Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/KU7TfcnNCmXKTIP-SNhu6IEaEb4.roa
File: KU7TfcnNCmXKTIP-SNhu6IEaEb4.roa (raw, json)
Hash identifier: lB+/isS7kkQ9aZCW7sQHOCc9AwxbnAMCZ4MheqRdGVU=
Subject key identifier: 29:4E:D3:7D:C9:CD:0A:65:CA:4C:83:FE:48:D8:6E:E8:81:1A:11:BE
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5F92
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/KU7TfcnNCmXKTIP-SNhu6IEaEb4.roa
Signing time: Mon 12 May 2025 22:40:23 +0000
ROA not before: Mon 12 May 2025 22:40:23 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24466 (0x5f92)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 12 22:40:23 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=294ED37DC9CD0A65CA4C83FE48D86EE8811A11BE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:7f:5d:5f:b7:d5:fe:e8:90:62:56:5c:25:4f:
02:30:a5:89:df:3a:be:43:b8:59:46:fb:92:5b:68:
c7:a7:fd:0f:89:71:3e:60:3c:98:2d:90:26:8b:c1:
56:4d:82:d7:f6:c1:a2:60:2a:2a:aa:65:10:99:3d:
81:10:5a:a1:94:09:41:2b:45:cd:4f:78:d5:81:fd:
34:be:5e:1f:a1:74:96:23:ee:20:6e:9b:10:d2:7a:
95:89:e1:59:9f:9e:a8:64:25:02:d0:ab:92:4f:32:
11:1f:b4:22:7c:ba:7e:cd:12:23:55:4e:10:39:fc:
ed:b3:7f:76:0c:0f:09:e1:48:40:b3:18:b5:a1:64:
21:4f:93:b0:fb:1d:e0:6d:72:76:ec:f7:78:ba:97:
1a:c8:a1:a0:02:0e:b7:05:65:15:9c:df:39:69:55:
99:b3:97:f6:d2:14:f3:ae:c8:49:cf:29:05:64:b1:
87:e9:39:a5:c1:22:d9:94:5e:fe:c5:b7:0c:85:6c:
a1:18:ed:83:0b:e8:b9:28:a8:92:a4:cf:fb:b1:37:
4e:94:6d:28:f0:84:89:79:0c:15:f3:6b:af:5c:ba:
cd:85:6c:02:c0:90:e3:fd:11:26:c5:01:e6:de:4a:
c7:ac:f4:b3:b5:69:2e:df:27:99:03:bd:91:40:41:
3f:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:4E:D3:7D:C9:CD:0A:65:CA:4C:83:FE:48:D8:6E:E8:81:1A:11:BE
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/KU7TfcnNCmXKTIP-SNhu6IEaEb4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
54:d8:30:02:ab:fe:cf:be:af:ba:51:00:8e:4b:0f:9f:8e:fb:
71:34:ae:d9:5e:c1:22:41:5b:ed:4e:8d:f1:53:04:4e:3a:46:
bb:3f:56:14:fe:aa:aa:21:5c:52:a4:41:f5:3d:1b:de:27:f9:
75:46:ea:ee:31:75:cd:11:e5:c6:d4:78:ae:77:7a:c5:43:19:
1b:ab:38:d0:4e:59:49:2b:33:3e:50:9e:7b:69:0d:62:f9:77:
a7:ed:1a:97:a5:d2:be:3f:c4:d2:58:ad:cc:a4:08:bc:83:ea:
26:3c:e9:5e:5e:47:8b:da:cd:a4:cd:a1:0c:9e:c4:25:2f:94:
29:8d:32:5d:a4:83:bd:ca:64:d5:78:c7:6d:97:eb:e4:4e:8c:
3c:d5:1c:9e:c7:4b:26:81:4f:a6:59:17:32:6c:c4:6d:cd:45:
a4:b6:67:20:15:60:90:98:eb:5c:77:68:04:51:66:b8:34:9d:
3a:7c:92:40:e4:97:44:41:89:05:aa:9a:fa:1b:4e:7d:85:3b:
bb:1b:ba:05:85:a7:4a:a0:0a:4d:2b:57:ee:a1:89:e6:b3:e6:
17:9e:35:92:ae:3a:24:8f:de:f1:cd:36:07:72:23:4b:47:db:
16:5e:99:c2:6a:a8:15:db:7f:05:85:93:82:79:83:09:9c:a5:
d9:fc:db:e5
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICX5IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTIy
MjQwMjNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDI5NEVEMzdEQzlDRDBB
NjVDQTRDODNGRTQ4RDg2RUU4ODExQTExQkUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC0f11ft9X+6JBiVlwlTwIwpYnfOr5DuFlG+5JbaMen/Q+JcT5g
PJgtkCaLwVZNgtf2waJgKiqqZRCZPYEQWqGUCUErRc1PeNWB/TS+Xh+hdJYj7iBu
mxDSepWJ4VmfnqhkJQLQq5JPMhEftCJ8un7NEiNVThA5/O2zf3YMDwnhSECzGLWh
ZCFPk7D7HeBtcnbs93i6lxrIoaACDrcFZRWc3zlpVZmzl/bSFPOuyEnPKQVksYfp
OaXBItmUXv7FtwyFbKEY7YML6LkoqJKkz/uxN06UbSjwhIl5DBXza69cus2FbALA
kOP9ESbFAebeSses9LO1aS7fJ5kDvZFAQT8tAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUKU7TfcnNCmXKTIP+SNhu6IEaEb4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0tVN1RmY25OQ21YS1RJ
UC1TTmh1NklFYUViNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBU2DAC
q/7Pvq+6UQCOSw+fjvtxNK7ZXsEiQVvtTo3xUwROOka7P1YU/qqqIVxSpEH1PRve
J/l1RuruMXXNEeXG1Hiud3rFQxkbqzjQTllJKzM+UJ57aQ1i+Xen7RqXpdK+P8TS
WK3MpAi8g+omPOleXkeL2s2kzaEMnsQlL5QpjTJdpIO9ymTVeMdtl+vkTow81Rye
x0smgU+mWRcybMRtzUWktmcgFWCQmOtcd2gEUWa4NJ06fJJA5JdEQYkFqpr6G059
hTu7G7oFhadKoApNK1fuoYnms+YXnjWSrjokj97xzTYHciNLR9sWXpnCaqgV238F
hZOCeYMJnKXZ/Nvl
-----END CERTIFICATE-----
Generated at Fri Jun 20 10:18:32 2025 by rpki-client