Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/P8N7gUm7b9ZE-rRngD4mLJoXaYs.roa
File: P8N7gUm7b9ZE-rRngD4mLJoXaYs.roa (raw, json)
Hash identifier: iGiQpN1uvpcz1cZcLTZcuTSrGZm8Z9tsVeBw2ytJ4I0=
Subject key identifier: 3F:C3:7B:81:49:BB:6F:D6:44:FA:B4:67:80:3E:26:2C:9A:17:69:8B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6946
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/P8N7gUm7b9ZE-rRngD4mLJoXaYs.roa
Signing time: Sat 07 Jun 2025 19:41:54 +0000
ROA not before: Sat 07 Jun 2025 19:41:54 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26950 (0x6946)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 7 19:41:54 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=3FC37B8149BB6FD644FAB467803E262C9A17698B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:de:b4:b3:1c:b0:e0:bc:95:8d:95:87:0d:91:
c2:25:06:24:4c:3c:84:dd:87:c0:10:ad:33:59:7d:
be:7b:41:9f:1c:5c:54:23:27:a0:6e:40:0b:aa:e5:
f5:05:8e:a2:ea:1a:93:bb:b9:71:c0:70:c9:00:45:
79:d3:9a:67:fa:52:d5:a2:79:1c:24:f2:94:4f:a6:
d5:98:2c:7b:ed:1c:a8:3d:1a:81:38:b9:b1:0f:49:
bf:6e:fd:39:54:d3:95:b2:07:a4:cc:b5:3f:5a:fa:
2e:5e:46:a8:db:25:48:ee:b2:e8:ab:54:d0:dd:f2:
9f:28:e4:f3:8a:ca:bf:cb:59:cb:da:34:58:83:64:
32:09:49:09:8e:b5:38:58:05:fe:01:bf:64:63:ea:
6a:a3:ac:c4:19:d7:7f:66:14:cf:ea:36:df:50:db:
ab:a4:ed:79:c7:22:9c:e5:ae:64:05:7a:d1:74:80:
16:ec:b7:86:bc:7e:10:08:8e:c2:45:36:88:6a:f4:
5c:55:77:ef:da:01:43:03:92:41:59:b4:e7:b0:b8:
a4:78:fb:03:0f:94:6a:5d:46:65:c7:cd:9a:49:91:
0d:45:e9:25:fc:fc:e4:94:6b:4f:27:99:4d:9e:1a:
db:b1:17:7c:c0:87:8d:1c:f0:f0:cd:54:71:1f:64:
26:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:C3:7B:81:49:BB:6F:D6:44:FA:B4:67:80:3E:26:2C:9A:17:69:8B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/P8N7gUm7b9ZE-rRngD4mLJoXaYs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
8e:60:c2:54:53:3b:66:a5:47:cb:ac:c1:0b:65:6e:ce:89:28:
f0:24:24:4d:24:20:f9:57:c5:8c:4a:c5:f5:00:56:b2:0a:64:
2b:88:e9:58:9c:9f:9b:17:f6:b3:71:c5:90:57:0f:f7:9a:cd:
4a:c0:47:b5:a9:f2:29:09:e4:e4:0a:30:3e:d0:6f:38:91:65:
7d:ab:fa:b9:9f:31:0f:67:1d:c8:35:00:8e:f6:85:b5:e1:bd:
95:27:86:8c:18:49:b8:69:35:35:1b:de:67:8c:d9:e3:9b:24:
ef:83:68:ba:48:a9:70:72:82:cd:b7:69:99:a3:e9:9f:3a:09:
23:57:34:ae:04:c8:4d:80:8f:92:d4:1c:10:b7:1b:38:60:0e:
38:db:4e:9a:16:28:19:85:79:5c:06:53:ca:06:ee:b2:3b:8c:
0f:d5:01:37:64:92:05:a5:8e:dd:ab:40:81:4a:87:a1:66:da:
76:10:c5:49:c5:e4:02:2d:4d:11:1d:69:90:32:68:5d:74:d1:
2f:db:19:15:2b:79:b9:c1:98:30:81:ae:3e:ef:ad:4f:14:7c:
9d:11:b4:55:78:8a:6a:96:27:2a:fb:dd:b3:ef:e3:5f:ee:e6:
dd:d7:4a:4f:50:d1:ef:0c:a7:7d:4b:7c:eb:63:8a:fb:e9:a5:
68:9a:50:29
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICaUYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDcx
OTQxNTRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDNGQzM3QjgxNDlCQjZG
RDY0NEZBQjQ2NzgwM0UyNjJDOUExNzY5OEIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCm3rSzHLDgvJWNlYcNkcIlBiRMPITdh8AQrTNZfb57QZ8cXFQj
J6BuQAuq5fUFjqLqGpO7uXHAcMkARXnTmmf6UtWieRwk8pRPptWYLHvtHKg9GoE4
ubEPSb9u/TlU05WyB6TMtT9a+i5eRqjbJUjusuirVNDd8p8o5POKyr/LWcvaNFiD
ZDIJSQmOtThYBf4Bv2Rj6mqjrMQZ139mFM/qNt9Q26uk7XnHIpzlrmQFetF0gBbs
t4a8fhAIjsJFNohq9FxVd+/aAUMDkkFZtOewuKR4+wMPlGpdRmXHzZpJkQ1F6SX8
/OSUa08nmU2eGtuxF3zAh40c8PDNVHEfZCbfAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUP8N7gUm7b9ZE+rRngD4mLJoXaYswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1A4TjdnVW03YjlaRS1y
Um5nRDRtTEpvWGFZcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCOYMJU
UztmpUfLrMELZW7OiSjwJCRNJCD5V8WMSsX1AFayCmQriOlYnJ+bF/azccWQVw/3
ms1KwEe1qfIpCeTkCjA+0G84kWV9q/q5nzEPZx3INQCO9oW14b2VJ4aMGEm4aTU1
G95njNnjmyTvg2i6SKlwcoLNt2mZo+mfOgkjVzSuBMhNgI+S1BwQtxs4YA44206a
FigZhXlcBlPKBu6yO4wP1QE3ZJIFpY7dq0CBSoehZtp2EMVJxeQCLU0RHWmQMmhd
dNEv2xkVK3m5wZgwga4+761PFHydEbRVeIpqlicq+92z7+Nf7ubd10pPUNHvDKd9
S3zrY4r76aVomlAp
-----END CERTIFICATE-----
Generated at Fri Jun 20 21:28:13 2025 by rpki-client