Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/vZBMd3kdfQQKS7uQbrI8zGGBLxI.roa
File: vZBMd3kdfQQKS7uQbrI8zGGBLxI.roa (raw, json)
Hash identifier: oJldCAv4hntmY1zxGaoeG4pw2AriXUmVUoYOzcePw94=
Subject key identifier: BD:90:4C:77:79:1D:7D:04:0A:4B:BB:90:6E:B2:3C:CC:61:81:2F:12
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6B7A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vZBMd3kdfQQKS7uQbrI8zGGBLxI.roa
Signing time: Fri 13 Jun 2025 16:45:53 +0000
ROA not before: Fri 13 Jun 2025 16:45:53 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27514 (0x6b7a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 13 16:45:53 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=BD904C77791D7D040A4BBB906EB23CCC61812F12
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:b4:c2:70:08:b0:46:e8:02:cc:8b:fb:28:06:
8b:1a:d3:fb:b6:a6:04:4d:da:8e:28:21:1e:8a:57:
9b:c4:7d:e2:be:50:76:1e:60:f6:86:f0:a7:5e:3e:
45:3a:9c:3b:66:b1:15:65:c3:03:28:02:8f:27:38:
50:82:eb:60:3a:09:cc:2f:95:da:f9:14:ef:39:67:
b3:73:3c:cd:88:2e:9c:59:2e:90:27:f6:89:68:80:
8a:2c:6e:2e:0a:23:95:77:fa:ef:f5:74:ab:69:9b:
da:b3:93:3e:0d:d1:84:93:99:55:b0:e6:83:15:1c:
91:c8:ac:8a:51:66:8e:93:ea:61:66:13:0b:9d:a8:
94:27:5b:42:31:27:33:45:6a:03:24:12:49:64:f0:
22:fa:af:98:34:46:14:ba:02:82:34:29:3c:d1:4e:
a6:7e:9d:56:26:16:bf:24:87:af:34:23:87:8f:06:
aa:e6:08:1c:a7:90:f6:5a:b1:3b:a1:b5:5b:55:66:
8d:b9:59:07:45:26:3a:3f:7c:9a:89:6f:b4:41:df:
a7:f4:69:25:d6:86:3d:a2:fa:67:93:78:06:c9:ce:
35:e8:9b:0f:af:34:79:92:a7:6f:18:a4:ac:6c:0f:
fb:00:f5:1d:96:3e:97:78:5e:68:14:4a:14:ed:16:
a2:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:90:4C:77:79:1D:7D:04:0A:4B:BB:90:6E:B2:3C:CC:61:81:2F:12
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vZBMd3kdfQQKS7uQbrI8zGGBLxI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
6d:3c:8b:88:0a:b0:02:4a:a4:33:c7:15:60:33:b5:c4:3c:0f:
fa:91:aa:f3:8e:a0:82:0d:f8:76:30:8b:c5:fc:55:9d:58:57:
18:11:dc:5f:a6:f7:d4:b3:6a:a7:b9:83:d8:f2:d1:24:46:8e:
99:8e:ac:56:c3:b2:8d:6e:70:9c:02:c6:40:08:f5:8e:2b:ca:
6f:5b:4f:3a:88:2b:d1:74:dd:bf:0b:4d:d2:70:b5:d6:d6:32:
7a:f0:69:12:4b:06:b5:d8:bf:d1:4c:43:96:0d:2e:e1:c7:13:
4e:5d:29:64:f2:fa:d7:b3:5d:28:c8:c3:f0:9b:b0:4f:dd:26:
02:2e:57:5f:34:d1:31:1b:64:c1:8f:6e:69:61:cf:35:8b:af:
fa:30:41:4d:d3:a2:08:a9:54:09:d5:e3:24:38:06:1f:ef:fe:
3d:3d:80:3b:96:91:97:c0:e6:43:7f:0b:9a:85:6b:81:b2:81:
fe:61:1b:5c:fc:1d:c1:ab:b8:96:28:4f:7c:02:74:33:d6:c0:
ac:6b:de:b5:51:7d:1b:20:e5:09:3e:84:d9:9f:9f:34:63:23:
58:64:27:1c:93:73:cd:eb:14:96:d8:4c:da:62:a6:d6:16:44:
0d:48:c2:4e:8f:02:eb:75:e0:55:dc:17:ce:79:7b:36:c6:31:
65:27:8b:fc
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICa3owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTMx
NjQ1NTNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEJEOTA0Qzc3NzkxRDdE
MDQwQTRCQkI5MDZFQjIzQ0NDNjE4MTJGMTIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCdtMJwCLBG6ALMi/soBosa0/u2pgRN2o4oIR6KV5vEfeK+UHYe
YPaG8KdePkU6nDtmsRVlwwMoAo8nOFCC62A6Ccwvldr5FO85Z7NzPM2ILpxZLpAn
9ologIosbi4KI5V3+u/1dKtpm9qzkz4N0YSTmVWw5oMVHJHIrIpRZo6T6mFmEwud
qJQnW0IxJzNFagMkEklk8CL6r5g0RhS6AoI0KTzRTqZ+nVYmFr8kh680I4ePBqrm
CBynkPZasTuhtVtVZo25WQdFJjo/fJqJb7RB36f0aSXWhj2i+meTeAbJzjXomw+v
NHmSp28YpKxsD/sA9R2WPpd4XmgUShTtFqLlAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUvZBMd3kdfQQKS7uQbrI8zGGBLxIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3ZaQk1kM2tkZlFRS1M3
dVFickk4ekdHQkx4SS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBtPIuI
CrACSqQzxxVgM7XEPA/6karzjqCCDfh2MIvF/FWdWFcYEdxfpvfUs2qnuYPY8tEk
Ro6ZjqxWw7KNbnCcAsZACPWOK8pvW086iCvRdN2/C03ScLXW1jJ68GkSSwa12L/R
TEOWDS7hxxNOXSlk8vrXs10oyMPwm7BP3SYCLldfNNExG2TBj25pYc81i6/6MEFN
06IIqVQJ1eMkOAYf7/49PYA7lpGXwOZDfwuahWuBsoH+YRtc/B3Bq7iWKE98AnQz
1sCsa961UX0bIOUJPoTZn580YyNYZCcck3PN6xSW2EzaYqbWFkQNSMJOjwLrdeBV
3BfOeXs2xjFlJ4v8
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:30:08 2025 by rpki-client