Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/rmDVaSN8ai8gtpkbe1D2RHlBG0k.roa
File: rmDVaSN8ai8gtpkbe1D2RHlBG0k.roa (raw, json)
Hash identifier: 0WT6m1TlW29j4Lsa88h51XTgE3QRsJE242bLIdMLaVE=
Subject key identifier: AE:60:D5:69:23:7C:6A:2F:20:B6:99:1B:7B:50:F6:44:79:41:1B:49
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6466
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rmDVaSN8ai8gtpkbe1D2RHlBG0k.roa
Signing time: Sun 25 May 2025 19:43:20 +0000
ROA not before: Sun 25 May 2025 19:43:20 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25702 (0x6466)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 25 19:43:20 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=AE60D569237C6A2F20B6991B7B50F64479411B49
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:95:61:73:68:36:86:9f:f6:66:3e:0b:e3:0d:
c0:ad:4e:c2:ff:e3:a4:71:b7:a4:b7:bc:53:81:16:
bd:60:4f:33:eb:f4:05:e9:de:08:59:34:80:4a:09:
6e:03:0d:d3:cf:13:b6:db:81:cc:58:c6:31:1d:87:
85:40:66:0e:b7:56:18:50:5e:26:55:42:95:45:7d:
0c:f4:48:a5:fe:4f:f4:08:9e:60:7d:7b:78:fd:50:
08:1a:f0:9d:59:38:d0:b5:a9:61:33:8e:74:12:16:
d9:1e:e1:df:66:87:91:b4:93:04:92:ce:a4:17:ef:
06:ff:fb:88:2f:ef:a9:67:5e:90:7a:06:9f:73:1b:
9e:2f:10:c7:b8:8c:85:6d:ab:a6:ae:90:75:81:78:
a0:c5:c7:9b:26:a2:96:ee:81:1d:d2:ba:6c:08:df:
04:cc:66:0f:35:2c:55:a6:32:db:67:9b:bf:32:33:
29:48:c6:52:14:ba:8b:80:ce:a8:bd:9c:cc:b5:e9:
0e:ab:da:ad:4f:f2:44:03:37:3c:46:cc:46:2f:6b:
f6:e3:b6:7a:0e:9a:b6:30:64:fa:86:41:c5:42:da:
6d:8f:0d:98:99:5d:ea:f0:76:67:68:ee:e8:ab:04:
32:0c:d5:58:4c:49:88:d8:de:90:aa:10:5d:75:63:
82:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:60:D5:69:23:7C:6A:2F:20:B6:99:1B:7B:50:F6:44:79:41:1B:49
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rmDVaSN8ai8gtpkbe1D2RHlBG0k.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
bc:62:db:15:f5:e4:ef:9e:96:be:d5:ed:84:99:ea:d2:9a:3b:
97:40:fe:9c:7b:11:5d:95:3c:0f:e4:bd:23:0d:de:ee:fb:ce:
93:5b:5b:fd:0a:44:2c:ae:43:62:08:b4:3d:49:17:b2:51:05:
cc:df:0c:f0:63:8a:e5:47:bc:c2:6a:00:c4:ff:f4:5e:9c:38:
57:62:64:6e:04:a7:7b:c5:dd:1e:2a:d0:d6:60:11:23:5b:46:
1b:41:35:af:f3:c8:86:da:12:02:d1:ff:7e:d9:85:72:bd:a8:
11:97:55:84:5c:e8:88:a5:b2:72:b8:94:9e:bc:e5:2c:92:7e:
11:26:bc:68:07:e1:ad:7b:e2:a6:55:ed:28:38:66:c2:91:c4:
db:86:67:fa:59:fb:f8:b8:38:52:fe:4c:9b:e6:7c:fe:6e:ac:
5d:06:12:02:00:4f:5f:39:4e:84:e8:4c:1a:18:f0:c8:8b:db:
a9:10:7f:4a:c6:cd:1d:fe:ba:33:17:ce:cc:90:96:e7:a6:88:
ec:3e:be:4f:1f:a1:3f:85:d0:d4:80:dd:fe:a9:5e:39:51:93:
b3:32:f0:59:d0:7e:e4:72:da:92:9b:6c:3d:93:a3:bc:b0:e3:
46:7d:79:96:f9:ba:0d:a2:17:03:a9:b1:1b:0e:61:f7:39:91:
9b:73:f0:c4
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZGYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjUx
OTQzMjBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEFFNjBENTY5MjM3QzZB
MkYyMEI2OTkxQjdCNTBGNjQ0Nzk0MTFCNDkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJlWFzaDaGn/ZmPgvjDcCtTsL/46Rxt6S3vFOBFr1gTzPr9AXp
3ghZNIBKCW4DDdPPE7bbgcxYxjEdh4VAZg63VhhQXiZVQpVFfQz0SKX+T/QInmB9
e3j9UAga8J1ZONC1qWEzjnQSFtke4d9mh5G0kwSSzqQX7wb/+4gv76lnXpB6Bp9z
G54vEMe4jIVtq6aukHWBeKDFx5smopbugR3SumwI3wTMZg81LFWmMttnm78yMylI
xlIUuouAzqi9nMy16Q6r2q1P8kQDNzxGzEYva/bjtnoOmrYwZPqGQcVC2m2PDZiZ
Xerwdmdo7uirBDIM1VhMSYjY3pCqEF11Y4InAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUrmDVaSN8ai8gtpkbe1D2RHlBG0kwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3JtRFZhU044YWk4Z3Rw
a2JlMUQyUkhsQkcway5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQC8YtsV
9eTvnpa+1e2EmerSmjuXQP6cexFdlTwP5L0jDd7u+86TW1v9CkQsrkNiCLQ9SRey
UQXM3wzwY4rlR7zCagDE//RenDhXYmRuBKd7xd0eKtDWYBEjW0YbQTWv88iG2hIC
0f9+2YVyvagRl1WEXOiIpbJyuJSevOUskn4RJrxoB+Gte+KmVe0oOGbCkcTbhmf6
Wfv4uDhS/kyb5nz+bqxdBhICAE9fOU6E6EwaGPDIi9upEH9Kxs0d/rozF87MkJbn
pojsPr5PH6E/hdDUgN3+qV45UZOzMvBZ0H7kctqSm2w9k6O8sONGfXmW+boNohcD
qbEbDmH3OZGbc/DE
-----END CERTIFICATE-----
Generated at Sun Jun 22 06:12:05 2025 by rpki-client