Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/_ZMfY0Lb83174ircNCeVkDIQB3s.roa
File: _ZMfY0Lb83174ircNCeVkDIQB3s.roa (raw, json)
Hash identifier: HA8pICQPghx1qOz7h2tppoJB3A6a6v+hPuZOMwMPnpM=
Subject key identifier: FD:93:1F:63:42:DB:F3:7D:7B:E2:2A:DC:34:27:95:90:32:10:07:7B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6374
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_ZMfY0Lb83174ircNCeVkDIQB3s.roa
Signing time: Fri 23 May 2025 07:10:52 +0000
ROA not before: Fri 23 May 2025 07:10:52 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25460 (0x6374)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 23 07:10:52 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=FD931F6342DBF37D7BE22ADC342795903210077B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:81:6b:8f:ae:12:b4:5d:5e:00:16:a0:4c:34:
2f:b4:18:d3:90:bc:c1:15:58:dd:75:91:26:30:8f:
2a:68:cd:17:6d:d6:a9:aa:c2:94:75:c2:7d:1d:36:
b4:db:19:1c:9b:ac:8c:04:a6:ba:03:fa:61:07:48:
27:b3:ff:c4:d3:ec:53:54:b5:b9:95:0a:ef:94:ea:
e7:e6:8d:8b:63:86:90:42:08:0c:82:00:99:88:fc:
79:07:b0:ae:45:fc:02:b3:c7:8d:fe:90:84:c4:07:
06:b4:eb:4e:dd:48:3e:8c:9d:78:3f:1a:3a:40:98:
38:05:6a:b7:0c:4f:83:80:53:1e:e8:ed:be:01:ad:
b0:73:e0:95:fa:ac:22:9e:44:b2:53:ea:8e:74:81:
a9:1c:92:93:23:02:b2:97:97:9c:e3:81:ab:6b:98:
92:2c:31:75:67:26:8d:fe:58:60:90:06:d8:97:40:
13:a2:0b:d7:0a:e3:7b:d5:1c:4a:bc:f7:29:1f:d3:
82:11:69:73:96:55:1e:18:c0:54:75:5a:e5:b9:e8:
89:ed:8f:80:8a:44:65:82:6e:18:49:23:35:aa:c2:
dc:c0:35:cd:22:de:30:e0:30:93:80:0a:13:0d:ac:
4f:fa:45:23:b9:ec:f7:84:c7:f1:69:84:4b:8f:fb:
92:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:93:1F:63:42:DB:F3:7D:7B:E2:2A:DC:34:27:95:90:32:10:07:7B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_ZMfY0Lb83174ircNCeVkDIQB3s.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
5e:4f:50:aa:d8:a5:c1:22:fb:1e:fb:00:8e:c0:a0:97:19:de:
f1:b9:cc:26:77:f1:17:aa:70:c9:a7:2b:30:63:0d:77:c9:77:
63:8c:d7:1d:b8:4c:77:35:59:8e:20:7a:80:4b:e4:4a:54:a9:
4c:29:e8:e8:a5:a5:15:ac:07:0b:e3:44:88:82:48:82:b0:24:
70:cc:ea:4c:3c:05:1b:99:4e:41:7b:c4:28:c1:03:66:55:72:
72:dd:34:4c:a3:39:16:2f:76:3a:d9:dc:18:12:a6:87:77:8e:
bc:84:f2:9c:fc:5f:a8:31:7c:f9:c6:d2:7e:ae:40:a9:3f:aa:
49:f9:0f:77:53:95:ba:2e:b0:1b:93:1b:19:0e:de:d8:9d:86:
16:c0:30:23:ba:6f:0a:b6:8f:e5:33:19:65:a3:a3:b8:53:9d:
ea:bd:2d:d8:d9:79:4f:38:b8:eb:49:d7:c5:18:16:ca:a0:49:
d0:1b:d6:a3:3e:6b:a4:ac:c7:6e:56:e0:da:10:86:1f:9d:b7:
bd:da:f6:63:90:d8:dc:9b:cd:7e:ee:a9:b2:1c:77:07:fa:58:
96:e1:6e:f6:98:8d:34:29:49:2b:91:d7:d8:92:bb:91:0e:85:
57:73:9c:a1:12:e5:c2:85:b2:c5:a8:28:a3:d5:30:a9:fe:df:
c3:c0:82:39
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICY3QwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjMw
NzEwNTJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEZEOTMxRjYzNDJEQkYz
N0Q3QkUyMkFEQzM0Mjc5NTkwMzIxMDA3N0IwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDjgWuPrhK0XV4AFqBMNC+0GNOQvMEVWN11kSYwjypozRdt1qmq
wpR1wn0dNrTbGRybrIwEproD+mEHSCez/8TT7FNUtbmVCu+U6ufmjYtjhpBCCAyC
AJmI/HkHsK5F/AKzx43+kITEBwa0607dSD6MnXg/GjpAmDgFarcMT4OAUx7o7b4B
rbBz4JX6rCKeRLJT6o50gakckpMjArKXl5zjgatrmJIsMXVnJo3+WGCQBtiXQBOi
C9cK43vVHEq89ykf04IRaXOWVR4YwFR1WuW56Intj4CKRGWCbhhJIzWqwtzANc0i
3jDgMJOAChMNrE/6RSO57PeEx/FphEuP+5JDAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU/ZMfY0Lb83174ircNCeVkDIQB3swHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L19aTWZZMExiODMxNzRp
cmNOQ2VWa0RJUUIzcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBeT1Cq
2KXBIvse+wCOwKCXGd7xucwmd/EXqnDJpyswYw13yXdjjNcduEx3NVmOIHqAS+RK
VKlMKejopaUVrAcL40SIgkiCsCRwzOpMPAUbmU5Be8QowQNmVXJy3TRMozkWL3Y6
2dwYEqaHd468hPKc/F+oMXz5xtJ+rkCpP6pJ+Q93U5W6LrAbkxsZDt7YnYYWwDAj
um8Kto/lMxllo6O4U53qvS3Y2XlPOLjrSdfFGBbKoEnQG9ajPmukrMduVuDaEIYf
nbe92vZjkNjcm81+7qmyHHcH+liW4W72mI00KUkrkdfYkruRDoVXc5yhEuXChbLF
qCij1TCp/t/DwII5
-----END CERTIFICATE-----
Generated at Fri Jun 20 16:28:53 2025 by rpki-client