Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/PAxaYxhCZQtXRHNM48mYJBMaSpQ.roa
File: PAxaYxhCZQtXRHNM48mYJBMaSpQ.roa (raw, json)
Hash identifier: hbM6lyN8JgaHP6Ku1vwDHFjJdQ2pkSiK0TmXurfGORE=
Subject key identifier: 3C:0C:5A:63:18:42:65:0B:57:44:73:4C:E3:C9:98:24:13:1A:4A:94
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 64CA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PAxaYxhCZQtXRHNM48mYJBMaSpQ.roa
Signing time: Mon 26 May 2025 20:41:04 +0000
ROA not before: Mon 26 May 2025 20:41:04 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25802 (0x64ca)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 26 20:41:04 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=3C0C5A631842650B5744734CE3C99824131A4A94
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:16:b7:fe:fd:55:f7:29:84:06:9b:f7:c3:98:
3c:3a:ca:3b:d0:00:df:ba:30:1b:eb:20:72:cd:c9:
35:e9:b0:09:22:5f:1b:82:5e:63:bf:05:10:0a:9e:
5d:c1:d7:d3:35:47:b5:b1:5c:ba:97:17:45:08:34:
bb:b7:d1:70:78:25:92:88:3c:89:c9:e6:a4:c3:60:
c4:0a:d8:5d:02:73:04:ca:07:7a:c7:52:4e:0d:5e:
3a:93:c1:05:3a:0d:d7:dc:4b:c5:d6:06:a9:87:77:
24:e5:7d:4a:c0:ad:8a:fb:b1:7c:6c:82:7a:18:e9:
bb:35:fd:27:56:c6:65:9e:b1:22:4e:5e:4c:2c:f0:
91:06:a0:7b:4a:5e:c4:63:51:99:10:70:f9:99:cd:
49:f9:e9:0a:6b:7a:3b:37:8a:16:67:82:9c:8e:0b:
7a:09:8c:2b:71:30:96:7d:8e:21:a0:58:f0:f3:1c:
df:b6:c7:41:88:a5:64:80:ec:49:be:f7:0d:c8:83:
97:c1:2a:80:a9:8f:44:76:e7:e9:57:ea:d5:af:f5:
a4:57:3c:6f:06:31:86:f3:07:9e:64:2b:20:87:db:
f0:2a:d6:89:db:45:b8:a7:3a:b0:06:66:f9:41:eb:
29:a5:30:d6:74:20:f9:90:5d:a8:f3:d4:50:1b:ab:
e1:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:0C:5A:63:18:42:65:0B:57:44:73:4C:E3:C9:98:24:13:1A:4A:94
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PAxaYxhCZQtXRHNM48mYJBMaSpQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
53:33:96:51:15:2b:20:17:85:cf:ee:19:cf:07:bc:10:9a:74:
69:5c:0f:16:55:4a:4f:cb:6e:4e:5e:b5:3a:0d:c9:7a:0e:98:
7a:07:32:2e:37:7d:3c:d9:d2:5d:09:58:52:91:93:f4:28:07:
d8:a9:a5:06:f3:d8:c0:7e:56:df:ca:f7:66:62:20:fd:be:fb:
e8:2c:76:a0:1b:48:16:5e:53:b6:d9:b1:4f:4f:ff:b4:f2:29:
c3:2b:59:6a:49:68:7e:ee:57:6d:3d:bb:87:0a:54:db:5e:6a:
fc:e5:18:56:ed:c7:d7:eb:68:94:4b:64:73:9f:90:28:4e:a8:
21:e4:6a:42:e1:a2:9d:b2:b6:ce:d0:ef:5c:95:b8:bc:cf:59:
1c:43:25:e6:18:9d:05:ad:60:5c:c6:b7:4c:d5:28:c8:db:ea:
b9:69:58:1a:36:34:1f:90:a6:87:92:40:e9:13:9b:1a:36:a9:
f0:49:d6:8a:e8:b4:bb:ba:a3:57:f8:f1:49:74:86:23:c2:bd:
e6:91:7b:81:09:d5:4d:60:4f:e9:90:80:2a:42:44:99:b0:31:
fc:5f:08:25:d0:49:4c:a4:5e:92:d1:3b:8f:0a:e8:13:f0:39:
0a:fe:72:6f:67:9d:a4:fe:31:1b:5b:c5:3a:8a:c8:33:0b:a6:
e6:f7:00:fb
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZMowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjYy
MDQxMDRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDNDMEM1QTYzMTg0MjY1
MEI1NzQ0NzM0Q0UzQzk5ODI0MTMxQTRBOTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDLFrf+/VX3KYQGm/fDmDw6yjvQAN+6MBvrIHLNyTXpsAkiXxuC
XmO/BRAKnl3B19M1R7WxXLqXF0UINLu30XB4JZKIPInJ5qTDYMQK2F0CcwTKB3rH
Uk4NXjqTwQU6DdfcS8XWBqmHdyTlfUrArYr7sXxsgnoY6bs1/SdWxmWesSJOXkws
8JEGoHtKXsRjUZkQcPmZzUn56Qprejs3ihZngpyOC3oJjCtxMJZ9jiGgWPDzHN+2
x0GIpWSA7Em+9w3Ig5fBKoCpj0R25+lX6tWv9aRXPG8GMYbzB55kKyCH2/Aq1onb
RbinOrAGZvlB6ymlMNZ0IPmQXajz1FAbq+G7AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUPAxaYxhCZQtXRHNM48mYJBMaSpQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1BBeGFZeGhDWlF0WFJI
Tk00OG1ZSkJNYVNwUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBTM5ZR
FSsgF4XP7hnPB7wQmnRpXA8WVUpPy25OXrU6Dcl6Dph6BzIuN3082dJdCVhSkZP0
KAfYqaUG89jAflbfyvdmYiD9vvvoLHagG0gWXlO22bFPT/+08inDK1lqSWh+7ldt
PbuHClTbXmr85RhW7cfX62iUS2Rzn5AoTqgh5GpC4aKdsrbO0O9clbi8z1kcQyXm
GJ0FrWBcxrdM1SjI2+q5aVgaNjQfkKaHkkDpE5saNqnwSdaK6LS7uqNX+PFJdIYj
wr3mkXuBCdVNYE/pkIAqQkSZsDH8Xwgl0ElMpF6S0TuPCugT8DkK/nJvZ52k/jEb
W8U6isgzC6bm9wD7
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:54:59 2025 by rpki-client