Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ZP0DPwwXYFVQpQdqjN41CfKcYRg.roa
File: ZP0DPwwXYFVQpQdqjN41CfKcYRg.roa (raw, json)
Hash identifier: dd7lM/yrlyRnONlNiepX+Y49px9SAo8mrPruXXUIGGo=
Subject key identifier: 64:FD:03:3F:0C:17:60:55:50:A5:07:6A:8C:DE:35:09:F2:9C:61:18
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 614E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZP0DPwwXYFVQpQdqjN41CfKcYRg.roa
Signing time: Sat 17 May 2025 13:40:33 +0000
ROA not before: Sat 17 May 2025 13:40:33 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24910 (0x614e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 17 13:40:33 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=64FD033F0C17605550A5076A8CDE3509F29C6118
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:ad:7c:48:70:d3:2a:fe:84:93:20:11:13:15:
96:93:25:0f:aa:a8:8f:1e:de:f7:d1:86:a7:7b:2f:
1a:e6:b4:2d:a4:e0:9f:11:e4:69:b9:3b:8c:36:0e:
8b:27:a8:c6:be:16:18:00:59:a0:0f:6b:b1:22:35:
c3:7e:e5:50:c8:16:84:50:ef:57:fa:19:49:bf:9b:
b7:61:88:75:a9:ce:ac:8a:bc:11:b0:d0:e0:4d:94:
02:72:d9:3a:1e:a2:6b:7a:40:0a:ef:d7:be:03:03:
8f:1f:38:f3:c7:53:22:41:58:97:13:6a:3f:16:46:
1d:ce:c6:2e:49:a1:63:c8:e3:a1:d0:52:fb:df:01:
a3:29:09:ec:61:49:98:e6:ed:2a:32:5d:63:df:4c:
a2:ed:15:79:ab:03:aa:c1:5c:5b:b7:2a:08:97:8b:
bf:bd:1e:bf:9d:c8:3c:3c:08:25:e7:f8:8f:d5:79:
e0:7d:e2:2d:38:60:70:c6:9c:e3:05:85:b0:10:59:
e4:e5:e3:c5:fe:16:36:02:8a:6b:63:d1:ea:8a:bf:
fc:cd:95:f3:bf:ca:b0:b3:d2:75:b2:74:64:68:19:
28:45:30:6d:21:b4:59:0a:49:17:31:da:93:6e:5c:
7e:6e:38:13:ec:cc:64:04:4e:1d:01:73:c4:30:1c:
fb:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:FD:03:3F:0C:17:60:55:50:A5:07:6A:8C:DE:35:09:F2:9C:61:18
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZP0DPwwXYFVQpQdqjN41CfKcYRg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
69:9b:ff:12:c1:f0:a8:ae:1a:c3:e3:4d:89:30:6f:3d:8f:6e:
4e:95:e0:1f:4d:9a:db:c7:0d:a7:d2:47:e6:7d:47:44:1f:d1:
b8:60:b3:aa:3f:82:92:9f:2c:b7:33:b8:05:01:c1:c6:5f:8c:
82:30:d7:9b:26:b0:b3:9b:ce:80:dc:37:de:24:58:54:59:20:
bd:4d:ef:7a:56:65:1d:79:c6:15:a9:07:4b:47:91:88:88:e4:
07:5e:27:f6:24:02:19:cb:da:25:e5:9f:84:f1:2b:9c:a4:98:
0d:d7:e1:f7:84:d9:6b:cc:de:69:60:8a:2c:61:1b:08:e3:55:
cc:60:24:78:3a:3c:f2:49:36:92:d4:41:1f:d7:c2:57:4b:24:
04:5d:4c:b6:c9:2b:89:a7:f7:cf:77:8e:ba:bf:20:7d:e0:6c:
ed:46:8b:86:1c:52:a5:7f:fe:18:d9:c8:7d:91:f6:24:da:de:
c4:9f:37:74:32:dd:07:f1:aa:8a:39:01:fe:bb:96:2e:8a:d3:
35:79:37:25:2c:ad:6c:7f:00:26:e1:0a:5e:b8:a4:70:c4:26:
59:93:8f:e0:c1:b5:7e:1e:fe:97:01:4f:87:52:7c:e7:4d:f6:
5c:18:62:56:6a:d3:9c:15:05:bd:e9:96:b2:3b:31:66:cd:14:
fa:a1:0f:a4
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYU4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTcx
MzQwMzNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDY0RkQwMzNGMEMxNzYw
NTU1MEE1MDc2QThDREUzNTA5RjI5QzYxMTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCbrXxIcNMq/oSTIBETFZaTJQ+qqI8e3vfRhqd7LxrmtC2k4J8R
5Gm5O4w2DosnqMa+FhgAWaAPa7EiNcN+5VDIFoRQ71f6GUm/m7dhiHWpzqyKvBGw
0OBNlAJy2Toeomt6QArv174DA48fOPPHUyJBWJcTaj8WRh3Oxi5JoWPI46HQUvvf
AaMpCexhSZjm7SoyXWPfTKLtFXmrA6rBXFu3KgiXi7+9Hr+dyDw8CCXn+I/VeeB9
4i04YHDGnOMFhbAQWeTl48X+FjYCimtj0eqKv/zNlfO/yrCz0nWydGRoGShFMG0h
tFkKSRcx2pNuXH5uOBPszGQETh0Bc8QwHPuZAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUZP0DPwwXYFVQpQdqjN41CfKcYRgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1pQMERQd3dYWUZWUXBR
ZHFqTjQxQ2ZLY1lSZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBpm/8S
wfCorhrD402JMG89j25OleAfTZrbxw2n0kfmfUdEH9G4YLOqP4KSnyy3M7gFAcHG
X4yCMNebJrCzm86A3DfeJFhUWSC9Te96VmUdecYVqQdLR5GIiOQHXif2JAIZy9ol
5Z+E8SucpJgN1+H3hNlrzN5pYIosYRsI41XMYCR4OjzySTaS1EEf18JXSyQEXUy2
ySuJp/fPd466vyB94GztRouGHFKlf/4Y2ch9kfYk2t7Enzd0Mt0H8aqKOQH+u5Yu
itM1eTclLK1sfwAm4QpeuKRwxCZZk4/gwbV+Hv6XAU+HUnznTfZcGGJWatOcFQW9
6ZayOzFmzRT6oQ+k
-----END CERTIFICATE-----
Generated at Sat Jun 21 07:04:21 2025 by rpki-client