Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/rpk-sorwUPwRqcNULaCmseZrdhc.roa
File: rpk-sorwUPwRqcNULaCmseZrdhc.roa (raw, json)
Hash identifier: Da7jk7Du5xMpJNDJRIXPiryv2AhKXibcU3uojWnmWXo=
Subject key identifier: AE:99:3E:B2:8A:F0:50:FC:11:A9:C3:54:2D:A0:A6:B1:E6:6B:76:17
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6A82
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rpk-sorwUPwRqcNULaCmseZrdhc.roa
Signing time: Wed 11 Jun 2025 02:45:44 +0000
ROA not before: Wed 11 Jun 2025 02:45:44 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27266 (0x6a82)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 11 02:45:44 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=AE993EB28AF050FC11A9C3542DA0A6B1E66B7617
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:b2:30:93:3d:ff:39:eb:b1:dc:d5:37:7c:07:
f0:f5:bb:69:4b:a7:7b:cd:e1:c6:50:2c:7c:41:04:
33:a7:b3:84:97:c8:a4:b7:e3:4b:45:73:ac:4e:cb:
d7:e6:e2:bf:2a:91:7d:90:88:fd:bb:97:a8:37:95:
ff:bc:74:9b:05:66:cc:53:98:49:bd:88:e2:0f:26:
a0:54:0f:ce:a4:ab:b3:35:ec:f7:1b:10:ca:79:8c:
ec:1e:87:b2:a6:5b:48:5a:70:92:22:92:f0:c3:bf:
2a:3d:3f:bf:37:e5:1b:92:ff:42:b9:90:d3:65:b6:
3c:87:3d:5b:d4:b5:37:b9:11:94:6e:62:da:ee:f8:
e6:5d:13:e1:9c:ee:c3:dc:13:00:12:38:9e:06:db:
09:66:b9:c6:73:b8:fc:1f:ec:50:28:2a:0f:36:0a:
47:c5:94:c6:6f:d4:d1:44:49:a0:81:a5:89:75:1b:
c9:79:ea:59:26:6c:74:1a:ca:0a:77:4d:98:ca:9e:
1f:ed:57:69:96:fa:3b:88:bf:22:44:5c:fe:7b:e0:
05:1f:da:ac:f3:fb:19:7c:9e:1f:c0:42:5d:ae:03:
29:cb:da:c1:e7:28:60:4c:43:94:6e:c4:02:10:0e:
2e:10:c8:de:fd:23:fc:5a:49:4b:a6:23:8e:d2:2a:
57:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:99:3E:B2:8A:F0:50:FC:11:A9:C3:54:2D:A0:A6:B1:E6:6B:76:17
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rpk-sorwUPwRqcNULaCmseZrdhc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
13:39:31:bb:fd:75:ff:f9:e8:77:b6:c9:b6:7c:3d:4e:a4:2f:
b9:23:8c:b9:5f:af:9b:21:4d:a7:09:f4:14:43:15:4c:6a:4b:
4e:89:89:83:67:6b:7a:69:1d:1a:bb:68:c9:9e:7c:98:ce:de:
8a:55:78:49:a6:af:76:de:74:48:ee:6b:ce:98:15:0c:56:8e:
7e:b2:ae:c1:55:11:8f:17:83:2d:53:d0:43:d8:52:89:4e:48:
e0:ad:02:e7:9a:de:36:6b:f4:29:16:9d:8b:0e:96:90:19:7c:
a4:ea:47:37:47:3e:1f:8c:d9:1c:3a:8f:22:b4:d8:ed:53:18:
c2:cd:92:bb:6f:5b:ab:ea:7c:8c:ea:52:60:a6:53:25:15:b1:
fa:ea:c9:c2:ad:a8:5e:d1:29:85:fe:2c:9e:75:23:7e:04:e7:
90:cb:ef:f6:fe:1e:d6:2a:66:08:1c:29:c3:4c:e6:f8:ab:85:
54:f6:a9:4d:21:2b:fa:c4:d2:23:56:31:16:2b:7d:69:1a:f3:
29:b3:cf:ba:67:50:d8:d0:71:e3:42:14:bd:cc:b9:59:49:63:
ab:b8:c5:c6:d6:26:7f:41:4f:27:c7:54:33:58:7e:2d:da:f5:
26:b9:84:ee:9e:d6:9b:de:0d:ec:5a:7d:02:1f:1d:1e:17:c9:
6a:0d:74:8d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICaoIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTEw
MjQ1NDRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEFFOTkzRUIyOEFGMDUw
RkMxMUE5QzM1NDJEQTBBNkIxRTY2Qjc2MTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJsjCTPf8567Hc1Td8B/D1u2lLp3vN4cZQLHxBBDOns4SXyKS3
40tFc6xOy9fm4r8qkX2QiP27l6g3lf+8dJsFZsxTmEm9iOIPJqBUD86kq7M17Pcb
EMp5jOweh7KmW0hacJIikvDDvyo9P7835RuS/0K5kNNltjyHPVvUtTe5EZRuYtru
+OZdE+Gc7sPcEwASOJ4G2wlmucZzuPwf7FAoKg82CkfFlMZv1NFESaCBpYl1G8l5
6lkmbHQaygp3TZjKnh/tV2mW+juIvyJEXP574AUf2qzz+xl8nh/AQl2uAynL2sHn
KGBMQ5RuxAIQDi4QyN79I/xaSUumI47SKlcbAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUrpk+sorwUPwRqcNULaCmseZrdhcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3Jway1zb3J3VVB3UnFj
TlVMYUNtc2VacmRoYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQATOTG7
/XX/+eh3tsm2fD1OpC+5I4y5X6+bIU2nCfQUQxVMaktOiYmDZ2t6aR0au2jJnnyY
zt6KVXhJpq923nRI7mvOmBUMVo5+sq7BVRGPF4MtU9BD2FKJTkjgrQLnmt42a/Qp
Fp2LDpaQGXyk6kc3Rz4fjNkcOo8itNjtUxjCzZK7b1ur6nyM6lJgplMlFbH66snC
rahe0SmF/iyedSN+BOeQy+/2/h7WKmYIHCnDTOb4q4VU9qlNISv6xNIjVjEWK31p
GvMps8+6Z1DY0HHjQhS9zLlZSWOruMXG1iZ/QU8nx1QzWH4t2vUmuYTuntab3g3s
Wn0CHx0eF8lqDXSN
-----END CERTIFICATE-----
Generated at Fri Jun 20 14:38:05 2025 by rpki-client