Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/dPJQXtzevn3G33-ZuUd8mtg8ldM.roa
File: dPJQXtzevn3G33-ZuUd8mtg8ldM.roa (raw, json)
Hash identifier: dt9ZleOOS0noLXumEtoRARm6QSJ8gm72ArXRf4qJHLA=
Subject key identifier: 74:F2:50:5E:DC:DE:BE:7D:C6:DF:7F:99:B9:47:7C:9A:D8:3C:95:D3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 68D2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dPJQXtzevn3G33-ZuUd8mtg8ldM.roa
Signing time: Fri 06 Jun 2025 14:41:56 +0000
ROA not before: Fri 06 Jun 2025 14:41:56 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26834 (0x68d2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 6 14:41:56 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=74F2505EDCDEBE7DC6DF7F99B9477C9AD83C95D3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:b1:02:63:ee:1a:98:1c:e4:4c:a9:de:ce:3e:
85:6f:e7:9e:38:f1:39:08:6b:9b:af:15:68:8c:9a:
66:4a:1a:77:2e:c3:25:13:52:4e:9d:0f:a7:ee:c9:
bb:97:7a:04:76:2e:52:f4:09:e6:ef:4d:8e:88:1d:
12:72:19:53:3b:94:ed:ef:28:bd:e9:53:99:2a:39:
3d:ec:56:1d:55:39:3e:6c:23:c7:d2:b7:0e:06:0f:
6b:ff:11:31:7d:66:02:d3:00:2b:6e:21:fe:0b:b1:
c0:3b:c4:85:61:89:74:e4:a8:c3:26:b7:be:0d:34:
cb:f0:ec:09:46:42:77:07:12:c3:8d:82:9d:8c:8e:
dc:e4:a5:29:87:21:16:1a:f1:d6:41:c2:0b:c8:2a:
a9:75:87:b8:88:94:ed:49:92:d8:59:e4:f1:c2:61:
21:29:d4:42:00:8c:4e:0e:fd:e3:7d:c3:f0:0a:d2:
20:5b:0d:8e:10:8a:1f:c6:8f:e1:b2:7e:7d:bb:fe:
74:7e:78:f0:54:b8:1f:04:80:7f:6e:c7:7b:7c:9b:
49:d5:f3:e9:04:24:13:f6:cb:c7:46:74:8b:39:71:
20:84:44:95:36:2e:ca:f6:30:0b:82:b3:94:ac:2a:
b4:33:a9:83:57:95:8f:8c:b0:6f:8f:98:03:96:d9:
87:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:F2:50:5E:DC:DE:BE:7D:C6:DF:7F:99:B9:47:7C:9A:D8:3C:95:D3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dPJQXtzevn3G33-ZuUd8mtg8ldM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
ac:8f:00:4d:ed:63:54:5c:5a:77:c2:86:26:1e:b4:b0:4d:8f:
4e:b3:fe:7d:25:3e:35:7e:c7:4e:4c:85:39:4e:ef:87:32:4f:
e2:8f:1d:0c:b0:0a:99:d5:82:9c:0e:cc:21:9d:80:3a:0c:59:
89:c2:63:e5:6d:31:87:ee:76:07:53:0f:79:39:38:1b:73:9c:
a1:7d:18:c5:c2:17:69:b3:88:5c:47:a7:87:df:1c:7f:83:59:
ac:be:1d:ca:0d:dd:1c:91:ec:71:81:f2:77:2b:ee:37:11:17:
f2:c4:2e:fc:5d:c9:7d:58:52:80:3e:d9:c8:63:eb:bf:2a:f2:
b9:6e:ef:a1:13:31:55:e1:31:ff:a1:1b:b6:d8:16:1c:40:21:
ea:1e:ab:71:6a:63:ed:3a:6d:6d:14:af:b8:37:c6:c1:6c:fe:
97:a9:5d:ef:e3:16:e5:72:fc:e1:7d:e4:52:2d:d9:43:17:63:
24:e1:7d:05:f2:93:bb:6e:a6:3d:c4:cd:eb:a2:63:b9:85:4b:
19:00:a7:e1:5d:61:25:aa:b8:a9:b9:b9:95:fa:17:e5:2b:5d:
e6:a6:96:33:34:cc:c2:8d:e7:7d:6f:8a:e1:30:cf:ac:d8:a1:
1e:b9:8e:14:51:9d:3e:7a:5e:59:22:21:c6:4f:2d:f5:dc:3a:
61:22:af:92
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICaNIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDYx
NDQxNTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDc0RjI1MDVFRENERUJF
N0RDNkRGN0Y5OUI5NDc3QzlBRDgzQzk1RDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDEsQJj7hqYHORMqd7OPoVv55448TkIa5uvFWiMmmZKGncuwyUT
Uk6dD6fuybuXegR2LlL0CebvTY6IHRJyGVM7lO3vKL3pU5kqOT3sVh1VOT5sI8fS
tw4GD2v/ETF9ZgLTACtuIf4LscA7xIVhiXTkqMMmt74NNMvw7AlGQncHEsONgp2M
jtzkpSmHIRYa8dZBwgvIKql1h7iIlO1JkthZ5PHCYSEp1EIAjE4O/eN9w/AK0iBb
DY4Qih/Gj+Gyfn27/nR+ePBUuB8EgH9ux3t8m0nV8+kEJBP2y8dGdIs5cSCERJU2
Lsr2MAuCs5SsKrQzqYNXlY+MsG+PmAOW2YeLAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUdPJQXtzevn3G33+ZuUd8mtg8ldMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2RQSlFYdHpldm4zRzMz
LVp1VWQ4bXRnOGxkTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCsjwBN
7WNUXFp3woYmHrSwTY9Os/59JT41fsdOTIU5Tu+HMk/ijx0MsAqZ1YKcDswhnYA6
DFmJwmPlbTGH7nYHUw95OTgbc5yhfRjFwhdps4hcR6eH3xx/g1msvh3KDd0ckexx
gfJ3K+43ERfyxC78Xcl9WFKAPtnIY+u/KvK5bu+hEzFV4TH/oRu22BYcQCHqHqtx
amPtOm1tFK+4N8bBbP6XqV3v4xblcvzhfeRSLdlDF2Mk4X0F8pO7bqY9xM3romO5
hUsZAKfhXWElqripubmV+hflK13mppYzNMzCjed9b4rhMM+s2KEeuY4UUZ0+el5Z
IiHGTy313DphIq+S
-----END CERTIFICATE-----
Generated at Sat Jun 21 23:20:13 2025 by rpki-client