Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ve0FQevOQUDhv1k3iocSjwAb30U.roa
File: ve0FQevOQUDhv1k3iocSjwAb30U.roa (raw, json)
Hash identifier: +gdl8r7Ul/rCyIkNDJUGaiAebGXdNPCC9h816wMKrXY=
Subject key identifier: BD:ED:05:41:EB:CE:41:40:E1:BF:59:37:8A:87:12:8F:00:1B:DF:45
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6836
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ve0FQevOQUDhv1k3iocSjwAb30U.roa
Signing time: Wed 04 Jun 2025 23:41:45 +0000
ROA not before: Wed 04 Jun 2025 23:41:45 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26678 (0x6836)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 4 23:41:45 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=BDED0541EBCE4140E1BF59378A87128F001BDF45
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:c9:e2:d3:d8:6f:b4:0c:d1:c2:d7:ea:3b:f6:
1f:69:e9:bc:50:e3:40:59:19:77:ad:63:7f:9c:6b:
27:58:84:4d:f7:92:04:04:c6:4f:17:13:5b:c9:2f:
c9:7e:b2:d2:94:25:69:e3:1f:fc:db:58:c6:fa:bd:
30:96:c9:f2:8d:e3:27:ed:25:c1:c8:bd:97:42:40:
4d:67:ec:ba:f3:11:3b:64:aa:b4:cd:fe:b0:a7:2e:
96:05:7c:9a:9d:43:23:7c:ae:db:4f:e6:2b:96:4e:
73:96:ea:e3:0b:2a:cd:9e:d1:57:31:5d:4c:af:e9:
ed:f9:6b:a7:85:aa:20:46:5a:6d:a8:f8:f9:b6:f6:
be:2d:fa:40:38:51:19:7d:ad:34:7d:a4:d9:0e:45:
55:4a:19:2b:2a:93:67:c6:88:c7:94:7b:93:70:da:
51:a8:9a:df:82:a1:d7:78:14:a9:a3:40:cf:76:d2:
57:a8:84:61:cb:53:59:19:ce:16:e0:01:fa:85:ca:
b3:c1:04:bd:57:17:38:76:a8:4f:1f:8c:dc:a0:e0:
93:b4:f4:dd:e2:45:36:7c:49:d2:82:1b:ea:f5:05:
93:35:f5:ae:42:b3:2a:7b:21:7e:12:9d:db:d7:2b:
1e:ea:16:85:22:cb:e0:9d:ec:55:39:0b:bb:b2:ab:
63:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:ED:05:41:EB:CE:41:40:E1:BF:59:37:8A:87:12:8F:00:1B:DF:45
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ve0FQevOQUDhv1k3iocSjwAb30U.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
35:1a:a0:ca:1d:5e:64:6d:1a:b9:40:56:c7:88:68:6e:e7:5f:
21:15:35:f3:db:ef:b8:4b:88:4c:e1:81:16:fe:2d:d5:6d:7a:
b2:49:b9:b7:23:f2:ea:7b:7e:b2:3f:05:15:a2:b1:5d:a9:60:
9d:ad:77:4e:76:29:f6:82:c1:62:43:82:b5:e8:51:57:ab:49:
7f:85:02:d8:63:6b:d7:d7:37:9e:37:ba:3f:7e:35:43:ee:67:
fc:72:eb:b8:3c:3c:c2:fc:07:73:9e:84:0f:68:a1:32:55:59:
0a:be:a4:5f:d8:04:0f:30:51:74:0d:03:a1:39:72:0c:75:0b:
0a:c1:c8:5e:74:38:59:23:ba:fd:46:0c:c7:4b:6c:aa:8e:48:
01:3d:be:ec:79:61:fe:33:b5:35:ba:6a:18:18:1e:e6:0a:91:
27:61:e2:ed:d4:53:05:08:0c:77:65:ce:de:90:03:a0:a0:3f:
8c:11:ec:0a:d8:04:99:8a:4d:40:3d:20:27:95:83:ae:ad:04:
4f:e3:40:e9:53:62:a0:62:be:f6:2f:ed:9d:e0:82:16:63:9c:
dc:24:02:21:e9:a6:c2:26:f3:6a:d2:0d:ea:a7:24:44:00:7a:
94:86:a6:e6:81:98:03:f5:ce:da:d2:68:a0:6c:4d:65:e5:d2:
7b:f7:33:2c
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICaDYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDQy
MzQxNDVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEJERUQwNTQxRUJDRTQx
NDBFMUJGNTkzNzhBODcxMjhGMDAxQkRGNDUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCqyeLT2G+0DNHC1+o79h9p6bxQ40BZGXetY3+caydYhE33kgQE
xk8XE1vJL8l+stKUJWnjH/zbWMb6vTCWyfKN4yftJcHIvZdCQE1n7LrzETtkqrTN
/rCnLpYFfJqdQyN8rttP5iuWTnOW6uMLKs2e0VcxXUyv6e35a6eFqiBGWm2o+Pm2
9r4t+kA4URl9rTR9pNkORVVKGSsqk2fGiMeUe5Nw2lGomt+Codd4FKmjQM920leo
hGHLU1kZzhbgAfqFyrPBBL1XFzh2qE8fjNyg4JO09N3iRTZ8SdKCG+r1BZM19a5C
syp7IX4SndvXKx7qFoUiy+Cd7FU5C7uyq2MDAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUve0FQevOQUDhv1k3iocSjwAb30UwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3ZlMEZRZXZPUVVEaHYx
azNpb2NTandBYjMwVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA1GqDK
HV5kbRq5QFbHiGhu518hFTXz2++4S4hM4YEW/i3VbXqySbm3I/Lqe36yPwUVorFd
qWCdrXdOdin2gsFiQ4K16FFXq0l/hQLYY2vX1zeeN7o/fjVD7mf8cuu4PDzC/Adz
noQPaKEyVVkKvqRf2AQPMFF0DQOhOXIMdQsKwchedDhZI7r9RgzHS2yqjkgBPb7s
eWH+M7U1umoYGB7mCpEnYeLt1FMFCAx3Zc7ekAOgoD+MEewK2ASZik1APSAnlYOu
rQRP40DpU2KgYr72L+2d4IIWY5zcJAIh6abCJvNq0g3qpyREAHqUhqbmgZgD9c7a
0migbE1l5dJ79zMs
-----END CERTIFICATE-----
Generated at Fri Jun 20 21:29:01 2025 by rpki-client