Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/xOVwyniMD-KrbtBdFz02lX-KZm8.roa
File: xOVwyniMD-KrbtBdFz02lX-KZm8.roa (raw, json)
Hash identifier: 4l2+KkTjwySFBF+X9jhSjVyAcDrjTpubPgIQ2PcoGEg=
Subject key identifier: C4:E5:70:CA:78:8C:0F:E2:AB:6E:D0:5D:17:3D:36:95:7F:8A:66:6F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 66E2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xOVwyniMD-KrbtBdFz02lX-KZm8.roa
Signing time: Sun 01 Jun 2025 10:41:35 +0000
ROA not before: Sun 01 Jun 2025 10:41:35 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26338 (0x66e2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 1 10:41:35 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=C4E570CA788C0FE2AB6ED05D173D36957F8A666F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:76:97:b6:38:2b:c7:45:f0:d1:f5:52:e5:9c:
74:c0:3c:56:95:a3:81:d8:7a:b3:4f:f2:63:87:6c:
1b:e9:7c:59:70:0d:0a:df:86:80:2e:cb:2e:58:db:
95:00:b7:9d:93:45:1a:7a:bf:e3:ba:c5:8a:45:b5:
d9:b6:a9:7b:92:1c:53:8d:03:d5:45:4b:3b:96:4b:
f1:a7:29:60:53:b7:01:47:c2:54:93:07:6b:8b:94:
f0:32:17:6e:c3:8e:c3:40:ad:1a:3c:e1:1e:bc:40:
7f:c6:d0:38:1d:1d:69:13:52:fc:32:75:29:2a:b1:
48:84:ad:43:e8:5f:1e:c2:ed:bd:e4:08:e7:3f:2f:
6d:d0:bb:06:3b:0e:31:be:04:ea:39:d0:6f:b5:aa:
39:6d:39:ec:52:d2:cf:9f:11:40:cb:3f:f4:42:b7:
3c:fa:49:9b:5a:dc:38:2a:3d:2e:02:53:db:bf:d7:
da:a9:43:50:04:8e:07:5a:b1:68:6f:a6:7e:65:57:
eb:25:28:87:cf:0e:d9:3f:8b:d9:74:34:18:63:4e:
85:e0:2e:2d:50:fd:e9:71:ef:73:60:7d:f0:54:53:
12:3c:14:c1:80:0f:f3:11:5e:39:c9:a1:65:f7:8d:
25:e9:7a:c5:e2:64:5e:70:03:68:56:e3:5b:b0:06:
9d:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:E5:70:CA:78:8C:0F:E2:AB:6E:D0:5D:17:3D:36:95:7F:8A:66:6F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xOVwyniMD-KrbtBdFz02lX-KZm8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
a8:a0:9c:90:40:35:6e:92:6c:e7:0b:f5:ef:d2:83:bf:dd:72:
9c:38:d2:c2:1e:e4:02:d4:c5:39:3b:bb:d9:b8:c1:3c:c2:70:
6c:87:a3:50:6b:95:03:b6:b6:11:39:94:a1:33:08:73:c1:b7:
32:1f:04:5d:8f:f0:08:a2:67:ef:94:45:d1:88:4f:a4:34:49:
cb:cb:52:8b:db:72:8c:92:91:0f:e6:ae:d0:00:88:47:0e:18:
f5:b3:f2:d4:b3:3c:2f:1c:25:98:0d:81:d9:08:45:cc:61:93:
66:8f:a1:29:93:95:2a:20:83:0a:c1:1e:89:44:b2:81:93:37:
b7:98:1d:ab:4a:58:04:d0:28:83:28:72:a4:ed:12:b2:0b:3c:
ff:24:c9:d1:5a:d9:24:fb:66:50:65:21:64:74:18:c8:33:41:
45:b3:46:51:9d:6d:31:f5:de:52:2e:6b:cb:ca:e6:17:2b:87:
c6:3f:c1:2f:80:57:22:bd:23:54:0a:52:ce:50:1e:31:d6:ce:
21:3b:99:89:4c:d8:e6:8d:f2:05:dc:8b:a3:b4:e6:49:00:13:
81:8a:5e:ef:b6:fd:f6:ec:c5:2e:a5:9e:b8:67:7d:59:6c:47:
a0:b7:bf:ce:9d:1f:ff:02:57:f0:4a:95:af:90:4c:8f:f4:73:
85:bf:7a:da
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZuIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDEx
MDQxMzVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEM0RTU3MENBNzg4QzBG
RTJBQjZFRDA1RDE3M0QzNjk1N0Y4QTY2NkYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDSdpe2OCvHRfDR9VLlnHTAPFaVo4HYerNP8mOHbBvpfFlwDQrf
hoAuyy5Y25UAt52TRRp6v+O6xYpFtdm2qXuSHFONA9VFSzuWS/GnKWBTtwFHwlST
B2uLlPAyF27DjsNArRo84R68QH/G0DgdHWkTUvwydSkqsUiErUPoXx7C7b3kCOc/
L23QuwY7DjG+BOo50G+1qjltOexS0s+fEUDLP/RCtzz6SZta3DgqPS4CU9u/19qp
Q1AEjgdasWhvpn5lV+slKIfPDtk/i9l0NBhjToXgLi1Q/elx73NgffBUUxI8FMGA
D/MRXjnJoWX3jSXpesXiZF5wA2hW41uwBp3hAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUxOVwyniMD+KrbtBdFz02lX+KZm8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3hPVnd5bmlNRC1LcmJ0
QmRGejAybFgtS1ptOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCooJyQ
QDVukmznC/Xv0oO/3XKcONLCHuQC1MU5O7vZuME8wnBsh6NQa5UDtrYROZShMwhz
wbcyHwRdj/AIomfvlEXRiE+kNEnLy1KL23KMkpEP5q7QAIhHDhj1s/LUszwvHCWY
DYHZCEXMYZNmj6Epk5UqIIMKwR6JRLKBkze3mB2rSlgE0CiDKHKk7RKyCzz/JMnR
Wtkk+2ZQZSFkdBjIM0FFs0ZRnW0x9d5SLmvLyuYXK4fGP8EvgFcivSNUClLOUB4x
1s4hO5mJTNjmjfIF3IujtOZJABOBil7vtv327MUupZ64Z31ZbEegt7/OnR//Alfw
SpWvkEyP9HOFv3ra
-----END CERTIFICATE-----
Generated at Sun Jun 22 01:04:44 2025 by rpki-client