Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/0DbKMItrLFMHPAU3GT-LMHpWGAw.roa
File: 0DbKMItrLFMHPAU3GT-LMHpWGAw.roa (raw, json)
Hash identifier: Og8w/s3nMrHul2Fi2LwBxoai5bJpj1IEflPNfcCKU2Q=
Subject key identifier: D0:36:CA:30:8B:6B:2C:53:07:3C:05:37:19:3F:8B:30:7A:56:18:0C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 647C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0DbKMItrLFMHPAU3GT-LMHpWGAw.roa
Signing time: Mon 26 May 2025 01:11:00 +0000
ROA not before: Mon 26 May 2025 01:11:00 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25724 (0x647c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 26 01:11:00 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=D036CA308B6B2C53073C0537193F8B307A56180C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:bc:19:ee:fe:97:62:41:8a:5c:ec:52:44:fa:
f0:df:e6:f6:f7:68:30:ca:6d:0e:9b:67:bf:10:8e:
86:80:70:60:89:57:1e:37:7e:3f:be:94:96:81:73:
c2:b9:15:9f:2b:8d:74:e1:de:4a:a3:81:9d:be:5b:
54:ee:73:ed:a3:75:d3:44:47:b1:1b:d6:bd:41:af:
8b:a1:62:14:90:51:19:53:2d:22:a7:70:8c:18:d5:
dc:8f:84:d4:1c:e2:be:d0:23:50:db:1a:38:25:dd:
47:46:46:cc:ff:4d:0b:86:9d:3b:04:c1:2f:b0:cf:
1a:79:2e:c9:96:8f:cd:2a:63:ca:b1:51:7e:07:19:
a9:fa:ef:97:76:e1:40:67:d7:3b:1f:0b:23:74:7a:
d7:e0:56:fa:03:cf:8e:83:41:cf:88:f4:e1:7f:c5:
01:43:f2:d4:e1:96:0f:f9:f6:28:12:84:1e:8d:0e:
a3:ef:55:29:c3:96:97:cb:65:d9:05:4a:25:e2:26:
ab:a0:d9:6f:3b:4c:b1:e8:94:4a:7a:7d:be:d2:3b:
e9:35:4c:ba:ac:7b:9c:1f:12:c1:08:21:20:19:ca:
18:4e:eb:26:9a:eb:9b:fa:9b:ee:e0:0e:7a:af:2a:
56:01:0f:bc:db:1f:a5:f5:21:d0:ee:ff:b4:09:b5:
01:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:36:CA:30:8B:6B:2C:53:07:3C:05:37:19:3F:8B:30:7A:56:18:0C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0DbKMItrLFMHPAU3GT-LMHpWGAw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
47:82:25:fd:0a:c5:01:ef:bd:f6:0b:49:19:a6:87:3e:0b:b7:
50:5e:61:c4:35:c4:b4:ae:bd:26:38:3b:77:0f:91:7c:e4:7b:
9b:6a:44:b1:1a:da:40:7e:c1:80:fc:8a:fb:94:e5:50:21:da:
6d:b6:a7:68:5c:2b:51:6e:e2:b6:06:aa:c6:26:9c:1e:c5:a9:
11:79:b7:a6:ef:05:62:16:13:62:59:15:b2:91:1c:6f:8c:15:
34:79:9d:cb:9d:b5:d6:6e:20:ad:66:fb:38:03:38:09:7b:68:
d4:c8:6a:5a:a9:c8:d2:3f:d8:a0:11:65:04:8e:95:06:1d:d6:
40:76:8f:02:95:a4:58:08:21:a1:bb:8f:7f:22:cd:2e:de:ed:
72:f9:84:cf:5b:a7:f1:41:21:96:26:65:ae:84:e7:73:2c:20:
be:a8:82:75:5a:2f:c1:86:8a:c5:e9:91:80:84:fb:45:9f:1a:
5e:1e:45:07:3a:10:07:c6:3d:44:ee:6b:cb:d4:10:79:1b:84:
24:e7:6b:2f:82:22:ac:4d:b5:2e:ec:c6:66:96:de:8f:2d:5d:
9a:fa:3f:a4:90:8e:8a:a0:6b:78:00:5c:a2:38:a7:50:53:5c:
84:a2:6a:e6:a5:7e:00:5a:ad:7e:b6:05:a4:d8:b6:fe:db:61:
a7:e2:61:40
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZHwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjYw
MTExMDBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEQwMzZDQTMwOEI2QjJD
NTMwNzNDMDUzNzE5M0Y4QjMwN0E1NjE4MEMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/vBnu/pdiQYpc7FJE+vDf5vb3aDDKbQ6bZ78QjoaAcGCJVx43
fj++lJaBc8K5FZ8rjXTh3kqjgZ2+W1Tuc+2jddNER7Eb1r1Br4uhYhSQURlTLSKn
cIwY1dyPhNQc4r7QI1DbGjgl3UdGRsz/TQuGnTsEwS+wzxp5LsmWj80qY8qxUX4H
Gan675d24UBn1zsfCyN0etfgVvoDz46DQc+I9OF/xQFD8tThlg/59igShB6NDqPv
VSnDlpfLZdkFSiXiJqug2W87TLHolEp6fb7SO+k1TLqse5wfEsEIISAZyhhO6yaa
65v6m+7gDnqvKlYBD7zbH6X1IdDu/7QJtQHXAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU0DbKMItrLFMHPAU3GT+LMHpWGAwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzBEYktNSXRyTEZNSFBB
VTNHVC1MTUhwV0dBdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBHgiX9
CsUB7732C0kZpoc+C7dQXmHENcS0rr0mODt3D5F85HubakSxGtpAfsGA/Ir7lOVQ
IdpttqdoXCtRbuK2BqrGJpwexakRebem7wViFhNiWRWykRxvjBU0eZ3LnbXWbiCt
Zvs4AzgJe2jUyGpaqcjSP9igEWUEjpUGHdZAdo8ClaRYCCGhu49/Is0u3u1y+YTP
W6fxQSGWJmWuhOdzLCC+qIJ1Wi/BhorF6ZGAhPtFnxpeHkUHOhAHxj1E7mvL1BB5
G4Qk52svgiKsTbUu7MZmlt6PLV2a+j+kkI6KoGt4AFyiOKdQU1yEomrmpX4AWq1+
tgWk2Lb+22Gn4mFA
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:01:46 2025 by rpki-client