Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/I39hDe2A49TDRWpkbbGVkdvi8O8.roa
File: I39hDe2A49TDRWpkbbGVkdvi8O8.roa (raw, json)
Hash identifier: vPD8I9KwgTEhWsDWNfehhIfic3EiyHoY9xW9qGJuYY8=
Subject key identifier: 23:7F:61:0D:ED:80:E3:D4:C3:45:6A:64:6D:B1:95:91:DB:E2:F0:EF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 638A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/I39hDe2A49TDRWpkbbGVkdvi8O8.roa
Signing time: Fri 23 May 2025 12:40:50 +0000
ROA not before: Fri 23 May 2025 12:40:50 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25482 (0x638a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 23 12:40:50 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=237F610DED80E3D4C3456A646DB19591DBE2F0EF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:bb:15:0e:79:fc:36:34:12:fc:cd:f7:3c:bc:
ec:9f:46:43:24:f9:7c:4b:0e:07:30:53:cd:04:7c:
bf:c7:96:5a:a4:77:47:fc:a8:26:bd:13:bd:76:a3:
f4:8c:04:26:2b:fe:c6:26:10:57:63:9d:59:da:d7:
ff:f3:e3:3f:e1:0f:a8:01:4f:15:42:fe:95:0f:7e:
86:5c:40:4c:c2:75:50:bf:20:37:aa:c3:6a:dc:c0:
3e:e7:a2:83:13:b9:4a:c1:21:c2:1a:e0:2b:f6:ac:
54:0b:fe:46:b4:73:32:fa:f0:61:86:43:80:ea:9a:
67:cc:24:13:58:81:2c:bd:5d:9d:a0:a6:6d:b2:ff:
bb:b5:80:40:25:90:c4:44:91:42:db:f9:29:a0:9c:
9e:a6:12:96:5c:b1:f1:3e:77:70:1c:a6:c3:cf:98:
e0:fb:82:9e:21:d6:ee:da:a0:cc:9c:0d:3c:49:e9:
63:45:37:20:a2:54:b0:e8:12:f9:f3:24:49:b6:54:
4e:c6:80:46:b5:a7:ca:dd:56:30:28:6c:21:f6:e0:
c4:01:d8:ed:ab:06:6c:6b:d2:8a:bd:1b:5a:24:38:
d7:f3:0a:a1:7c:a9:a3:0e:9f:40:d1:d3:a3:1c:9e:
57:ab:13:2d:50:36:ca:18:ee:28:31:8a:6b:dc:9a:
ef:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:7F:61:0D:ED:80:E3:D4:C3:45:6A:64:6D:B1:95:91:DB:E2:F0:EF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/I39hDe2A49TDRWpkbbGVkdvi8O8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
6c:fe:ad:ce:fe:2f:1a:86:05:92:f9:a9:cc:71:3c:db:0c:49:
e0:5d:81:f2:2a:4b:56:88:19:66:27:11:54:55:1e:77:3c:32:
a1:1b:94:b9:48:36:b3:c3:9c:d0:c5:34:d0:92:5a:de:9f:67:
ad:39:89:8d:be:82:c9:20:6c:b2:1c:e8:a2:2c:02:20:ad:c2:
97:6d:37:80:34:38:a0:a5:6e:7d:76:ac:44:71:0f:9a:3f:ff:
75:b8:91:33:72:7b:7b:97:a9:f8:8c:77:26:79:7a:f2:9d:06:
d5:99:3c:ed:4e:55:80:e9:5e:06:cc:50:85:e0:26:a3:6b:a0:
27:08:89:02:24:36:d3:62:44:08:43:e0:10:3a:cf:f6:25:92:
be:9a:bf:8a:3f:27:9e:1f:25:25:12:57:3f:f6:c7:ff:1c:54:
48:88:4f:51:9c:be:b1:3c:95:84:27:ef:1f:43:c7:ef:d4:30:
cd:13:96:b5:60:c5:5d:82:fe:c4:65:80:7b:02:6d:27:14:54:
a7:86:8b:ec:dd:0f:f8:75:11:36:1a:62:e5:40:d9:68:f2:00:
12:a9:7a:c1:07:96:a8:ad:23:46:39:c8:74:77:d7:cf:a0:0b:
90:01:e0:3b:e3:52:0a:cc:08:22:4a:6a:15:49:50:b3:93:ae:
03:e5:d2:f2
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICY4owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjMx
MjQwNTBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDIzN0Y2MTBERUQ4MEUz
RDRDMzQ1NkE2NDZEQjE5NTkxREJFMkYwRUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6uxUOefw2NBL8zfc8vOyfRkMk+XxLDgcwU80EfL/Hllqkd0f8
qCa9E712o/SMBCYr/sYmEFdjnVna1//z4z/hD6gBTxVC/pUPfoZcQEzCdVC/IDeq
w2rcwD7nooMTuUrBIcIa4Cv2rFQL/ka0czL68GGGQ4DqmmfMJBNYgSy9XZ2gpm2y
/7u1gEAlkMREkULb+SmgnJ6mEpZcsfE+d3AcpsPPmOD7gp4h1u7aoMycDTxJ6WNF
NyCiVLDoEvnzJEm2VE7GgEa1p8rdVjAobCH24MQB2O2rBmxr0oq9G1okONfzCqF8
qaMOn0DR06McnlerEy1QNsoY7igximvcmu+JAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUI39hDe2A49TDRWpkbbGVkdvi8O8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0kzOWhEZTJBNDlURFJX
cGtiYkdWa2R2aThPOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBs/q3O
/i8ahgWS+anMcTzbDEngXYHyKktWiBlmJxFUVR53PDKhG5S5SDazw5zQxTTQklre
n2etOYmNvoLJIGyyHOiiLAIgrcKXbTeANDigpW59dqxEcQ+aP/91uJEzcnt7l6n4
jHcmeXrynQbVmTztTlWA6V4GzFCF4Caja6AnCIkCJDbTYkQIQ+AQOs/2JZK+mr+K
PyeeHyUlElc/9sf/HFRIiE9RnL6xPJWEJ+8fQ8fv1DDNE5a1YMVdgv7EZYB7Am0n
FFSnhovs3Q/4dRE2GmLlQNlo8gASqXrBB5aorSNGOch0d9fPoAuQAeA741IKzAgi
SmoVSVCzk64D5dLy
-----END CERTIFICATE-----
Generated at Sun Jun 22 02:05:05 2025 by rpki-client