Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Iem4XP5t3oIJXE-nAnfyHfY96Ys.roa
File: Iem4XP5t3oIJXE-nAnfyHfY96Ys.roa (raw, json)
Hash identifier: 3azPw5kkxitdClZfeS29uZGoP38Y9kvLh3+mVY29f6U=
Subject key identifier: 21:E9:B8:5C:FE:6D:DE:82:09:5C:4F:A7:02:77:F2:1D:F6:3D:E9:8B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6004
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Iem4XP5t3oIJXE-nAnfyHfY96Ys.roa
Signing time: Wed 14 May 2025 03:10:18 +0000
ROA not before: Wed 14 May 2025 03:10:18 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24580 (0x6004)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 14 03:10:18 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=21E9B85CFE6DDE82095C4FA70277F21DF63DE98B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:14:88:06:1e:4d:41:89:39:28:66:52:1a:c9:
c9:f4:0a:f5:40:07:e1:c4:85:da:f9:9e:e5:a0:69:
76:03:a2:16:58:70:e8:34:a9:a4:d7:13:3e:51:a1:
d2:8a:f1:e5:1b:a8:d8:15:96:99:44:1d:f7:dd:1a:
a2:23:89:43:6a:5d:b7:5d:ac:28:20:7f:29:3b:bb:
af:ec:da:85:3a:51:98:d4:5d:6b:82:16:4d:a1:b3:
b4:98:c2:01:51:64:9e:08:e4:46:e7:8a:b5:41:e3:
41:16:d2:05:6b:a2:a8:ed:b7:87:0b:60:d5:21:8f:
e9:ac:cb:f4:a3:5a:20:17:61:3e:bc:94:b3:6b:88:
d1:46:b5:d4:45:72:8c:16:6b:ae:f7:2c:59:f0:72:
86:01:40:6c:a9:97:ec:fd:64:a8:72:8c:25:a4:fd:
87:9f:40:8c:ce:01:f1:a7:8f:0b:5d:92:b5:ff:d3:
bb:d9:2a:d3:f8:dd:8d:e9:31:05:cd:1d:38:ee:d2:
37:f7:81:f3:b0:06:d8:18:43:05:b4:36:61:2e:3d:
2a:dc:a6:82:86:35:d8:cc:87:b6:bd:76:58:e7:d3:
6d:28:e3:e2:4b:f4:a7:7b:aa:db:cb:19:93:8e:cb:
82:55:96:19:1a:a0:e6:b2:cd:48:63:84:c0:bd:28:
8a:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:E9:B8:5C:FE:6D:DE:82:09:5C:4F:A7:02:77:F2:1D:F6:3D:E9:8B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Iem4XP5t3oIJXE-nAnfyHfY96Ys.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
06:d7:bc:b4:c1:bf:78:b1:8b:c7:16:71:c2:e9:5c:71:88:19:
81:52:fe:0f:f0:28:10:ef:b1:16:0c:de:1e:c7:f3:b8:d7:05:
2c:c6:ac:06:6b:a4:e9:68:df:e5:4e:11:c5:84:b4:bc:4a:e4:
5a:95:2e:1d:71:bc:0b:69:c2:41:bc:9c:a6:ca:e2:87:b9:de:
98:49:ad:c0:2a:6e:2e:73:6b:1e:1f:e7:98:46:21:ae:5e:a8:
8b:32:e6:9f:69:d7:1c:32:42:5d:4e:93:85:f2:54:ee:4c:10:
20:fc:96:1f:7f:ae:1d:99:12:da:39:b8:ab:32:52:a5:ee:dc:
da:e1:e2:b2:b6:57:76:61:b5:29:67:b5:b2:8e:b8:03:59:8d:
5c:2c:3e:02:5b:08:80:56:b0:24:94:48:d0:c3:e5:b1:76:bb:
95:2d:ba:ed:44:62:2f:d7:4b:5e:b8:14:06:89:fb:85:8a:a4:
8c:1c:25:61:ac:3d:1e:69:96:5b:bb:38:b6:86:7c:46:99:8b:
2b:b7:75:02:cf:03:eb:e8:b7:bf:46:9a:c5:2e:de:dc:6b:ed:
fa:02:b5:c3:a2:46:6c:50:7c:6f:3f:2d:52:db:2f:d7:45:56:
77:7c:cc:9f:5f:d6:a5:83:61:eb:a1:47:a1:13:38:07:9e:09:
d8:67:21:5b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYAQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTQw
MzEwMThaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDIxRTlCODVDRkU2RERF
ODIwOTVDNEZBNzAyNzdGMjFERjYzREU5OEIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDhFIgGHk1BiTkoZlIaycn0CvVAB+HEhdr5nuWgaXYDohZYcOg0
qaTXEz5RodKK8eUbqNgVlplEHffdGqIjiUNqXbddrCggfyk7u6/s2oU6UZjUXWuC
Fk2hs7SYwgFRZJ4I5EbnirVB40EW0gVroqjtt4cLYNUhj+msy/SjWiAXYT68lLNr
iNFGtdRFcowWa673LFnwcoYBQGypl+z9ZKhyjCWk/YefQIzOAfGnjwtdkrX/07vZ
KtP43Y3pMQXNHTju0jf3gfOwBtgYQwW0NmEuPSrcpoKGNdjMh7a9dljn020o4+JL
9Kd7qtvLGZOOy4JVlhkaoOayzUhjhMC9KIppAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUIem4XP5t3oIJXE+nAnfyHfY96YswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0llbTRYUDV0M29JSlhF
LW5BbmZ5SGZZOTZZcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAG17y0
wb94sYvHFnHC6VxxiBmBUv4P8CgQ77EWDN4ex/O41wUsxqwGa6TpaN/lThHFhLS8
SuRalS4dcbwLacJBvJymyuKHud6YSa3AKm4uc2seH+eYRiGuXqiLMuafadccMkJd
TpOF8lTuTBAg/JYff64dmRLaObirMlKl7tza4eKytld2YbUpZ7WyjrgDWY1cLD4C
WwiAVrAklEjQw+WxdruVLbrtRGIv10teuBQGifuFiqSMHCVhrD0eaZZbuzi2hnxG
mYsrt3UCzwPr6Le/RprFLt7ca+36ArXDokZsUHxvPy1S2y/XRVZ3fMyfX9alg2Hr
oUehEzgHngnYZyFb
-----END CERTIFICATE-----
Generated at Fri Jun 20 22:41:55 2025 by rpki-client