Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/zOLhNxC-cnAb3_J_-nwhpJlR4iQ.roa
File: zOLhNxC-cnAb3_J_-nwhpJlR4iQ.roa (raw, json)
Hash identifier: 6L2oK4XBUba5vVZL91OXcLA7o+HHDWhTwBKKjk4VGoM=
Subject key identifier: CC:E2:E1:37:10:BE:72:70:1B:DF:F2:7F:FA:7C:21:A4:99:51:E2:24
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6198
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zOLhNxC-cnAb3_J_-nwhpJlR4iQ.roa
Signing time: Sun 18 May 2025 08:10:55 +0000
ROA not before: Sun 18 May 2025 08:10:55 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24984 (0x6198)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 18 08:10:55 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=CCE2E13710BE72701BDFF27FFA7C21A49951E224
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:e6:21:f5:59:82:54:86:ef:19:06:c0:79:7c:
e3:8f:b0:02:66:0a:97:27:7b:f0:2b:a6:4f:fe:11:
1d:56:d4:fd:97:c5:43:00:75:8b:e6:12:43:04:1d:
79:58:44:29:24:eb:9c:0c:87:3d:4b:c4:75:66:1a:
13:9a:ea:1b:f0:89:a0:a5:bb:20:ea:82:8c:16:7b:
c4:ae:d5:96:66:9a:ed:07:e9:c9:30:62:b9:60:df:
55:5e:38:b1:12:3b:84:aa:35:57:8e:19:7c:be:88:
b7:f8:61:90:b7:45:dd:36:06:66:08:76:db:96:75:
2e:0c:61:b2:1d:af:df:40:f6:7c:d6:ea:de:77:aa:
9d:b6:20:4e:9f:62:23:b7:81:8b:59:17:87:2a:e7:
ea:f5:2c:35:39:34:b5:dd:6c:f2:39:c0:f5:3e:1e:
c3:fa:9f:14:b2:dc:50:58:15:ab:4a:04:56:68:3e:
d6:e9:8c:2f:4c:fc:12:43:39:cf:73:2d:27:69:74:
91:da:a8:65:0f:4e:73:6f:57:c0:65:e4:25:b8:57:
32:7d:bb:cf:bd:ff:a3:20:6b:d3:a5:58:b6:73:30:
ef:cd:9a:55:0c:a2:66:61:d5:9e:50:98:c6:3f:2d:
2d:97:f2:67:cf:98:41:4c:dc:89:c1:68:b6:9e:1e:
05:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:E2:E1:37:10:BE:72:70:1B:DF:F2:7F:FA:7C:21:A4:99:51:E2:24
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zOLhNxC-cnAb3_J_-nwhpJlR4iQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
9c:79:25:e6:f2:cb:a6:5b:ef:9c:4b:61:18:69:7c:ef:91:90:
da:4e:c9:19:66:d1:c1:2a:7c:b6:f8:b9:b5:e6:5b:09:76:ad:
2f:10:39:66:5e:a9:a7:a0:e4:05:dc:e8:7a:81:0a:6a:97:1e:
a3:92:79:8c:aa:cc:d4:81:f6:d5:a3:7a:d2:e9:c4:79:b1:d5:
82:b7:41:29:21:91:39:e8:1e:d7:29:0b:7a:4c:38:82:34:ec:
77:6b:40:a3:8b:0a:22:89:63:98:89:35:11:5d:02:3b:82:a4:
8b:26:d8:ff:70:36:d3:44:dc:c5:50:98:5d:db:d2:73:a6:6c:
b4:bf:09:04:9b:93:69:5f:a3:12:5e:f1:9f:66:38:0d:c2:d4:
54:90:f7:ff:06:3a:b3:9a:69:cc:0b:8d:fe:05:71:ac:28:d0:
ca:12:64:7c:9c:09:9a:79:e7:8e:0d:eb:65:86:6d:9a:82:0d:
85:09:3d:58:6e:ce:92:3a:b0:bd:34:5b:f1:0d:77:40:9a:6e:
65:cc:46:08:7a:3d:50:7b:9d:2c:52:d9:5c:f6:50:a4:f3:50:
11:79:fb:03:9c:51:b0:e5:8c:0b:9c:1f:1f:22:53:6d:5c:b5:
71:e6:cc:6b:2b:83:a4:89:72:ad:01:0d:86:dd:30:60:6c:1e:
ae:f0:fa:f5
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYZgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTgw
ODEwNTVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKENDRTJFMTM3MTBCRTcy
NzAxQkRGRjI3RkZBN0MyMUE0OTk1MUUyMjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC95iH1WYJUhu8ZBsB5fOOPsAJmCpcne/Arpk/+ER1W1P2XxUMA
dYvmEkMEHXlYRCkk65wMhz1LxHVmGhOa6hvwiaCluyDqgowWe8Su1ZZmmu0H6ckw
Yrlg31VeOLESO4SqNVeOGXy+iLf4YZC3Rd02BmYIdtuWdS4MYbIdr99A9nzW6t53
qp22IE6fYiO3gYtZF4cq5+r1LDU5NLXdbPI5wPU+HsP6nxSy3FBYFatKBFZoPtbp
jC9M/BJDOc9zLSdpdJHaqGUPTnNvV8Bl5CW4VzJ9u8+9/6Mga9OlWLZzMO/NmlUM
omZh1Z5QmMY/LS2X8mfPmEFM3InBaLaeHgVrAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUzOLhNxC+cnAb3/J/+nwhpJlR4iQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3pPTGhOeEMtY25BYjNf
Sl8tbndocEpsUjRpUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCceSXm
8sumW++cS2EYaXzvkZDaTskZZtHBKny2+Lm15lsJdq0vEDlmXqmnoOQF3Oh6gQpq
lx6jknmMqszUgfbVo3rS6cR5sdWCt0EpIZE56B7XKQt6TDiCNOx3a0CjiwoiiWOY
iTURXQI7gqSLJtj/cDbTRNzFUJhd29Jzpmy0vwkEm5NpX6MSXvGfZjgNwtRUkPf/
BjqzmmnMC43+BXGsKNDKEmR8nAmaeeeODetlhm2agg2FCT1Ybs6SOrC9NFvxDXdA
mm5lzEYIej1Qe50sUtlc9lCk81ARefsDnFGw5YwLnB8fIlNtXLVx5sxrK4OkiXKt
AQ2G3TBgbB6u8Pr1
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:11:55 2025 by rpki-client