Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/tRajM6gTeyefLWcdmVV947SsOAs.roa
File: tRajM6gTeyefLWcdmVV947SsOAs.roa (raw, json)
Hash identifier: PPZXSnN7PH1wi06/ImrC4xhVO4yWFvZkgszlFyEdCRQ=
Subject key identifier: B5:16:A3:33:A8:13:7B:27:9F:2D:67:1D:99:55:7D:E3:B4:AC:38:0B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6A70
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tRajM6gTeyefLWcdmVV947SsOAs.roa
Signing time: Tue 10 Jun 2025 22:12:14 +0000
ROA not before: Tue 10 Jun 2025 22:12:14 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27248 (0x6a70)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 10 22:12:14 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B516A333A8137B279F2D671D99557DE3B4AC380B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:93:7d:cf:a9:13:d1:21:2f:12:38:78:02:0d:
ef:bf:90:99:50:48:4c:12:65:1a:38:11:1e:ce:c6:
9b:04:1e:d3:29:be:18:3a:2c:f9:47:3e:37:f0:58:
d6:57:c2:77:8b:9a:bd:ae:f5:7b:97:0f:6e:cb:c8:
55:60:cb:4e:30:8f:17:f6:38:f9:57:1e:a2:e9:2e:
09:58:b3:51:0e:f8:dc:d2:87:30:96:7c:e0:ae:28:
99:ec:d5:1c:1d:82:fc:67:77:88:5a:f0:9f:24:c9:
48:97:af:b6:3a:4e:55:82:63:b1:b6:c4:37:2d:2a:
29:67:70:f0:89:74:d4:34:25:24:87:6a:60:26:87:
8a:fe:07:09:b1:c7:06:f0:25:be:5b:d5:07:1a:21:
e0:53:6e:8f:cf:16:e7:77:95:96:a8:9f:b3:33:71:
ac:08:27:33:1c:7e:07:b9:b8:34:a3:86:00:ec:82:
3c:30:9e:31:de:f3:ad:99:39:2f:15:18:fe:ab:43:
e4:9d:61:94:83:bb:db:d9:f1:89:11:2f:d8:f1:fe:
f5:43:3d:43:cb:6b:cb:a0:9e:c0:7c:3e:32:08:26:
c6:31:79:af:e6:48:b8:93:26:38:c1:06:26:68:c5:
84:fb:5f:13:b9:0a:6c:4b:2b:71:a8:35:42:3d:6d:
bd:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:16:A3:33:A8:13:7B:27:9F:2D:67:1D:99:55:7D:E3:B4:AC:38:0B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tRajM6gTeyefLWcdmVV947SsOAs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
8b:62:fa:bd:e5:8a:e8:5b:4f:4e:a4:01:12:ae:9f:f8:5d:9d:
a5:62:12:cf:f8:3b:95:11:fc:9c:bf:c8:7d:2b:e3:b4:99:90:
15:b3:bf:b9:83:79:61:fc:ca:56:cb:41:40:fe:92:53:3c:bd:
89:bb:08:22:f5:e7:24:00:59:31:c3:ae:d0:bd:83:7c:f3:81:
16:40:a3:11:3f:ea:5f:e2:86:e3:c4:51:99:68:97:71:43:54:
2e:5f:b1:62:b5:e0:ef:ed:e5:1d:5f:c4:9e:f7:7a:56:46:2f:
72:c6:82:41:3f:40:26:0f:78:10:3c:6f:62:e1:13:87:73:d7:
37:b0:36:5b:c2:12:42:27:ed:03:34:60:d2:61:d9:04:a1:8f:
3a:e0:71:d8:e0:d4:1a:56:fb:8b:f2:12:fd:a4:e1:ea:c8:69:
c8:09:82:0e:82:bd:50:56:d0:81:b0:1c:cb:a3:70:ef:ed:c8:
ce:85:ab:ba:ea:42:06:1c:bd:ac:82:57:26:37:00:fa:37:95:
dd:e2:ba:7b:71:1e:9e:78:aa:3b:7d:5d:2a:1e:37:f6:5c:1b:
a6:f6:48:3a:44:a8:3d:01:6e:22:ca:3d:ef:37:c1:6f:34:e2:
3a:97:b8:5d:35:78:f0:2a:3c:c5:ff:5c:a8:68:4c:70:6e:6c:
31:46:17:a5
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICanAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTAy
MjEyMTRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEI1MTZBMzMzQTgxMzdC
Mjc5RjJENjcxRDk5NTU3REUzQjRBQzM4MEIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDUk33PqRPRIS8SOHgCDe+/kJlQSEwSZRo4ER7OxpsEHtMpvhg6
LPlHPjfwWNZXwneLmr2u9XuXD27LyFVgy04wjxf2OPlXHqLpLglYs1EO+NzShzCW
fOCuKJns1Rwdgvxnd4ha8J8kyUiXr7Y6TlWCY7G2xDctKilncPCJdNQ0JSSHamAm
h4r+BwmxxwbwJb5b1QcaIeBTbo/PFud3lZaon7MzcawIJzMcfge5uDSjhgDsgjww
njHe862ZOS8VGP6rQ+SdYZSDu9vZ8YkRL9jx/vVDPUPLa8ugnsB8PjIIJsYxea/m
SLiTJjjBBiZoxYT7XxO5CmxLK3GoNUI9bb1NAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUtRajM6gTeyefLWcdmVV947SsOAswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3RSYWpNNmdUZXllZkxX
Y2RtVlY5NDdTc09Bcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCLYvq9
5YroW09OpAESrp/4XZ2lYhLP+DuVEfycv8h9K+O0mZAVs7+5g3lh/MpWy0FA/pJT
PL2Juwgi9eckAFkxw67QvYN884EWQKMRP+pf4objxFGZaJdxQ1QuX7FiteDv7eUd
X8Se93pWRi9yxoJBP0AmD3gQPG9i4ROHc9c3sDZbwhJCJ+0DNGDSYdkEoY864HHY
4NQaVvuL8hL9pOHqyGnICYIOgr1QVtCBsBzLo3Dv7cjOhau66kIGHL2sglcmNwD6
N5Xd4rp7cR6eeKo7fV0qHjf2XBum9kg6RKg9AW4iyj3vN8FvNOI6l7hdNXjwKjzF
/1yoaExwbmwxRhel
-----END CERTIFICATE-----
Generated at Fri Jun 20 22:59:57 2025 by rpki-client