Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/WbLgsXF9Ok5qOHNU5CubCuDYYDY.roa
File: WbLgsXF9Ok5qOHNU5CubCuDYYDY.roa (raw, json)
Hash identifier: r3GLSRWUrq95urrLM1MqMANu2ToKhsxoKRCAh2iAnbg=
Subject key identifier: 59:B2:E0:B1:71:7D:3A:4E:6A:38:73:54:E4:2B:9B:0A:E0:D8:60:36
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6344
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WbLgsXF9Ok5qOHNU5CubCuDYYDY.roa
Signing time: Thu 22 May 2025 19:11:37 +0000
ROA not before: Thu 22 May 2025 19:11:37 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25412 (0x6344)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 22 19:11:37 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=59B2E0B1717D3A4E6A387354E42B9B0AE0D86036
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:07:1d:f5:c8:50:65:cd:87:11:aa:f0:80:53:
d1:9e:1b:51:2e:33:28:45:3e:47:90:8e:47:7a:30:
82:f6:03:35:bf:b3:73:01:1a:e0:1c:61:5a:ea:15:
8e:10:25:d3:3a:72:22:75:0e:01:d7:4d:1e:8e:0d:
d7:59:2c:e5:4a:c1:fc:87:f4:58:6a:df:cb:de:2f:
04:3a:e7:ba:99:80:97:1b:88:f3:76:82:09:a2:12:
ff:dc:b0:ad:cb:c2:98:94:a5:79:3b:ab:b1:c0:49:
0d:52:01:a7:0c:17:62:a3:66:8b:55:84:8c:30:68:
29:52:ac:60:34:bf:39:8e:6e:a3:bc:6c:bb:11:bb:
40:41:88:9a:04:e0:3b:e6:f1:20:a1:87:76:62:cf:
ce:07:ee:b4:88:d8:d5:7d:49:53:14:7d:b1:3f:f9:
bd:23:ef:e9:f5:36:3d:b2:90:4e:b0:9c:be:c2:f7:
a3:77:55:9f:4d:d5:9e:69:eb:86:52:1e:4f:0e:21:
f2:21:d7:7f:05:88:dc:3b:11:83:e8:ca:ff:ee:15:
c4:99:63:92:5a:f5:9a:9c:72:df:12:e0:18:31:9c:
7b:4e:1f:de:55:5f:35:b0:8a:02:d7:5d:a0:b2:3c:
fc:e6:8f:3f:6d:b9:7a:9f:b2:40:ee:17:6f:bf:78:
43:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:B2:E0:B1:71:7D:3A:4E:6A:38:73:54:E4:2B:9B:0A:E0:D8:60:36
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WbLgsXF9Ok5qOHNU5CubCuDYYDY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
10:32:8c:bc:25:54:d2:90:0d:96:07:6e:b5:0b:c9:c8:84:67:
65:88:5d:8e:bd:05:77:a7:23:58:2e:53:e9:ed:0e:0b:c0:a2:
0f:9f:ef:92:05:93:7e:e0:91:b4:b9:f9:72:dc:7b:6a:4b:d1:
bf:90:b2:75:e7:87:01:2a:55:2b:63:86:c7:f9:4f:b9:db:e4:
dd:e6:41:e6:18:59:f7:f9:96:0b:da:b6:ca:09:1e:64:ed:fa:
a6:9c:a9:dd:f7:27:4d:e0:f5:b1:a6:d3:5e:f8:fa:9a:81:46:
15:7e:ac:08:53:b4:10:ab:5e:c6:ea:d2:f2:94:de:08:d7:23:
e4:55:83:24:30:0f:fb:eb:ba:1b:be:b8:77:23:b8:c4:60:cc:
a7:58:74:d7:c6:e7:3a:95:64:e1:8c:9a:23:1a:13:04:1f:cd:
91:ff:22:45:53:31:74:b5:e6:8b:d8:5b:0a:0e:11:d1:cc:64:
9a:70:b9:d9:8f:a5:6f:40:e7:1d:bc:6d:1d:a2:e4:33:60:38:
75:2f:72:02:ae:07:ec:87:01:5b:44:55:9f:f6:ea:38:e6:b9:
b8:6b:ea:88:ea:5a:31:53:f5:6b:27:61:8a:79:ca:2f:45:eb:
7f:9d:7b:f3:a5:3a:a3:33:d9:3e:54:05:f7:98:bb:b7:ff:52:
55:3a:f1:df
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICY0QwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjIx
OTExMzdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDU5QjJFMEIxNzE3RDNB
NEU2QTM4NzM1NEU0MkI5QjBBRTBEODYwMzYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDFBx31yFBlzYcRqvCAU9GeG1EuMyhFPkeQjkd6MIL2AzW/s3MB
GuAcYVrqFY4QJdM6ciJ1DgHXTR6ODddZLOVKwfyH9Fhq38veLwQ657qZgJcbiPN2
ggmiEv/csK3LwpiUpXk7q7HASQ1SAacMF2KjZotVhIwwaClSrGA0vzmObqO8bLsR
u0BBiJoE4Dvm8SChh3Ziz84H7rSI2NV9SVMUfbE/+b0j7+n1Nj2ykE6wnL7C96N3
VZ9N1Z5p64ZSHk8OIfIh138FiNw7EYPoyv/uFcSZY5Ja9Zqcct8S4BgxnHtOH95V
XzWwigLXXaCyPPzmjz9tuXqfskDuF2+/eEN9AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUWbLgsXF9Ok5qOHNU5CubCuDYYDYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1diTGdzWEY5T2s1cU9I
TlU1Q3ViQ3VEWVlEWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAQMoy8
JVTSkA2WB261C8nIhGdliF2OvQV3pyNYLlPp7Q4LwKIPn++SBZN+4JG0ufly3Htq
S9G/kLJ154cBKlUrY4bH+U+52+Td5kHmGFn3+ZYL2rbKCR5k7fqmnKnd9ydN4PWx
ptNe+PqagUYVfqwIU7QQq17G6tLylN4I1yPkVYMkMA/767obvrh3I7jEYMynWHTX
xuc6lWThjJojGhMEH82R/yJFUzF0teaL2FsKDhHRzGSacLnZj6VvQOcdvG0douQz
YDh1L3ICrgfshwFbRFWf9uo45rm4a+qI6loxU/VrJ2GKecovRet/nXvzpTqjM9k+
VAX3mLu3/1JVOvHf
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:54:41 2025 by rpki-client