Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/zcHPAY2Rp7i81XZFzyO3F_V22bU.roa
File: zcHPAY2Rp7i81XZFzyO3F_V22bU.roa (raw, json)
Hash identifier: v8Yhg7bwSJNSwRHcQ9OFFF4/J3ocTq8UWcEaCTvyu1E=
Subject key identifier: CD:C1:CF:01:8D:91:A7:B8:BC:D5:76:45:CF:23:B7:17:F5:76:D9:B5
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 689A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zcHPAY2Rp7i81XZFzyO3F_V22bU.roa
Signing time: Fri 06 Jun 2025 00:41:46 +0000
ROA not before: Fri 06 Jun 2025 00:41:46 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26778 (0x689a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 6 00:41:46 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=CDC1CF018D91A7B8BCD57645CF23B717F576D9B5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:ff:a3:00:ff:b7:0d:a2:33:11:0b:af:ce:e7:
77:60:c1:ff:b0:d9:1b:13:d6:1e:76:ce:67:97:47:
8d:70:63:51:f4:ac:1c:f3:b8:08:0c:8e:ef:a6:b7:
de:c4:d0:9a:28:2e:2a:59:fd:79:39:03:72:32:32:
fb:ee:50:f4:33:b7:e1:52:46:98:e8:54:14:5d:b7:
9d:77:3e:30:32:c8:2e:36:44:dd:00:57:47:0b:2c:
c7:32:7e:fb:d1:ac:f5:8d:15:fa:73:3b:90:2c:65:
f2:e7:d0:8e:33:63:f6:8a:f8:af:24:d7:98:1f:c3:
60:a2:18:0d:79:ed:bd:39:ba:38:73:90:14:c2:d1:
9d:9e:c6:fa:18:ec:61:07:aa:c1:1e:21:9c:bb:8b:
98:ca:c3:35:43:e5:ef:a7:63:f7:0e:1d:46:20:6e:
ec:67:d0:bd:50:3c:59:10:39:bb:31:bc:b9:99:f5:
25:55:0a:29:57:2d:42:c6:24:e0:37:f4:e5:1e:ed:
41:a2:42:09:24:cd:2a:c9:50:ac:45:3c:8d:6e:a2:
0b:50:da:bc:a3:af:4e:a3:92:c4:d5:24:e7:06:b9:
b0:40:cb:7e:ff:72:f0:30:58:2e:2c:3e:28:34:a7:
ee:f3:06:f6:5a:31:09:22:c0:79:b4:53:48:5a:3f:
c3:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:C1:CF:01:8D:91:A7:B8:BC:D5:76:45:CF:23:B7:17:F5:76:D9:B5
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zcHPAY2Rp7i81XZFzyO3F_V22bU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
9f:55:bb:73:e6:2b:86:5d:1c:85:04:3b:74:a8:27:1f:57:f6:
88:07:48:4a:46:7a:45:93:f9:ac:7e:a3:60:f9:dd:43:fa:cd:
b1:6f:f8:d0:a1:55:be:64:03:d3:fe:47:86:4f:be:b6:75:e9:
f6:50:f4:38:c4:f0:03:dc:05:7f:e7:06:7a:4a:f9:0a:0b:45:
71:1e:7b:6c:b0:a7:82:d0:3d:61:fb:36:5f:0c:8b:a2:fa:64:
f7:bc:31:90:8a:ae:44:64:93:6a:99:bd:41:3a:f5:6e:c1:b3:
8f:7a:d9:3a:e9:99:51:72:47:e5:9c:0c:5b:c2:d8:89:aa:8d:
77:a9:19:7b:fc:7d:ff:e8:8c:f4:ef:2a:04:8b:d8:8b:8d:1d:
0c:90:dc:98:51:b6:1c:13:60:a6:ff:09:de:45:2c:87:13:61:
bc:6d:fa:c7:16:9c:b8:67:c7:8a:56:f5:25:a5:52:84:30:0f:
c0:44:30:95:13:0f:fb:9e:2e:c6:0e:1a:54:c3:ec:76:41:4d:
d4:f6:3c:d0:12:e8:cd:bb:05:51:37:7f:3d:c9:f7:0f:1d:57:
b0:54:ac:d0:d4:c9:8a:77:a4:8d:3f:17:56:37:a5:0b:62:ab:
2a:62:90:35:b3:d0:ed:49:9e:6c:b8:b8:62:d3:30:d3:9e:1d:
5a:70:d5:ac
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICaJowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDYw
MDQxNDZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKENEQzFDRjAxOEQ5MUE3
QjhCQ0Q1NzY0NUNGMjNCNzE3RjU3NkQ5QjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDF/6MA/7cNojMRC6/O53dgwf+w2RsT1h52zmeXR41wY1H0rBzz
uAgMju+mt97E0JooLipZ/Xk5A3IyMvvuUPQzt+FSRpjoVBRdt513PjAyyC42RN0A
V0cLLMcyfvvRrPWNFfpzO5AsZfLn0I4zY/aK+K8k15gfw2CiGA157b05ujhzkBTC
0Z2exvoY7GEHqsEeIZy7i5jKwzVD5e+nY/cOHUYgbuxn0L1QPFkQObsxvLmZ9SVV
CilXLULGJOA39OUe7UGiQgkkzSrJUKxFPI1uogtQ2ryjr06jksTVJOcGubBAy37/
cvAwWC4sPig0p+7zBvZaMQkiwHm0U0haP8PXAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUzcHPAY2Rp7i81XZFzyO3F/V22bUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3pjSFBBWTJScDdpODFY
WkZ6eU8zRl9WMjJiVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCfVbtz
5iuGXRyFBDt0qCcfV/aIB0hKRnpFk/msfqNg+d1D+s2xb/jQoVW+ZAPT/keGT762
den2UPQ4xPAD3AV/5wZ6SvkKC0VxHntssKeC0D1h+zZfDIui+mT3vDGQiq5EZJNq
mb1BOvVuwbOPetk66ZlRckflnAxbwtiJqo13qRl7/H3/6Iz07yoEi9iLjR0MkNyY
UbYcE2Cm/wneRSyHE2G8bfrHFpy4Z8eKVvUlpVKEMA/ARDCVEw/7ni7GDhpUw+x2
QU3U9jzQEujNuwVRN389yfcPHVewVKzQ1MmKd6SNPxdWN6ULYqsqYpA1s9DtSZ5s
uLhi0zDTnh1acNWs
-----END CERTIFICATE-----
Generated at Sun Jun 22 10:40:23 2025 by rpki-client