Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/i42PzrY_GJVKtHOa11qor37WjIY.roa
File: i42PzrY_GJVKtHOa11qor37WjIY.roa (raw, json)
Hash identifier: SZthMk/J/8fIpoTreClAWTFVo35JsR/yYAYRxgXafl8=
Subject key identifier: 8B:8D:8F:CE:B6:3F:18:95:4A:B4:73:9A:D7:5A:A8:AF:7E:D6:8C:86
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6392
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/i42PzrY_GJVKtHOa11qor37WjIY.roa
Signing time: Fri 23 May 2025 14:41:50 +0000
ROA not before: Fri 23 May 2025 14:41:50 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25490 (0x6392)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 23 14:41:50 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=8B8D8FCEB63F18954AB4739AD75AA8AF7ED68C86
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:38:b2:aa:e3:fa:a2:7d:23:78:cf:b8:33:4e:
0f:fb:2a:9c:74:df:27:c8:29:18:c8:56:cf:54:c6:
52:68:62:72:76:45:5a:b5:9b:3b:ca:9c:2c:77:77:
4b:06:9b:75:64:d1:3b:c1:73:a9:ae:de:61:97:0b:
48:f9:ff:87:c0:43:8b:14:9e:4a:a0:fc:15:47:a8:
68:44:f9:43:0f:7e:59:ce:a4:ac:51:e7:9e:46:8f:
3e:9a:c1:33:41:49:bd:47:28:4d:b1:26:6a:bb:1a:
e5:13:33:ca:98:4f:2e:a5:24:e1:df:18:6f:4f:79:
19:0c:b1:ca:dd:08:c0:1c:d8:07:60:a2:62:89:97:
2e:9e:8f:9a:43:b9:00:db:a3:e1:26:6f:d9:68:8f:
ed:ad:ed:e9:17:2b:2c:3d:22:ff:6d:58:41:36:cc:
4e:6e:7a:8c:9e:08:12:8b:70:a7:72:e9:f2:b5:2a:
76:c5:e6:e8:90:88:47:6a:e1:d1:74:2b:73:7d:e6:
4b:73:2a:ce:18:bc:8a:ae:96:b8:08:04:87:35:24:
d7:d7:46:45:c2:e5:dc:a9:a5:3d:bf:0a:19:34:f5:
54:5b:9a:bd:1f:be:5b:2a:15:ab:40:f3:c7:72:a0:
3e:78:8f:04:2a:8c:0a:8d:cd:0e:6f:e6:7c:0e:9f:
8a:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:8D:8F:CE:B6:3F:18:95:4A:B4:73:9A:D7:5A:A8:AF:7E:D6:8C:86
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/i42PzrY_GJVKtHOa11qor37WjIY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
0a:1e:82:cd:4f:9a:88:6c:0d:66:e7:cd:7c:da:0c:8f:3a:58:
dd:d0:d4:46:26:e2:a2:81:de:a5:f3:5d:fd:f6:ea:bf:3b:10:
80:82:33:65:00:dd:db:44:37:9d:42:3f:c8:5b:32:2a:f1:65:
78:78:4c:ad:95:e4:88:57:27:33:eb:fc:e8:70:30:25:d3:f0:
17:ca:57:5a:3f:b6:66:97:62:41:07:52:33:d8:97:92:6f:fc:
d8:c2:61:6d:79:56:a3:51:1d:77:65:b8:da:2a:6f:26:1d:7d:
90:09:94:23:0e:f8:83:1e:12:ec:19:79:58:df:1b:3a:72:bd:
58:02:4f:55:cb:4c:d2:df:e9:af:5a:3c:7e:e4:90:64:ef:88:
c1:86:ef:90:8a:a5:63:94:f6:19:a6:d4:b6:59:2e:53:76:6e:
2f:0e:bf:f3:7f:08:ac:bc:8a:54:96:e9:19:2c:c1:10:78:d5:
ca:a8:e9:e5:92:c3:a5:15:08:ab:da:60:c0:ee:83:e4:86:8c:
d7:64:3c:e0:94:55:c0:6c:5b:be:7e:d1:4c:f5:37:2a:01:31:
d2:08:b1:c2:d8:ba:f7:3e:79:4d:e9:25:52:cf:1f:79:38:f6:
bc:9f:79:a1:13:7d:df:97:aa:39:c8:f5:b7:ce:7f:d4:0d:6a:
a2:7f:38:90
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICY5IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjMx
NDQxNTBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDhCOEQ4RkNFQjYzRjE4
OTU0QUI0NzM5QUQ3NUFBOEFGN0VENjhDODYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC3OLKq4/qifSN4z7gzTg/7Kpx03yfIKRjIVs9UxlJoYnJ2RVq1
mzvKnCx3d0sGm3Vk0TvBc6mu3mGXC0j5/4fAQ4sUnkqg/BVHqGhE+UMPflnOpKxR
555Gjz6awTNBSb1HKE2xJmq7GuUTM8qYTy6lJOHfGG9PeRkMscrdCMAc2AdgomKJ
ly6ej5pDuQDbo+Emb9loj+2t7ekXKyw9Iv9tWEE2zE5ueoyeCBKLcKdy6fK1KnbF
5uiQiEdq4dF0K3N95ktzKs4YvIqulrgIBIc1JNfXRkXC5dyppT2/Chk09VRbmr0f
vlsqFatA88dyoD54jwQqjAqNzQ5v5nwOn4opAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUi42PzrY/GJVKtHOa11qor37WjIYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2k0MlB6cllfR0pWS3RI
T2ExMXFvcjM3V2pJWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAKHoLN
T5qIbA1m58182gyPOljd0NRGJuKigd6l81399uq/OxCAgjNlAN3bRDedQj/IWzIq
8WV4eEytleSIVycz6/zocDAl0/AXyldaP7Zml2JBB1Iz2JeSb/zYwmFteVajUR13
ZbjaKm8mHX2QCZQjDviDHhLsGXlY3xs6cr1YAk9Vy0zS3+mvWjx+5JBk74jBhu+Q
iqVjlPYZptS2WS5Tdm4vDr/zfwisvIpUlukZLMEQeNXKqOnlksOlFQir2mDA7oPk
hozXZDzglFXAbFu+ftFM9TcqATHSCLHC2Lr3PnlN6SVSzx95OPa8n3mhE33fl6o5
yPW3zn/UDWqifziQ
-----END CERTIFICATE-----
Generated at Sun Jun 22 22:44:57 2025 by rpki-client