Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/sT6F0Sdalqp93zAftzF0Y_wtVBo.roa
File: sT6F0Sdalqp93zAftzF0Y_wtVBo.roa (raw, json)
Hash identifier: 3KBcTt1PYdih+/yIRfOqgonueoZpMykGUeNlI86bORg=
Subject key identifier: B1:3E:85:D1:27:5A:96:AA:7D:DF:30:1F:B7:31:74:63:FC:2D:54:1A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 68A0
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/sT6F0Sdalqp93zAftzF0Y_wtVBo.roa
Signing time: Fri 06 Jun 2025 02:11:49 +0000
ROA not before: Fri 06 Jun 2025 02:11:49 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26784 (0x68a0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 6 02:11:49 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B13E85D1275A96AA7DDF301FB7317463FC2D541A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:21:af:64:04:08:39:21:74:e8:79:c8:e9:63:
86:ae:e4:a1:81:47:6a:5a:15:64:a3:2d:07:21:3c:
11:aa:60:45:62:98:36:db:d0:1b:d4:1d:62:47:b7:
a8:fa:81:af:c2:38:e8:b6:f4:12:ae:4d:0d:46:c8:
5c:05:1f:54:e8:27:e8:8c:c3:cc:f0:ba:a7:30:16:
52:c8:71:78:b5:1b:0f:d5:f8:3a:f2:b7:25:c7:87:
73:94:f6:db:1a:2a:96:55:54:d8:d3:9a:5c:cd:fb:
50:c5:f6:2e:40:d4:fb:e7:08:a3:58:ed:20:11:df:
99:93:7f:5d:f6:c3:a4:63:ea:5a:2e:fb:0d:0c:37:
2f:82:c1:52:28:81:4c:e6:49:6b:7f:ca:5c:da:94:
68:44:3e:9a:25:3c:2b:6c:80:24:ba:57:00:f7:72:
76:fd:95:3c:c1:b1:bd:b4:9c:b8:d0:8f:5e:19:98:
de:d8:30:b5:0f:dd:39:46:e4:0d:50:97:c7:44:df:
6a:f3:12:80:4c:e3:2f:45:92:29:92:09:08:ec:ca:
52:7e:e8:a3:6b:fd:f9:c5:8a:82:2b:b1:b5:33:af:
5c:3a:4a:67:14:47:58:01:22:8d:ce:e4:6b:e4:4e:
32:29:18:06:01:09:ea:bb:7e:f1:bf:15:04:3d:72:
32:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:3E:85:D1:27:5A:96:AA:7D:DF:30:1F:B7:31:74:63:FC:2D:54:1A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/sT6F0Sdalqp93zAftzF0Y_wtVBo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
07:e3:cb:31:d7:c1:3f:f6:08:9c:2b:bb:81:53:5b:0a:4b:77:
a1:e0:fd:0a:9d:5b:b2:88:14:b6:25:6d:55:38:65:86:23:33:
b7:8c:84:be:f0:32:1d:39:d4:e3:66:0c:47:a8:dd:28:b9:a1:
68:08:02:3c:81:59:22:af:77:28:e0:f6:1c:c5:ee:e1:53:c6:
bc:f3:e6:2f:18:5e:70:94:0c:15:65:5c:bf:98:88:f5:1b:e1:
01:fc:01:0d:d7:78:0d:63:9b:58:d3:56:09:4c:bf:07:4c:cd:
84:96:32:64:ee:26:62:f0:cc:1d:e9:91:9b:ea:ad:26:8d:1d:
8e:85:6c:7d:bf:96:4c:f9:f9:62:70:3e:58:20:ad:fa:fa:b7:
63:c3:3a:d9:7c:1e:b4:b2:79:26:9a:cc:0c:20:9c:37:fd:98:
8e:6e:2b:41:f2:99:da:2e:ba:2f:43:a0:69:64:5e:93:c4:d8:
e5:85:81:21:62:b0:ec:be:38:4b:fc:dd:08:8d:4f:23:5a:85:
5a:61:96:85:03:bb:39:cf:88:dd:ce:f2:a5:d1:df:29:21:6c:
aa:4f:18:07:69:ea:84:4c:61:27:65:10:4b:f4:f7:e4:91:26:
dc:d6:ae:66:e0:15:cf:7e:3b:56:66:20:29:66:35:4e:b5:bd:
d9:df:61:f4
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICaKAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDYw
MjExNDlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEIxM0U4NUQxMjc1QTk2
QUE3RERGMzAxRkI3MzE3NDYzRkMyRDU0MUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDTIa9kBAg5IXToecjpY4au5KGBR2paFWSjLQchPBGqYEVimDbb
0BvUHWJHt6j6ga/COOi29BKuTQ1GyFwFH1ToJ+iMw8zwuqcwFlLIcXi1Gw/V+Dry
tyXHh3OU9tsaKpZVVNjTmlzN+1DF9i5A1PvnCKNY7SAR35mTf132w6Rj6lou+w0M
Ny+CwVIogUzmSWt/ylzalGhEPpolPCtsgCS6VwD3cnb9lTzBsb20nLjQj14ZmN7Y
MLUP3TlG5A1Ql8dE32rzEoBM4y9FkimSCQjsylJ+6KNr/fnFioIrsbUzr1w6SmcU
R1gBIo3O5GvkTjIpGAYBCeq7fvG/FQQ9cjLhAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUsT6F0Sdalqp93zAftzF0Y/wtVBowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3NUNkYwU2RhbHFwOTN6
QWZ0ekYwWV93dFZCby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAH48sx
18E/9gicK7uBU1sKS3eh4P0KnVuyiBS2JW1VOGWGIzO3jIS+8DIdOdTjZgxHqN0o
uaFoCAI8gVkir3co4PYcxe7hU8a88+YvGF5wlAwVZVy/mIj1G+EB/AEN13gNY5tY
01YJTL8HTM2EljJk7iZi8Mwd6ZGb6q0mjR2OhWx9v5ZM+flicD5YIK36+rdjwzrZ
fB60snkmmswMIJw3/ZiObitB8pnaLrovQ6BpZF6TxNjlhYEhYrDsvjhL/N0IjU8j
WoVaYZaFA7s5z4jdzvKl0d8pIWyqTxgHaeqETGEnZRBL9PfkkSbc1q5m4BXPfjtW
ZiApZjVOtb3Z32H0
-----END CERTIFICATE-----
Generated at Fri Jun 20 13:22:16 2025 by rpki-client