Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/dltX-8otc4nmgtUli9vDa5poEek.roa
File: dltX-8otc4nmgtUli9vDa5poEek.roa (raw, json)
Hash identifier: pGQLF7XJ5o9nZaw0yI8Ay69IuoZ14EupbvSgB0ZFszs=
Subject key identifier: 76:5B:57:FB:CA:2D:73:89:E6:82:D5:25:8B:DB:C3:6B:9A:68:11:E9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 61BA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dltX-8otc4nmgtUli9vDa5poEek.roa
Signing time: Sun 18 May 2025 16:40:42 +0000
ROA not before: Sun 18 May 2025 16:40:42 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25018 (0x61ba)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 18 16:40:42 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=765B57FBCA2D7389E682D5258BDBC36B9A6811E9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:46:6d:e3:a9:1d:ed:f9:4e:7d:12:29:55:49:
b1:d9:fc:8d:f4:d9:d1:8d:9d:f6:3b:8a:d9:e8:fa:
ac:cb:fd:08:95:41:3d:f9:26:43:16:98:52:f8:89:
e7:a1:1d:c3:2e:69:e4:14:15:5d:08:83:33:6d:67:
2a:f0:dc:a8:da:bd:a4:40:36:fb:c0:3b:2e:8d:e6:
4d:5b:18:6b:9e:28:de:6e:87:06:ae:37:18:e2:0b:
d1:d6:0e:89:cf:76:83:ca:fa:95:90:e3:f0:54:b9:
ff:dd:be:b3:dc:00:29:8c:5b:3b:58:a2:dd:fd:b9:
ad:60:15:a1:56:8b:fa:aa:82:85:58:e2:2b:61:3e:
d5:e0:5b:c4:28:80:e8:c9:f8:3a:b5:68:3f:d4:6a:
f9:84:e0:38:63:24:4c:e8:12:be:f3:69:2f:c5:f9:
81:52:8d:36:7c:73:4a:8f:7e:91:c1:32:5e:96:1e:
93:9a:0e:41:b0:e8:d5:9b:2a:ab:68:1e:3d:d4:92:
4f:71:44:f7:bb:90:b9:21:82:68:20:a1:c3:92:36:
e5:df:bb:b2:8f:db:c6:96:a5:87:70:ba:9b:b3:ed:
83:e2:2a:cb:6b:63:e2:2b:8f:14:6f:39:1a:7f:7b:
6a:71:06:67:72:48:32:c6:7a:cc:75:4f:b0:63:90:
3b:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:5B:57:FB:CA:2D:73:89:E6:82:D5:25:8B:DB:C3:6B:9A:68:11:E9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dltX-8otc4nmgtUli9vDa5poEek.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
9a:13:f1:61:85:0b:68:b1:f0:7d:12:af:41:34:00:c9:00:45:
84:1d:95:5e:02:46:e3:57:46:ed:9f:34:91:6a:b2:0a:91:3e:
a6:c4:17:04:7f:74:39:b7:bd:ef:60:c8:c2:1b:5f:f3:ab:d0:
27:b2:5e:38:b9:0f:c2:a9:14:18:68:70:ec:60:40:c1:c4:a1:
b2:51:ab:90:4e:fe:f4:1d:c7:dd:a2:46:6f:40:23:29:83:a5:
5f:72:14:fe:73:9a:1d:1e:c8:5e:5b:04:e6:a8:3e:ac:0a:7f:
16:55:87:d3:f5:3f:7c:ea:b2:3d:9b:68:46:0c:9b:60:e1:9c:
c6:1e:bf:ef:00:4d:15:f2:d7:43:5b:b0:53:69:d2:2f:89:81:
7a:23:90:08:ce:b4:d9:82:20:9c:5f:75:24:7d:db:44:64:d8:
88:bc:77:4c:86:5d:67:8b:a2:6d:2f:57:96:ee:f7:82:e9:3e:
e9:fd:52:00:f9:6b:29:57:dd:f2:d3:78:b3:d0:d1:ed:d1:d3:
f9:d1:f0:82:26:24:e8:b5:ba:23:53:57:47:02:d2:04:53:3b:
7a:ff:89:c1:f3:30:19:cb:e0:76:cf:25:f6:47:58:43:25:e5:
8c:32:86:b2:c5:f4:e4:a3:a8:96:2d:e2:c0:ca:63:14:13:8a:
b3:a3:39:a8
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYbowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTgx
NjQwNDJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDc2NUI1N0ZCQ0EyRDcz
ODlFNjgyRDUyNThCREJDMzZCOUE2ODExRTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCpRm3jqR3t+U59EilVSbHZ/I302dGNnfY7itno+qzL/QiVQT35
JkMWmFL4ieehHcMuaeQUFV0IgzNtZyrw3KjavaRANvvAOy6N5k1bGGueKN5uhwau
NxjiC9HWDonPdoPK+pWQ4/BUuf/dvrPcACmMWztYot39ua1gFaFWi/qqgoVY4ith
PtXgW8QogOjJ+Dq1aD/UavmE4DhjJEzoEr7zaS/F+YFSjTZ8c0qPfpHBMl6WHpOa
DkGw6NWbKqtoHj3Ukk9xRPe7kLkhgmggocOSNuXfu7KP28aWpYdwupuz7YPiKstr
Y+IrjxRvORp/e2pxBmdySDLGesx1T7BjkDvjAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUdltX+8otc4nmgtUli9vDa5poEekwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2RsdFgtOG90YzRubWd0
VWxpOXZEYTVwb0Vlay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCaE/Fh
hQtosfB9Eq9BNADJAEWEHZVeAkbjV0btnzSRarIKkT6mxBcEf3Q5t73vYMjCG1/z
q9Ansl44uQ/CqRQYaHDsYEDBxKGyUauQTv70HcfdokZvQCMpg6VfchT+c5odHshe
WwTmqD6sCn8WVYfT9T986rI9m2hGDJtg4ZzGHr/vAE0V8tdDW7BTadIviYF6I5AI
zrTZgiCcX3UkfdtEZNiIvHdMhl1ni6JtL1eW7veC6T7p/VIA+WspV93y03iz0NHt
0dP50fCCJiTotbojU1dHAtIEUzt6/4nB8zAZy+B2zyX2R1hDJeWMMoayxfTko6iW
LeLAymMUE4qzozmo
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:55:50 2025 by rpki-client