So4My+ObudKMGpH9Flyqikbp0116VDAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUGtne+Xh8jrIk7Ya6GS3T8Viw2UQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0d0bmUtWGg4anJJazdZ
YTZHUzNUOFZpdzJVUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCoNsOP
XsGSAdb+5LCiughpg4IjJawb/32M+aZlygtnnpLmna7psUcOQTeem+QwyXI4FrOa
CAohBrF3fbjBX8MkMCOH9OgTNFg+pUYWqJNnnEBKKhLxx0J+rHU7WaeOd0E9E4W9
f97q6c2C65dBNpsAQIoE6esFbkqUNFZQ4VhJpDt6sqEifN4d5a88Ry40be2DzI3Q
cx1uUS/4k06PZ8qIoAx/Qi5Kp6YwxVR/fZsZEpd8Hf7BKKXGM3wiF75T7V1BuE1L
r1ZDnZX6/oHvH9W8YVKZXzs24vFs36bl8eRbaqZgfCICXYNA0i8ynqmXPn5xK4Bv
10ruqh6tK23b4kcH
-----END CERTIFICATE-----
Generated at Sun Jun 22 13:46:02 2025 by rpki-client