Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/tpdmVTnjLN32il0a_0GgDLK9nDQ.roa
File: tpdmVTnjLN32il0a_0GgDLK9nDQ.roa (raw, json)
Hash identifier: cvZjQCCaEnuDH2e/7fhjnEQ2L1GcVjxJIBuH9J/zLZE=
Subject key identifier: B6:97:66:55:39:E3:2C:DD:F6:8A:5D:1A:FF:41:A0:0C:B2:BD:9C:34
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6704
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tpdmVTnjLN32il0a_0GgDLK9nDQ.roa
Signing time: Sun 01 Jun 2025 19:14:08 +0000
ROA not before: Sun 01 Jun 2025 19:14:08 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26372 (0x6704)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 1 19:14:08 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B697665539E32CDDF68A5D1AFF41A00CB2BD9C34
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:2f:bb:82:7a:ad:7f:bb:6c:19:d1:4b:6f:6a:
4a:12:c9:c2:e6:d2:83:55:c2:93:14:cd:64:0e:3f:
e0:b3:fc:75:0b:57:0e:39:f5:4f:0b:9b:ce:46:02:
fc:9e:16:7c:ae:af:a8:68:50:18:46:dc:95:79:56:
99:31:3b:df:23:29:86:fa:05:3a:d7:39:a6:7d:ae:
d8:c5:cc:b7:f9:aa:cb:a0:d9:73:3a:94:3a:6c:14:
0b:d3:03:40:cf:f8:a4:8c:7f:e2:a4:33:df:1b:d3:
6d:76:57:4a:4b:9d:66:bc:6b:fa:ff:d8:79:60:a9:
48:4b:cc:ec:51:a6:97:36:ab:64:73:2f:bc:da:1e:
2b:c2:e4:88:44:bb:1b:3d:d3:d1:05:a2:52:4d:92:
ea:f5:53:4d:69:06:f3:fa:96:60:7b:f5:eb:ec:f8:
0f:89:85:da:7b:d5:58:4c:9c:ef:84:4b:61:96:bc:
7f:ac:81:ad:16:6f:b2:6f:b8:13:03:c4:6f:ab:89:
c7:af:91:8a:8e:ad:07:1c:34:f7:41:ba:10:a7:f6:
42:ab:16:83:6d:32:5d:75:10:56:b7:38:21:e8:ed:
ff:22:2b:dc:f4:6e:02:5c:c1:ab:a9:a3:c0:75:ee:
f1:6c:97:c8:a2:1c:f3:ef:b1:86:24:3d:58:f2:6f:
90:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:97:66:55:39:E3:2C:DD:F6:8A:5D:1A:FF:41:A0:0C:B2:BD:9C:34
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tpdmVTnjLN32il0a_0GgDLK9nDQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
a5:64:30:27:c5:0d:35:31:8a:0a:85:0b:ac:d2:67:f5:5b:23:
c4:79:eb:91:fa:e8:6b:59:1c:8d:04:a7:ca:02:4f:86:fb:e3:
b0:55:7c:c1:f7:c9:34:3b:86:cf:69:76:c8:95:e0:94:29:1b:
d9:27:3d:79:50:28:e0:b9:25:6a:03:cc:6f:78:5b:c4:11:1c:
60:b6:22:28:61:43:62:90:b0:16:3f:28:58:52:db:5c:e7:3d:
28:c1:cf:87:5a:c1:61:f7:9a:d2:2e:49:ae:7a:5c:53:fc:6a:
c9:ca:ec:8e:08:d7:7b:6b:de:3b:77:be:60:dc:ef:f7:2b:cf:
8e:e5:c4:e7:6f:a5:75:1f:10:b2:4e:8c:43:2d:62:7c:92:ff:
ec:22:49:89:95:60:2e:98:da:39:d0:aa:17:3d:12:31:00:75:
cf:52:ed:1c:52:2c:fe:55:a3:d3:c2:af:29:f3:a1:b1:4e:ce:
9f:16:be:f0:0f:00:fe:af:9b:de:a2:e9:fd:30:77:05:25:ae:
72:06:1d:53:32:15:44:b3:28:90:be:67:a9:cb:82:07:96:28:
d8:7a:01:da:2c:90:e8:65:ef:f6:f9:3b:b0:ce:cd:e5:e7:ab:
51:77:78:ff:aa:ac:81:53:6b:fc:d0:e1:87:c4:e2:54:ee:40:
0c:09:e1:b3
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZwQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDEx
OTE0MDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEI2OTc2NjU1MzlFMzJD
RERGNjhBNUQxQUZGNDFBMDBDQjJCRDlDMzQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+L7uCeq1/u2wZ0UtvakoSycLm0oNVwpMUzWQOP+Cz/HULVw45
9U8Lm85GAvyeFnyur6hoUBhG3JV5VpkxO98jKYb6BTrXOaZ9rtjFzLf5qsug2XM6
lDpsFAvTA0DP+KSMf+KkM98b0212V0pLnWa8a/r/2HlgqUhLzOxRppc2q2RzL7za
HivC5IhEuxs909EFolJNkur1U01pBvP6lmB79evs+A+Jhdp71VhMnO+ES2GWvH+s
ga0Wb7JvuBMDxG+ricevkYqOrQccNPdBuhCn9kKrFoNtMl11EFa3OCHo7f8iK9z0
bgJcwaupo8B17vFsl8iiHPPvsYYkPVjyb5BXAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUtpdmVTnjLN32il0a/0GgDLK9nDQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3RwZG1WVG5qTE4zMmls
MGFfMEdnRExLOW5EUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQClZDAn
xQ01MYoKhQus0mf1WyPEeeuR+uhrWRyNBKfKAk+G++OwVXzB98k0O4bPaXbIleCU
KRvZJz15UCjguSVqA8xveFvEERxgtiIoYUNikLAWPyhYUttc5z0owc+HWsFh95rS
LkmuelxT/GrJyuyOCNd7a947d75g3O/3K8+O5cTnb6V1HxCyToxDLWJ8kv/sIkmJ
lWAumNo50KoXPRIxAHXPUu0cUiz+VaPTwq8p86GxTs6fFr7wDwD+r5veoun9MHcF
Ja5yBh1TMhVEsyiQvmepy4IHlijYegHaLJDoZe/2+Tuwzs3l56tRd3j/qqyBU2v8
0OGHxOJU7kAMCeGz
-----END CERTIFICATE-----
Generated at Sat Jun 21 03:38:45 2025 by rpki-client