Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/1Z0xjkgc4DmkkXxE08vVXkCpMXQ.roa
File: 1Z0xjkgc4DmkkXxE08vVXkCpMXQ.roa (raw, json)
Hash identifier: gQF87SFe8LBsal/2yCNl56b34CLE3SG7fBEHEm+ruiw=
Subject key identifier: D5:9D:31:8E:48:1C:E0:39:A4:91:7C:44:D3:CB:D5:5E:40:A9:31:74
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 62A2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1Z0xjkgc4DmkkXxE08vVXkCpMXQ.roa
Signing time: Wed 21 May 2025 02:56:22 +0000
ROA not before: Wed 21 May 2025 02:56:22 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25250 (0x62a2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 21 02:56:22 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=D59D318E481CE039A4917C44D3CBD55E40A93174
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:da:f1:0c:31:75:2d:4f:31:0d:36:92:e7:cd:
8f:f1:57:2c:73:71:99:1e:c5:76:6d:5c:df:68:8c:
3c:cd:2d:58:ae:10:ee:ff:07:99:87:bc:82:08:20:
6c:a1:4e:81:86:70:88:83:c1:a3:98:5e:11:92:68:
c8:48:3e:21:96:3d:51:d9:1f:2b:ad:0c:10:96:ee:
ca:74:59:b1:8f:85:3c:06:3b:b6:c3:af:e8:85:10:
4f:5a:45:fc:73:c1:fe:03:de:1e:0c:e3:f2:af:27:
b5:2f:27:53:f5:e4:48:b9:14:bd:48:a6:6f:34:2b:
99:1c:ee:95:8c:1d:dc:3f:13:f8:96:cf:7c:18:67:
95:ca:5a:0a:31:15:db:97:d6:9d:3e:1b:ed:7a:b3:
ff:c5:54:7a:d3:7c:ef:49:fb:d4:74:30:cb:0e:91:
e3:82:ac:97:60:f6:2f:9b:0d:92:d2:ca:9d:3f:22:
e8:21:82:8c:04:6d:0c:39:83:af:ce:2c:df:06:6e:
b5:41:3d:86:85:03:5b:b6:1d:ce:39:2c:02:cb:9f:
7f:47:cd:28:c8:9b:7e:02:a9:04:b2:41:12:b4:9f:
e6:9d:05:28:92:fa:b4:90:6d:e3:45:f8:9e:da:e8:
e2:91:23:24:1a:07:01:b5:b9:24:99:a0:24:87:d0:
75:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:9D:31:8E:48:1C:E0:39:A4:91:7C:44:D3:CB:D5:5E:40:A9:31:74
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1Z0xjkgc4DmkkXxE08vVXkCpMXQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
25:bf:08:64:09:4a:44:9b:89:6a:14:81:61:7a:c2:c1:bc:0f:
88:40:11:c2:03:7a:8a:04:91:34:39:72:cd:8e:7a:68:82:5e:
e5:99:66:54:50:cc:40:68:ed:ff:01:82:44:a9:2d:96:ac:d4:
92:45:2f:59:af:9c:81:ab:36:fb:51:b1:95:61:9c:66:c9:18:
d5:33:de:e1:34:01:81:22:93:b7:ff:cd:fa:65:39:ba:61:90:
23:8b:1e:4d:57:74:50:35:0d:20:4e:1f:eb:d3:73:df:0e:da:
ee:4a:bb:d0:b2:af:49:7d:c9:27:e2:54:dd:89:19:5e:02:16:
96:1b:8b:f9:f5:35:4f:56:7b:d3:15:70:31:3b:c3:bb:9f:7e:
ed:28:c2:6a:97:f4:38:1d:fd:22:57:e1:51:df:39:88:b0:d9:
b3:a3:3a:68:db:9a:35:a1:b2:d8:28:d7:64:d7:85:ae:53:95:
8f:7e:39:e5:e1:ba:c6:e8:e1:ba:79:91:00:f1:60:db:19:0f:
a5:24:9f:c4:7e:c2:b1:51:dc:76:08:fe:8a:1b:c8:ce:71:de:
a6:1b:ce:84:b4:b7:81:b7:ab:c1:65:ab:fd:9d:d6:d7:f6:f9:
7f:d2:32:95:b1:25:c2:2a:a2:40:be:40:a3:3d:44:8b:c6:66:
70:76:37:f2
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYqIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjEw
MjU2MjJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEQ1OUQzMThFNDgxQ0Uw
MzlBNDkxN0M0NEQzQ0JENTVFNDBBOTMxNzQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCe2vEMMXUtTzENNpLnzY/xVyxzcZkexXZtXN9ojDzNLViuEO7/
B5mHvIIIIGyhToGGcIiDwaOYXhGSaMhIPiGWPVHZHyutDBCW7sp0WbGPhTwGO7bD
r+iFEE9aRfxzwf4D3h4M4/KvJ7UvJ1P15Ei5FL1Ipm80K5kc7pWMHdw/E/iWz3wY
Z5XKWgoxFduX1p0+G+16s//FVHrTfO9J+9R0MMsOkeOCrJdg9i+bDZLSyp0/Iugh
gowEbQw5g6/OLN8GbrVBPYaFA1u2Hc45LALLn39HzSjIm34CqQSyQRK0n+adBSiS
+rSQbeNF+J7a6OKRIyQaBwG1uSSZoCSH0HVPAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU1Z0xjkgc4DmkkXxE08vVXkCpMXQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzFaMHhqa2djNERta2tY
eEUwOHZWWGtDcE1YUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAlvwhk
CUpEm4lqFIFhesLBvA+IQBHCA3qKBJE0OXLNjnpogl7lmWZUUMxAaO3/AYJEqS2W
rNSSRS9Zr5yBqzb7UbGVYZxmyRjVM97hNAGBIpO3/836ZTm6YZAjix5NV3RQNQ0g
Th/r03PfDtruSrvQsq9Jfckn4lTdiRleAhaWG4v59TVPVnvTFXAxO8O7n37tKMJq
l/Q4Hf0iV+FR3zmIsNmzozpo25o1obLYKNdk14WuU5WPfjnl4brG6OG6eZEA8WDb
GQ+lJJ/EfsKxUdx2CP6KG8jOcd6mG86EtLeBt6vBZav9ndbX9vl/0jKVsSXCKqJA
vkCjPUSLxmZwdjfy
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:14:29 2025 by rpki-client