Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/KKydC0FyBjY8EaimTVVGN8iF5dM.roa
File: KKydC0FyBjY8EaimTVVGN8iF5dM.roa (raw, json)
Hash identifier: 1dDTghzOrUDYBYrya/SXRQD8vm0bq0vxaVY5lTMJtlQ=
Subject key identifier: 28:AC:9D:0B:41:72:06:36:3C:11:A8:A6:4D:55:46:37:C8:85:E5:D3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6A30
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/KKydC0FyBjY8EaimTVVGN8iF5dM.roa
Signing time: Tue 10 Jun 2025 06:12:10 +0000
ROA not before: Tue 10 Jun 2025 06:12:10 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27184 (0x6a30)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 10 06:12:10 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=28AC9D0B417206363C11A8A64D554637C885E5D3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:4c:7b:6d:6a:ea:22:2a:a8:4f:53:ca:e6:12:
ce:21:f5:c7:6f:99:59:c9:01:95:9e:40:2a:c9:d4:
b3:ed:48:a1:29:a8:7b:0e:98:25:37:76:48:03:e7:
a2:05:bf:f1:e2:a7:87:aa:4d:04:ba:08:80:6a:4a:
12:fa:d1:a0:06:2f:f7:0c:21:a2:2d:cf:3a:7b:d3:
8d:54:42:5c:79:f4:2c:10:c2:db:3c:95:fc:a6:86:
82:9a:02:5d:1c:2f:5b:b1:1d:d4:c3:c3:a6:06:f9:
b2:40:4c:44:b1:12:54:ae:b5:4f:5f:37:c5:16:1b:
6a:e6:d2:3e:70:85:73:98:ee:7a:9c:d9:53:6b:d9:
30:93:cc:87:9e:78:e1:6f:ca:47:2e:18:73:97:83:
15:0e:58:37:2d:08:4d:e3:3e:1a:25:77:6d:93:da:
1a:d9:c2:5e:42:e7:a9:96:31:77:05:c2:88:93:52:
06:7a:b9:f6:8f:92:68:18:b4:5e:f3:1a:8b:d1:ce:
32:14:66:22:fe:72:eb:30:f7:15:3a:a4:db:8a:a5:
b4:3d:45:5c:84:11:91:4d:b3:6f:66:b4:22:78:b2:
a7:1d:ec:f5:a3:38:a5:9e:f6:35:8a:0a:e4:a4:7f:
82:02:ee:a2:ef:3a:ad:73:48:f3:d5:08:ba:38:80:
f8:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:AC:9D:0B:41:72:06:36:3C:11:A8:A6:4D:55:46:37:C8:85:E5:D3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/KKydC0FyBjY8EaimTVVGN8iF5dM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
3e:3e:9c:3f:00:2d:7e:36:1e:71:24:3f:83:f9:83:df:43:74:
d7:d6:16:7d:81:e9:e2:91:a7:b7:b7:4c:c0:19:cf:f4:74:ef:
3a:67:bb:9a:86:a0:f4:c1:96:e0:8b:58:06:fe:e1:be:01:be:
ea:61:87:03:ba:9b:34:9a:8c:e4:03:3d:f6:1a:c0:ea:cd:bb:
e3:d9:e1:d5:c2:b1:ed:73:32:84:91:09:78:c1:bc:39:9c:0e:
34:0d:de:9c:4d:da:c6:45:04:8c:63:8d:63:fa:35:4e:ef:52:
2e:b3:e6:9e:04:60:b0:69:e6:87:44:47:1d:bf:c8:0b:6c:c3:
04:0c:de:03:23:f5:e2:ef:fc:f0:10:3e:0d:33:6f:14:84:cb:
98:68:24:73:b9:3d:1c:a9:86:28:18:d4:ec:a1:52:c1:80:a4:
b5:ee:b3:b9:a8:7b:0c:7b:fc:a4:3c:e1:5a:31:93:90:51:f4:
3e:0d:42:08:0e:e1:64:35:c0:ad:af:ba:65:e9:79:98:3a:0f:
72:fd:89:8b:9a:02:14:fd:fb:94:f0:8f:a0:58:5c:f1:8b:5f:
ff:47:f7:ed:24:76:2a:b4:65:fa:9d:d2:3c:f9:fc:00:a8:4f:
98:3a:df:62:ba:37:b2:44:63:ba:11:c4:4a:7e:b0:75:4d:de:
66:6b:65:6a
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICajAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTAw
NjEyMTBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDI4QUM5RDBCNDE3MjA2
MzYzQzExQThBNjRENTU0NjM3Qzg4NUU1RDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDFTHttauoiKqhPU8rmEs4h9cdvmVnJAZWeQCrJ1LPtSKEpqHsO
mCU3dkgD56IFv/Hip4eqTQS6CIBqShL60aAGL/cMIaItzzp7041UQlx59CwQwts8
lfymhoKaAl0cL1uxHdTDw6YG+bJATESxElSutU9fN8UWG2rm0j5whXOY7nqc2VNr
2TCTzIeeeOFvykcuGHOXgxUOWDctCE3jPhold22T2hrZwl5C56mWMXcFwoiTUgZ6
ufaPkmgYtF7zGovRzjIUZiL+cusw9xU6pNuKpbQ9RVyEEZFNs29mtCJ4sqcd7PWj
OKWe9jWKCuSkf4IC7qLvOq1zSPPVCLo4gPgJAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUKKydC0FyBjY8EaimTVVGN8iF5dMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0tLeWRDMEZ5QmpZOEVh
aW1UVlZHTjhpRjVkTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA+Ppw/
AC1+Nh5xJD+D+YPfQ3TX1hZ9genikae3t0zAGc/0dO86Z7uahqD0wZbgi1gG/uG+
Ab7qYYcDups0mozkAz32GsDqzbvj2eHVwrHtczKEkQl4wbw5nA40Dd6cTdrGRQSM
Y41j+jVO71Ius+aeBGCwaeaHREcdv8gLbMMEDN4DI/Xi7/zwED4NM28UhMuYaCRz
uT0cqYYoGNTsoVLBgKS17rO5qHsMe/ykPOFaMZOQUfQ+DUIIDuFkNcCtr7pl6XmY
Og9y/YmLmgIU/fuU8I+gWFzxi1//R/ftJHYqtGX6ndI8+fwAqE+YOt9iujeyRGO6
EcRKfrB1Td5ma2Vq
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:42:09 2025 by rpki-client