Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/_ZuQp2dk8ROAsOBXu59Udjwtb0k.roa
File: _ZuQp2dk8ROAsOBXu59Udjwtb0k.roa (raw, json)
Hash identifier: X5z5w7XX14gV2R+kkx8b2CDIV3+7iO3nLK4Hi9a/w0U=
Subject key identifier: FD:9B:90:A7:67:64:F1:13:80:B0:E0:57:BB:9F:54:76:3C:2D:6F:49
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 631C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_ZuQp2dk8ROAsOBXu59Udjwtb0k.roa
Signing time: Thu 22 May 2025 09:14:11 +0000
ROA not before: Thu 22 May 2025 09:14:11 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25372 (0x631c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 22 09:14:11 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=FD9B90A76764F11380B0E057BB9F54763C2D6F49
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:d3:9d:71:c1:dd:f0:43:ff:0e:d5:80:26:3c:
07:b0:eb:ef:0d:e5:d9:1f:4e:93:6c:91:db:d3:3e:
0a:5e:75:ab:ca:6c:cb:e0:cf:6e:6a:c7:e2:7f:99:
43:a5:cb:28:1f:f2:83:7d:db:8f:3f:b9:dc:63:69:
d5:07:f4:d3:1b:a6:10:e4:6f:92:1e:91:db:c1:40:
ff:09:53:e6:64:10:c4:48:c7:a2:97:c0:20:64:d8:
c7:f7:b7:f7:95:0c:c5:b4:06:f2:14:5a:2b:0b:02:
d3:50:2d:f5:24:d8:2e:8a:22:45:f9:b1:1f:23:c7:
65:5b:c2:69:ba:9a:f4:bd:76:be:8b:d2:80:2d:42:
d2:ae:29:2d:a6:1b:3c:52:6c:c1:b5:e0:a6:78:4b:
d8:23:2e:18:1d:9a:35:fb:80:df:8c:ef:35:b5:03:
d6:69:83:48:03:4b:22:68:4d:c0:0c:9c:06:68:5b:
a7:4c:98:3d:10:81:01:1e:a3:cc:3b:2e:37:14:e2:
77:88:f1:24:cc:e9:6e:25:2a:df:13:95:8b:73:67:
e5:fe:97:54:95:04:c5:fb:64:6b:3f:7d:f7:ba:a9:
ce:ee:5e:9f:62:8e:b9:ca:6e:42:79:0f:a2:bc:f1:
35:6c:a2:1d:ac:54:ec:5d:f5:b5:06:cd:18:16:cb:
2b:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:9B:90:A7:67:64:F1:13:80:B0:E0:57:BB:9F:54:76:3C:2D:6F:49
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_ZuQp2dk8ROAsOBXu59Udjwtb0k.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
24:8a:4f:6a:ea:b4:fa:29:1d:86:27:c8:f4:0f:8b:4c:e8:8c:
ec:8e:68:c1:cd:92:3e:f4:75:8a:d8:7a:5c:46:4b:85:98:a4:
6b:03:ed:2f:b7:22:30:af:01:95:57:49:c0:9f:89:e6:cc:fb:
e1:ff:96:5b:b3:c0:6a:43:f2:8b:12:a2:4a:77:e2:15:b5:da:
e9:33:8b:87:89:cf:1b:7f:1e:97:d5:d6:24:04:f8:39:b7:a8:
bd:65:60:8f:bd:a5:7c:8f:b7:2a:1d:32:fa:47:27:38:a3:ed:
ba:82:53:a2:40:ec:88:a9:ac:f7:26:47:a1:17:f6:53:ea:83:
b3:46:c8:aa:66:20:9d:11:91:a0:28:55:25:31:ad:b0:aa:67:
1c:8e:b2:6b:68:25:77:8e:73:33:82:f0:11:ce:d9:bc:3c:74:
33:bc:98:fe:8c:fc:ff:60:31:2d:29:40:33:d0:5a:10:e3:3a:
cf:ba:36:75:19:70:bb:85:d8:49:b0:47:0a:a7:6f:a0:6e:bb:
1a:a6:f8:30:0e:04:89:94:1c:ad:00:cf:56:3f:d3:04:00:5f:
8d:da:c5:ff:34:30:34:0f:58:41:c1:30:3b:ca:a6:23:0e:a5:
98:ce:11:98:7c:ac:ff:04:ec:de:27:58:d7:07:fe:ce:4e:9a:
4b:0e:b4:ad
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYxwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjIw
OTE0MTFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEZEOUI5MEE3Njc2NEYx
MTM4MEIwRTA1N0JCOUY1NDc2M0MyRDZGNDkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC5051xwd3wQ/8O1YAmPAew6+8N5dkfTpNskdvTPgpedavKbMvg
z25qx+J/mUOlyygf8oN9248/udxjadUH9NMbphDkb5IekdvBQP8JU+ZkEMRIx6KX
wCBk2Mf3t/eVDMW0BvIUWisLAtNQLfUk2C6KIkX5sR8jx2Vbwmm6mvS9dr6L0oAt
QtKuKS2mGzxSbMG14KZ4S9gjLhgdmjX7gN+M7zW1A9Zpg0gDSyJoTcAMnAZoW6dM
mD0QgQEeo8w7LjcU4neI8STM6W4lKt8TlYtzZ+X+l1SVBMX7ZGs/ffe6qc7uXp9i
jrnKbkJ5D6K88TVsoh2sVOxd9bUGzRgWyyvJAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU/ZuQp2dk8ROAsOBXu59Udjwtb0kwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L19adVFwMmRrOFJPQXNP
Qlh1NTlVZGp3dGIway5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAkik9q
6rT6KR2GJ8j0D4tM6IzsjmjBzZI+9HWK2HpcRkuFmKRrA+0vtyIwrwGVV0nAn4nm
zPvh/5Zbs8BqQ/KLEqJKd+IVtdrpM4uHic8bfx6X1dYkBPg5t6i9ZWCPvaV8j7cq
HTL6Ryc4o+26glOiQOyIqaz3JkehF/ZT6oOzRsiqZiCdEZGgKFUlMa2wqmccjrJr
aCV3jnMzgvARztm8PHQzvJj+jPz/YDEtKUAz0FoQ4zrPujZ1GXC7hdhJsEcKp2+g
brsapvgwDgSJlBytAM9WP9MEAF+N2sX/NDA0D1hBwTA7yqYjDqWYzhGYfKz/BOze
J1jXB/7OTppLDrSt
-----END CERTIFICATE-----
Generated at Sat Jun 21 01:48:42 2025 by rpki-client