Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/PcsBW0A7FCIBEyLVHPFgU5_aNdY.roa
File: PcsBW0A7FCIBEyLVHPFgU5_aNdY.roa (raw, json)
Hash identifier: lHN3sFyYsbWZKJW75kiLEb1zprMc+xAisY9XPlsXfXw=
Subject key identifier: 3D:CB:01:5B:40:3B:14:22:01:13:22:D5:1C:F1:60:53:9F:DA:35:D6
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6B42
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PcsBW0A7FCIBEyLVHPFgU5_aNdY.roa
Signing time: Fri 13 Jun 2025 02:48:51 +0000
ROA not before: Fri 13 Jun 2025 02:48:51 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27458 (0x6b42)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 13 02:48:51 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=3DCB015B403B1422011322D51CF160539FDA35D6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:d7:3c:e4:68:ac:b5:43:7d:3c:10:6e:38:27:
a7:f8:81:32:4f:86:6f:50:0f:f3:50:e0:9f:16:8d:
bc:98:cf:d5:76:81:98:34:31:c8:8d:8a:53:98:5e:
15:f3:0b:5f:b1:c2:7d:6b:8c:89:2e:83:c0:d6:46:
95:b7:f9:26:8f:d6:5e:84:65:f8:29:9e:62:0a:30:
2f:af:7d:33:4a:67:74:9d:10:b3:c3:bc:b2:36:56:
48:f1:e6:af:af:03:7e:a8:8a:17:6a:6e:13:58:37:
95:7d:cd:55:8d:30:99:b4:71:8c:30:3f:1f:d6:4f:
07:32:b0:ff:65:00:72:75:6e:6a:15:99:73:e2:b2:
5a:ee:b2:92:ed:20:98:d8:84:35:f1:52:10:5d:87:
8b:72:3e:50:03:0e:e0:b0:19:4d:f0:62:ad:c7:8a:
f4:1d:7f:34:a7:18:00:19:94:47:d6:47:08:25:16:
c3:8e:ba:d7:67:5c:b6:c4:79:aa:70:8a:58:3b:f8:
10:da:be:24:3d:09:d8:78:d5:7c:15:b9:d3:f6:1f:
e4:ae:e9:14:4b:13:19:6c:59:ec:b2:36:b1:16:a8:
6c:77:38:c8:2a:e9:25:64:15:82:f5:9f:22:9e:47:
27:fe:67:aa:87:70:ed:d2:0d:3f:4f:41:44:9e:a5:
b0:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:CB:01:5B:40:3B:14:22:01:13:22:D5:1C:F1:60:53:9F:DA:35:D6
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PcsBW0A7FCIBEyLVHPFgU5_aNdY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
62:9e:9b:8a:56:d0:8d:1b:4a:9f:3d:fc:da:93:33:24:b1:d3:
60:60:16:09:83:56:0b:df:2c:63:e3:d8:79:74:fa:6d:53:00:
d1:73:32:13:9c:46:8e:33:43:49:75:0e:d5:d3:2d:96:5c:1e:
3d:0c:e2:1a:c1:a4:7d:4b:75:61:3e:14:54:28:33:37:65:43:
67:f0:0e:f0:9a:ac:e8:3c:c2:b1:21:72:6d:c9:eb:a5:2e:d9:
09:2a:0c:89:6c:d8:85:e8:2b:ae:f1:87:bd:34:19:89:bd:1a:
22:74:70:f9:d2:c7:a6:bd:64:65:22:fc:92:f0:2f:99:5b:53:
bd:49:9d:34:fb:a2:93:e0:fe:57:36:18:c6:34:54:d6:f6:70:
be:cb:01:43:00:d5:5c:2e:83:20:d1:b2:a4:3b:07:3c:32:de:
60:b2:f8:fa:e0:11:c1:91:68:33:df:96:dc:61:31:50:d9:be:
a1:6e:8e:3d:a7:76:d4:f5:ad:ea:bf:e2:61:8d:7f:1d:f0:2f:
2d:40:33:58:4e:c8:c0:b4:65:b7:4f:9a:5b:9f:98:5a:f5:a4:
51:f4:b3:7f:d4:e2:f2:23:d8:0e:92:dc:a8:26:b7:97:82:de:
5d:da:75:66:36:35:60:2d:2f:1b:b7:a5:e2:c6:83:20:df:17:
23:ec:10:5b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICa0IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTMw
MjQ4NTFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDNEQ0IwMTVCNDAzQjE0
MjIwMTEzMjJENTFDRjE2MDUzOUZEQTM1RDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCn1zzkaKy1Q308EG44J6f4gTJPhm9QD/NQ4J8WjbyYz9V2gZg0
MciNilOYXhXzC1+xwn1rjIkug8DWRpW3+SaP1l6EZfgpnmIKMC+vfTNKZ3SdELPD
vLI2Vkjx5q+vA36oihdqbhNYN5V9zVWNMJm0cYwwPx/WTwcysP9lAHJ1bmoVmXPi
slruspLtIJjYhDXxUhBdh4tyPlADDuCwGU3wYq3HivQdfzSnGAAZlEfWRwglFsOO
utdnXLbEeapwilg7+BDaviQ9Cdh41XwVudP2H+Su6RRLExlsWeyyNrEWqGx3OMgq
6SVkFYL1nyKeRyf+Z6qHcO3SDT9PQUSepbCHAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUPcsBW0A7FCIBEyLVHPFgU5/aNdYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1Bjc0JXMEE3RkNJQkV5
TFZIUEZnVTVfYU5kWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBinpuK
VtCNG0qfPfzakzMksdNgYBYJg1YL3yxj49h5dPptUwDRczITnEaOM0NJdQ7V0y2W
XB49DOIawaR9S3VhPhRUKDM3ZUNn8A7wmqzoPMKxIXJtyeulLtkJKgyJbNiF6Cuu
8Ye9NBmJvRoidHD50semvWRlIvyS8C+ZW1O9SZ00+6KT4P5XNhjGNFTW9nC+ywFD
ANVcLoMg0bKkOwc8Mt5gsvj64BHBkWgz35bcYTFQ2b6hbo49p3bU9a3qv+JhjX8d
8C8tQDNYTsjAtGW3T5pbn5ha9aRR9LN/1OLyI9gOktyoJreXgt5d2nVmNjVgLS8b
t6XixoMg3xcj7BBb
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:54:27 2025 by rpki-client