Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Us1jD6kwEL342aVfV6Ysa9gfnW0.roa
File: Us1jD6kwEL342aVfV6Ysa9gfnW0.roa (raw, json)
Hash identifier: G8d0TUpBeBPeZYUka7bHealv1YhLtWwcJVGRNYv6JuQ=
Subject key identifier: 52:CD:63:0F:A9:30:10:BD:F8:D9:A5:5F:57:A6:2C:6B:D8:1F:9D:6D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6B2C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Us1jD6kwEL342aVfV6Ysa9gfnW0.roa
Signing time: Thu 12 Jun 2025 21:12:33 +0000
ROA not before: Thu 12 Jun 2025 21:12:33 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27436 (0x6b2c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 12 21:12:33 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=52CD630FA93010BDF8D9A55F57A62C6BD81F9D6D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:3e:64:5c:51:d2:fb:c1:d4:7b:8c:a1:8e:c9:
e6:2c:97:53:5e:ff:fe:37:24:1b:55:ca:0a:d4:8b:
1c:eb:ee:bd:9f:d2:ee:98:e6:ee:53:97:23:f9:17:
2a:ab:fd:3d:00:13:58:b1:03:69:a0:41:e2:f8:d8:
4c:53:20:97:9b:b7:e1:e2:30:cc:b6:3b:3c:84:bf:
a6:fe:7e:a1:c8:c7:74:88:e4:56:86:37:9c:8e:e2:
2d:ce:98:2f:ef:9d:5f:3e:93:ee:4b:94:60:e3:52:
ec:aa:fe:51:1c:96:0f:46:d0:a8:c3:d0:ce:41:65:
d1:0f:5b:e1:f9:be:b7:01:ed:ca:b8:a8:49:5d:7a:
14:0b:02:e0:cb:9f:6e:02:0f:a8:ee:9a:55:85:4c:
1a:6a:be:7c:43:4e:4e:2a:85:f0:62:db:be:5f:da:
8f:80:c7:2c:4c:1f:32:e9:fd:0a:80:6b:7a:64:38:
4d:8e:20:eb:1d:4e:20:ed:24:bd:fb:6f:fe:ad:ed:
e2:88:4d:7a:85:18:41:7c:74:2e:c4:eb:97:5e:5a:
d5:0a:bb:4b:d4:a2:fc:50:c1:4e:b8:60:05:9b:5f:
e4:3b:d2:1f:28:52:95:d9:dc:1e:d3:5c:74:4b:56:
ff:4b:6d:4b:80:04:44:1a:b0:3c:b2:05:f9:f3:02:
37:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
52:CD:63:0F:A9:30:10:BD:F8:D9:A5:5F:57:A6:2C:6B:D8:1F:9D:6D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Us1jD6kwEL342aVfV6Ysa9gfnW0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
65:b1:67:22:39:e4:40:20:3b:3c:d6:e5:26:7d:be:81:8f:d3:
4e:a7:ad:eb:2b:4c:46:dc:da:56:7c:b6:59:36:db:0d:d8:3b:
b5:9e:c5:ec:4b:a0:19:6d:27:8c:10:c7:b8:5e:0f:6b:03:f1:
83:fb:59:a5:4f:41:91:c5:b4:52:fa:33:e5:39:6d:6f:44:89:
ac:74:2f:19:66:ca:b2:4f:fc:20:22:85:75:4f:f5:28:68:cf:
2b:32:db:8c:c8:bd:bf:4a:65:fb:8c:29:cc:b2:c3:37:6c:bd:
b8:4c:a6:ba:23:35:db:1a:88:91:3d:51:1f:54:a1:70:bb:92:
27:3f:b9:cc:53:66:4c:0f:41:ee:32:43:6c:5e:97:fe:15:4f:
c7:23:6c:f6:50:37:a4:9d:c5:f3:3c:61:2c:5e:b0:69:78:04:
22:52:42:66:2f:4e:8c:b3:9d:aa:43:fa:1e:ba:b8:33:12:8c:
8f:f2:a6:28:95:f8:33:2a:ef:39:86:d2:1b:5e:0e:c7:f8:ee:
bc:8c:3a:22:9c:7e:dd:07:d8:04:97:c0:02:2e:b3:05:23:a1:
02:01:1e:a0:67:15:d2:72:19:53:d0:97:4a:2f:72:8e:1f:56:
ec:f1:67:dc:c3:36:3e:62:f9:11:5a:f0:b3:d9:e6:60:a0:89:
9c:0d:d7:18
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICaywwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTIy
MTEyMzNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDUyQ0Q2MzBGQTkzMDEw
QkRGOEQ5QTU1RjU3QTYyQzZCRDgxRjlENkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+PmRcUdL7wdR7jKGOyeYsl1Ne//43JBtVygrUixzr7r2f0u6Y
5u5TlyP5Fyqr/T0AE1ixA2mgQeL42ExTIJebt+HiMMy2OzyEv6b+fqHIx3SI5FaG
N5yO4i3OmC/vnV8+k+5LlGDjUuyq/lEclg9G0KjD0M5BZdEPW+H5vrcB7cq4qEld
ehQLAuDLn24CD6jumlWFTBpqvnxDTk4qhfBi275f2o+AxyxMHzLp/QqAa3pkOE2O
IOsdTiDtJL37b/6t7eKITXqFGEF8dC7E65deWtUKu0vUovxQwU64YAWbX+Q70h8o
UpXZ3B7TXHRLVv9LbUuABEQasDyyBfnzAjdrAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUUs1jD6kwEL342aVfV6Ysa9gfnW0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1VzMWpENmt3RUwzNDJh
VmZWNllzYTlnZm5XMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBlsWci
OeRAIDs81uUmfb6Bj9NOp63rK0xG3NpWfLZZNtsN2Du1nsXsS6AZbSeMEMe4Xg9r
A/GD+1mlT0GRxbRS+jPlOW1vRImsdC8ZZsqyT/wgIoV1T/UoaM8rMtuMyL2/SmX7
jCnMssM3bL24TKa6IzXbGoiRPVEfVKFwu5InP7nMU2ZMD0HuMkNsXpf+FU/HI2z2
UDekncXzPGEsXrBpeAQiUkJmL06Ms52qQ/oeurgzEoyP8qYolfgzKu85htIbXg7H
+O68jDoinH7dB9gEl8ACLrMFI6ECAR6gZxXSchlT0JdKL3KOH1bs8WfcwzY+YvkR
WvCz2eZgoImcDdcY
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:53:03 2025 by rpki-client