Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/TpA2E0F42huXUlDacBIHu121tKE.roa
File: TpA2E0F42huXUlDacBIHu121tKE.roa (raw, json)
Hash identifier: ngJrA8QeKiVPhOjq/q+w098gCHLWVASWFh0VkI7r7lM=
Subject key identifier: 4E:90:36:13:41:78:DA:1B:97:52:50:DA:70:12:07:BB:5D:B5:B4:A1
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6958
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/TpA2E0F42huXUlDacBIHu121tKE.roa
Signing time: Sun 08 Jun 2025 00:11:50 +0000
ROA not before: Sun 08 Jun 2025 00:11:50 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26968 (0x6958)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 8 00:11:50 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=4E9036134178DA1B975250DA701207BB5DB5B4A1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:43:b7:66:ff:8e:0d:bd:1d:e8:19:0b:42:fe:
24:58:7c:9e:be:e7:6a:1c:31:8b:29:1b:19:f1:ee:
a2:ce:32:f1:8c:82:26:ee:f1:90:4c:70:ca:8f:ee:
f9:af:c3:52:7a:62:06:e0:5d:07:4c:f9:82:de:50:
2c:74:43:64:f1:6f:22:3f:30:38:06:68:df:3b:a8:
53:51:34:1a:2b:95:de:fc:15:6b:47:1d:3d:1f:94:
a8:6a:77:8b:e2:29:fe:71:24:77:ed:90:f6:1c:bc:
5d:8e:16:28:fc:7c:04:0c:d4:c8:f1:ec:6b:fd:26:
27:37:59:84:27:b8:71:93:07:5e:10:ad:1c:e4:14:
29:3b:2f:a5:66:38:ac:3c:08:c1:27:d3:47:6e:ba:
39:7d:f4:7d:5a:53:53:93:0e:5e:d2:2a:b6:5e:e7:
87:30:d4:50:7e:91:87:c4:4e:60:fa:e7:69:0b:e9:
66:39:ac:d0:89:19:a1:f6:0a:8b:3a:52:39:db:11:
86:85:0c:e0:64:3e:0e:48:e1:56:89:82:88:0f:1e:
c5:0d:fe:5b:18:8c:38:83:52:8a:8f:9c:94:80:26:
ad:85:b2:bc:3e:c2:a8:dc:82:4e:24:18:de:7c:5f:
1b:ce:b2:4f:6f:d8:7d:58:6d:8f:45:43:85:d1:af:
b7:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4E:90:36:13:41:78:DA:1B:97:52:50:DA:70:12:07:BB:5D:B5:B4:A1
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/TpA2E0F42huXUlDacBIHu121tKE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
67:a5:c0:47:f3:d2:1b:37:4f:77:bb:78:ca:44:bd:5b:09:a3:
26:7f:1a:3d:15:35:c0:7a:26:93:8f:fd:35:1f:ce:ae:3d:bd:
d4:9e:37:a6:91:01:dd:68:fe:24:96:58:63:01:30:fb:4a:a8:
fc:e5:86:11:8e:29:73:6e:7b:f1:c4:87:48:02:ac:5d:6b:0f:
ea:08:86:74:07:20:eb:30:83:4b:b6:c7:01:1e:d7:b7:98:39:
6d:67:3a:a2:c3:0d:1a:f7:98:d5:66:72:09:eb:07:50:90:f7:
dc:51:fe:bd:95:c7:0b:e5:c3:d9:1d:32:71:b8:16:df:35:8e:
d8:66:75:e5:24:3b:0c:ed:a4:df:b2:9c:cf:f9:b3:b4:ae:85:
4f:f2:96:d1:74:d2:1a:97:3f:a6:9f:b3:29:fe:08:01:2a:f6:
b1:7c:80:e8:03:4f:71:d6:ec:ab:92:31:e8:9f:36:e9:2f:4d:
a1:42:84:11:e6:b3:a8:04:5f:1d:28:49:69:21:50:65:1a:ee:
ad:77:81:02:d7:7e:ef:b3:29:63:d6:02:fb:e6:de:f3:66:5f:
46:f6:39:b0:83:d3:0a:35:de:1f:76:f3:b7:8b:d7:21:74:de:
5d:7b:66:5e:30:07:e3:eb:d3:37:ef:0e:28:39:38:50:98:dd:
ea:42:a9:20
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICaVgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDgw
MDExNTBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDRFOTAzNjEzNDE3OERB
MUI5NzUyNTBEQTcwMTIwN0JCNURCNUI0QTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCsQ7dm/44NvR3oGQtC/iRYfJ6+52ocMYspGxnx7qLOMvGMgibu
8ZBMcMqP7vmvw1J6YgbgXQdM+YLeUCx0Q2TxbyI/MDgGaN87qFNRNBorld78FWtH
HT0flKhqd4viKf5xJHftkPYcvF2OFij8fAQM1Mjx7Gv9Jic3WYQnuHGTB14QrRzk
FCk7L6VmOKw8CMEn00duujl99H1aU1OTDl7SKrZe54cw1FB+kYfETmD652kL6WY5
rNCJGaH2Cos6UjnbEYaFDOBkPg5I4VaJgogPHsUN/lsYjDiDUoqPnJSAJq2Fsrw+
wqjcgk4kGN58XxvOsk9v2H1YbY9FQ4XRr7c3AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUTpA2E0F42huXUlDacBIHu121tKEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1RwQTJFMEY0Mmh1WFVs
RGFjQklIdTEyMXRLRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBnpcBH
89IbN093u3jKRL1bCaMmfxo9FTXAeiaTj/01H86uPb3UnjemkQHdaP4kllhjATD7
Sqj85YYRjilzbnvxxIdIAqxdaw/qCIZ0ByDrMINLtscBHte3mDltZzqiww0a95jV
ZnIJ6wdQkPfcUf69lccL5cPZHTJxuBbfNY7YZnXlJDsM7aTfspzP+bO0roVP8pbR
dNIalz+mn7Mp/ggBKvaxfIDoA09x1uyrkjHonzbpL02hQoQR5rOoBF8dKElpIVBl
Gu6td4EC137vsylj1gL75t7zZl9G9jmwg9MKNd4fdvO3i9chdN5de2ZeMAfj69M3
7w4oOThQmN3qQqkg
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:56:39 2025 by rpki-client