Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/3P99SMylid7I-ypHFfR9QoFhJ1o.roa
File: 3P99SMylid7I-ypHFfR9QoFhJ1o.roa (raw, json)
Hash identifier: AFbu/L/4CdhiK5L5w0//U0HDa4X8xM1WVRUnb5YFiJk=
Subject key identifier: DC:FF:7D:48:CC:A5:89:DE:C8:FB:2A:47:15:F4:7D:42:81:61:27:5A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 63F4
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3P99SMylid7I-ypHFfR9QoFhJ1o.roa
Signing time: Sat 24 May 2025 15:11:58 +0000
ROA not before: Sat 24 May 2025 15:11:58 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25588 (0x63f4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 24 15:11:58 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=DCFF7D48CCA589DEC8FB2A4715F47D428161275A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:80:03:40:2a:3b:0e:26:96:44:21:8b:d1:ec:
99:11:00:1b:1a:4d:74:e6:a7:58:b6:e4:f0:f0:2e:
dc:90:58:50:9d:b2:a1:bd:d6:cf:9e:13:91:3d:6f:
5a:51:1b:3d:b7:f3:29:6c:84:00:84:4c:2b:6d:f5:
7a:f7:79:07:4d:ad:f8:41:df:76:0f:13:f5:a0:bb:
ab:7a:19:2c:59:44:eb:15:d9:79:e9:a2:2b:e5:29:
82:28:18:e5:e7:df:69:e6:0f:ee:1e:88:4b:85:48:
35:06:2f:1f:45:32:03:c3:98:9b:dc:bc:a9:5e:14:
06:d9:c9:09:28:18:b5:77:fe:cb:3a:95:cd:a1:f0:
f6:37:ab:dc:28:9e:3c:60:60:9b:a4:ae:2f:8f:ef:
00:99:23:b9:d4:02:95:85:c2:f8:66:5c:02:0f:91:
cc:4e:bc:8f:25:5a:e9:88:ad:4f:7f:cf:dc:d4:61:
d2:9e:1b:1e:ba:6f:e2:f0:23:1e:6b:07:b7:af:25:
ce:bc:b5:b5:72:88:60:ca:a4:25:6c:f2:f7:58:35:
15:1a:44:da:e7:b0:07:db:71:bb:d8:80:6a:3e:fa:
2a:bf:6c:ff:48:84:cb:4e:4c:ef:d5:21:ef:c5:4f:
2f:d6:a5:59:dc:3e:d1:30:07:bd:0f:b9:02:b8:fd:
3c:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:FF:7D:48:CC:A5:89:DE:C8:FB:2A:47:15:F4:7D:42:81:61:27:5A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3P99SMylid7I-ypHFfR9QoFhJ1o.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
8f:e4:4b:b1:59:4d:35:8b:67:2a:a4:8d:ff:08:4c:89:59:81:
9e:cb:c1:8c:68:c3:fc:fb:be:84:fe:1c:f8:8b:60:80:81:b3:
2d:5e:87:2a:2b:70:c8:62:a2:46:2c:70:72:0b:83:bc:22:c8:
00:1d:c5:4e:c4:4a:c6:0a:ab:ce:53:0c:f0:f2:95:22:bc:30:
19:a9:84:c0:ec:a8:eb:af:c8:61:77:1f:ed:bc:f6:f1:9e:6e:
f1:91:a6:c2:0c:e4:aa:23:d3:da:bf:e7:89:f3:10:b3:87:09:
d8:dd:bc:6e:2f:f7:41:16:35:bf:c3:57:f9:5a:c5:c5:6c:e2:
9d:b6:20:fc:27:68:54:bf:f1:7b:8d:52:61:86:b7:3b:cd:66:
b2:30:61:39:9b:23:3c:1c:68:24:ff:6a:47:5d:fd:f6:e6:49:
89:df:26:fd:8f:3b:de:1a:e3:16:db:6c:96:cb:1d:f1:5e:e8:
a0:19:c0:1b:2b:ea:06:2c:15:a2:63:50:1c:be:49:6e:64:61:
87:21:f3:ed:e7:4d:93:ca:6a:89:c6:7c:d5:01:ec:06:f6:18:
bd:81:27:0a:09:de:20:51:9e:dd:53:99:df:d0:25:27:16:0a:
e3:54:f1:5e:ad:20:81:d7:b0:ad:8a:8f:7f:e4:c7:5c:fa:75:
b0:39:3b:68
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICY/QwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjQx
NTExNThaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKERDRkY3RDQ4Q0NBNTg5
REVDOEZCMkE0NzE1RjQ3RDQyODE2MTI3NUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCzgANAKjsOJpZEIYvR7JkRABsaTXTmp1i25PDwLtyQWFCdsqG9
1s+eE5E9b1pRGz238ylshACETCtt9Xr3eQdNrfhB33YPE/Wgu6t6GSxZROsV2Xnp
oivlKYIoGOXn32nmD+4eiEuFSDUGLx9FMgPDmJvcvKleFAbZyQkoGLV3/ss6lc2h
8PY3q9wonjxgYJukri+P7wCZI7nUApWFwvhmXAIPkcxOvI8lWumIrU9/z9zUYdKe
Gx66b+LwIx5rB7evJc68tbVyiGDKpCVs8vdYNRUaRNrnsAfbcbvYgGo++iq/bP9I
hMtOTO/VIe/FTy/WpVncPtEwB70PuQK4/TwxAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU3P99SMylid7I+ypHFfR9QoFhJ1owHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzNQOTlTTXlsaWQ3SS15
cEhGZlI5UW9GaEoxby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCP5Eux
WU01i2cqpI3/CEyJWYGey8GMaMP8+76E/hz4i2CAgbMtXocqK3DIYqJGLHByC4O8
IsgAHcVOxErGCqvOUwzw8pUivDAZqYTA7Kjrr8hhdx/tvPbxnm7xkabCDOSqI9Pa
v+eJ8xCzhwnY3bxuL/dBFjW/w1f5WsXFbOKdtiD8J2hUv/F7jVJhhrc7zWayMGE5
myM8HGgk/2pHXf325kmJ3yb9jzveGuMW22yWyx3xXuigGcAbK+oGLBWiY1Acvklu
ZGGHIfPt502TymqJxnzVAewG9hi9gScKCd4gUZ7dU5nf0CUnFgrjVPFerSCB17Ct
io9/5Mdc+nWwOTto
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:23:18 2025 by rpki-client