Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/S87qQBB6sIEACXF6u7I7y_SCNIA.roa
File: S87qQBB6sIEACXF6u7I7y_SCNIA.roa (raw, json)
Hash identifier: ffCxuw569xVJU6sorVr0eH5GVS5TDDDiF4loDum8d9g=
Subject key identifier: 4B:CE:EA:40:10:7A:B0:81:00:09:71:7A:BB:B2:3B:CB:F4:82:34:80
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 66C4
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/S87qQBB6sIEACXF6u7I7y_SCNIA.roa
Signing time: Sun 01 Jun 2025 03:11:56 +0000
ROA not before: Sun 01 Jun 2025 03:11:56 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26308 (0x66c4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 1 03:11:56 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=4BCEEA40107AB0810009717ABBB23BCBF4823480
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:b6:c7:ad:de:63:61:a4:af:7c:3b:fc:ae:09:
8c:81:e2:b9:97:eb:b1:a8:25:c2:e3:a7:74:21:9c:
05:b5:7c:0b:02:66:36:fb:9f:8a:98:8d:81:92:43:
66:47:4a:82:16:fd:e0:21:21:e0:0b:72:58:8d:84:
5b:70:4a:2d:8d:52:bf:b9:3b:8c:ad:93:9e:f8:b8:
5d:af:52:c7:bd:32:c2:8d:a9:36:50:dd:dd:00:2c:
3a:0f:ee:03:19:9f:c6:9c:51:17:ce:6c:85:c8:05:
b6:97:6c:23:70:6d:d7:c3:36:2d:5e:de:ac:d8:07:
06:2f:25:8d:94:b7:b3:1f:4d:21:76:1d:ff:0e:24:
4f:31:33:e3:10:68:fc:4a:32:93:5d:b1:b7:8d:57:
1f:a1:7d:f0:78:1b:97:ce:ab:50:ad:33:1d:81:5f:
c7:48:4e:61:de:62:b7:bc:f8:b9:d7:74:0b:52:15:
c9:56:93:54:a9:b2:1a:6e:01:22:a2:3d:43:97:d8:
8b:73:46:24:bf:2b:5f:53:95:12:c2:35:22:02:4a:
a2:b6:c6:0f:42:f2:a0:01:8c:9c:44:a9:71:7c:32:
9a:61:83:da:1c:54:26:9a:c8:43:d3:ed:71:18:b9:
b2:24:71:ec:fe:ea:04:3c:82:3e:3d:09:a2:41:90:
8c:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:CE:EA:40:10:7A:B0:81:00:09:71:7A:BB:B2:3B:CB:F4:82:34:80
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/S87qQBB6sIEACXF6u7I7y_SCNIA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
84:e4:ca:21:fc:44:6a:2f:ff:89:8c:18:8a:d7:11:50:1b:30:
c1:c1:a5:39:8f:e1:05:93:15:c5:ca:45:64:97:15:ac:04:07:
d1:fa:3b:c7:81:8e:02:72:7a:d1:57:6b:b5:d6:d0:79:93:69:
d7:78:c3:ca:52:72:6c:d4:ff:2a:0e:f7:d4:0f:60:d1:e3:c2:
f9:dd:12:44:38:d9:6e:ed:0c:be:de:19:f9:82:11:af:8b:bc:
91:eb:52:a7:54:8b:55:50:fa:98:b5:9f:70:db:67:a1:f0:9f:
87:2c:3e:fc:65:ee:9d:16:8b:19:aa:93:ba:73:19:be:ae:12:
65:8d:da:92:e7:1c:41:09:d6:46:e5:4c:fa:93:57:e0:55:38:
c7:89:51:aa:7b:83:12:6c:73:c4:2f:27:a6:e5:75:e4:ee:df:
09:c2:27:60:4c:44:01:d5:b6:ba:ea:1e:8b:fb:6a:0b:ea:86:
2e:d5:da:fd:07:79:2b:8b:a9:16:02:ed:bc:e6:ad:8e:de:e3:
9a:18:10:4c:0e:60:b6:71:dc:b6:78:2d:7d:a7:7d:19:87:64:
c6:18:64:a1:33:22:32:79:58:f1:29:78:47:a0:8e:3b:51:91:
e4:e1:d0:29:07:a3:42:aa:b4:57:b1:9f:d3:50:35:1d:34:78:
a7:3e:e4:46
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZsQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDEw
MzExNTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDRCQ0VFQTQwMTA3QUIw
ODEwMDA5NzE3QUJCQjIzQkNCRjQ4MjM0ODAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+tset3mNhpK98O/yuCYyB4rmX67GoJcLjp3QhnAW1fAsCZjb7
n4qYjYGSQ2ZHSoIW/eAhIeALcliNhFtwSi2NUr+5O4ytk574uF2vUse9MsKNqTZQ
3d0ALDoP7gMZn8acURfObIXIBbaXbCNwbdfDNi1e3qzYBwYvJY2Ut7MfTSF2Hf8O
JE8xM+MQaPxKMpNdsbeNVx+hffB4G5fOq1CtMx2BX8dITmHeYre8+LnXdAtSFclW
k1SpshpuASKiPUOX2ItzRiS/K19TlRLCNSICSqK2xg9C8qABjJxEqXF8Mpphg9oc
VCaayEPT7XEYubIkcez+6gQ8gj49CaJBkIybAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUS87qQBB6sIEACXF6u7I7y/SCNIAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1M4N3FRQkI2c0lFQUNY
RjZ1N0k3eV9TQ05JQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCE5Moh
/ERqL/+JjBiK1xFQGzDBwaU5j+EFkxXFykVklxWsBAfR+jvHgY4CcnrRV2u11tB5
k2nXeMPKUnJs1P8qDvfUD2DR48L53RJEONlu7Qy+3hn5ghGvi7yR61KnVItVUPqY
tZ9w22eh8J+HLD78Ze6dFosZqpO6cxm+rhJljdqS5xxBCdZG5Uz6k1fgVTjHiVGq
e4MSbHPELyem5XXk7t8JwidgTEQB1ba66h6L+2oL6oYu1dr9B3kri6kWAu285q2O
3uOaGBBMDmC2cdy2eC19p30Zh2TGGGShMyIyeVjxKXhHoI47UZHk4dApB6NCqrRX
sZ/TUDUdNHinPuRG
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:10:38 2025 by rpki-client