Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/VuTiqDKLvLkLOyo5Rj-fb5HuMBk.roa
File: VuTiqDKLvLkLOyo5Rj-fb5HuMBk.roa (raw, json)
Hash identifier: +hPa55QLnwKrwVelVM0cYP1svPP3Hnq9uSetmgDxwBU=
Subject key identifier: 56:E4:E2:A8:32:8B:BC:B9:0B:3B:2A:39:46:3F:9F:6F:91:EE:30:19
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 67E2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/VuTiqDKLvLkLOyo5Rj-fb5HuMBk.roa
Signing time: Wed 04 Jun 2025 02:41:40 +0000
ROA not before: Wed 04 Jun 2025 02:41:40 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26594 (0x67e2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 4 02:41:40 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=56E4E2A8328BBCB90B3B2A39463F9F6F91EE3019
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:89:33:99:7d:bf:ca:f7:05:cb:b7:ee:cf:ec:
2a:7b:d1:08:e5:33:bd:0c:02:e6:39:6b:64:6e:50:
2b:3e:42:f8:b0:ef:4c:6e:6b:d6:c9:8b:11:f1:5f:
52:a2:6b:a9:3f:15:6b:28:ea:1b:be:18:d1:35:50:
81:01:65:2c:97:ee:9a:15:87:14:80:f3:4a:07:d4:
ef:17:ed:59:fb:82:8c:d1:31:e1:7c:aa:b0:e1:72:
09:69:9f:bf:ea:45:aa:be:86:9d:9a:99:4a:6d:3f:
f5:57:62:db:2a:c6:72:73:98:21:76:57:e2:ee:92:
d9:59:48:ba:65:4a:b0:5f:86:ab:dc:26:f9:a2:65:
49:44:cd:62:34:9b:9a:6d:14:b9:aa:60:67:da:54:
d1:d9:ce:53:31:5e:ce:13:e2:d1:7a:c2:87:a2:db:
8f:36:74:ba:d2:64:7f:58:eb:8c:e9:32:e9:04:5a:
1f:d8:d5:4c:0d:7b:9b:75:ae:2c:08:4b:c4:5e:de:
df:45:ee:98:8a:95:21:ad:75:02:f1:41:36:40:a7:
f2:07:a9:2c:02:8f:03:c9:7e:02:c6:63:d1:ce:b1:
4a:fc:e5:7a:78:c2:e8:50:4f:ee:17:48:5b:f7:36:
b8:0f:0b:d5:4b:c5:74:a2:1a:4d:cc:b3:c4:63:88:
f1:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:E4:E2:A8:32:8B:BC:B9:0B:3B:2A:39:46:3F:9F:6F:91:EE:30:19
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/VuTiqDKLvLkLOyo5Rj-fb5HuMBk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
7e:ab:a5:53:75:f3:31:7a:91:14:f0:69:67:9b:f9:47:e2:e3:
8d:ed:12:c7:5c:8b:f0:69:b4:f4:ea:fd:23:31:52:82:b2:7d:
ca:89:97:92:cb:a3:f4:de:a3:86:72:1e:2f:56:4a:d6:72:d0:
49:0f:72:64:13:fd:08:94:e3:43:c8:10:eb:91:cb:b6:15:11:
06:e6:de:4f:29:f0:a0:59:dd:08:57:39:de:50:83:41:24:f2:
81:db:5f:07:b9:11:78:a3:04:81:4f:83:25:47:14:45:b4:67:
d2:57:81:6e:d2:f6:16:92:06:22:c3:8f:48:db:36:64:08:24:
e1:2c:5c:e4:96:8d:7c:d8:e8:6d:f6:7d:4a:87:f7:16:85:7b:
82:97:69:e5:46:c2:a2:08:0c:40:7d:1a:84:7e:ff:1a:26:fb:
10:6b:0d:72:cf:cc:6d:32:0c:68:93:f6:38:c8:e9:ee:b7:7e:
59:1d:82:74:2e:47:93:a9:d4:a8:6e:3e:0f:cb:57:8b:51:47:
20:a7:88:7e:aa:3c:9f:e7:54:0c:a0:19:d0:2d:6f:32:1f:db:
5b:1b:e8:b7:8f:f4:d4:6b:07:a6:3e:06:6f:1d:90:20:2b:66:
07:bd:a4:b3:a8:90:29:16:7a:ec:5d:f4:8f:1d:0e:8d:cf:a7:
b6:45:ce:f3
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZ+IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDQw
MjQxNDBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDU2RTRFMkE4MzI4QkJD
QjkwQjNCMkEzOTQ2M0Y5RjZGOTFFRTMwMTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDTiTOZfb/K9wXLt+7P7Cp70QjlM70MAuY5a2RuUCs+Qviw70xu
a9bJixHxX1Kia6k/FWso6hu+GNE1UIEBZSyX7poVhxSA80oH1O8X7Vn7gozRMeF8
qrDhcglpn7/qRaq+hp2amUptP/VXYtsqxnJzmCF2V+LuktlZSLplSrBfhqvcJvmi
ZUlEzWI0m5ptFLmqYGfaVNHZzlMxXs4T4tF6woei2482dLrSZH9Y64zpMukEWh/Y
1UwNe5t1riwIS8Re3t9F7piKlSGtdQLxQTZAp/IHqSwCjwPJfgLGY9HOsUr85Xp4
wuhQT+4XSFv3NrgPC9VLxXSiGk3Ms8RjiPGdAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUVuTiqDKLvLkLOyo5Rj+fb5HuMBkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1Z1VGlxREtMdkxrTE95
bzVSai1mYjVIdU1Cay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB+q6VT
dfMxepEU8Glnm/lH4uON7RLHXIvwabT06v0jMVKCsn3KiZeSy6P03qOGch4vVkrW
ctBJD3JkE/0IlONDyBDrkcu2FREG5t5PKfCgWd0IVzneUINBJPKB218HuRF4owSB
T4MlRxRFtGfSV4Fu0vYWkgYiw49I2zZkCCThLFzklo182Oht9n1Kh/cWhXuCl2nl
RsKiCAxAfRqEfv8aJvsQaw1yz8xtMgxok/Y4yOnut35ZHYJ0LkeTqdSobj4Py1eL
UUcgp4h+qjyf51QMoBnQLW8yH9tbG+i3j/TUawemPgZvHZAgK2YHvaSzqJApFnrs
XfSPHQ6Nz6e2Rc7z
-----END CERTIFICATE-----
Generated at Sat Jun 21 22:47:06 2025 by rpki-client