Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/3xVz2VfvHpvicjL3LdXIgD2fD2I.roa
File: 3xVz2VfvHpvicjL3LdXIgD2fD2I.roa (raw, json)
Hash identifier: Yr8rJ2fZI1kDev2xDscnZ2Bm9dFOk9utgPfQOZnTnmY=
Subject key identifier: DF:15:73:D9:57:EF:1E:9B:E2:72:32:F7:2D:D5:C8:80:3D:9F:0F:62
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6232
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3xVz2VfvHpvicjL3LdXIgD2fD2I.roa
Signing time: Mon 19 May 2025 22:40:40 +0000
ROA not before: Mon 19 May 2025 22:40:40 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25138 (0x6232)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 19 22:40:40 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=DF1573D957EF1E9BE27232F72DD5C8803D9F0F62
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:8b:38:2a:07:e1:58:53:8b:4e:dc:e7:68:15:
25:14:6f:b1:3e:d5:7f:d3:81:56:14:3d:67:fb:30:
c8:71:87:4b:7e:c1:f3:e2:ca:12:eb:c8:15:cc:f1:
00:04:7b:13:bc:08:eb:ce:1a:70:c8:e6:29:30:75:
e4:81:01:e8:fc:57:ff:60:52:31:dc:e6:42:2e:a7:
3c:24:3c:d4:29:26:e6:34:13:e0:59:9e:3f:83:b8:
61:be:b0:c8:b9:2b:e6:88:74:3c:c8:c5:db:5c:fe:
9e:bb:9e:c9:bf:82:77:4d:19:ad:d7:be:47:76:4c:
7e:cc:20:bb:a1:86:33:cf:84:ef:9d:31:fa:f1:2c:
17:0f:e7:4e:20:f8:3f:95:3e:60:10:8e:0a:1b:3c:
a7:ab:eb:2c:58:a0:84:a7:0e:d7:8b:4e:65:bd:12:
ed:46:32:a8:ae:d2:28:23:2b:13:ed:bb:52:94:0d:
a8:bd:d9:71:a0:aa:7c:39:09:99:36:53:5d:38:3f:
ff:a5:e2:15:06:51:88:c3:8c:0a:ae:9d:90:ac:86:
ef:e6:a2:eb:23:45:b8:c0:15:2e:4d:22:00:f8:5d:
7c:58:06:64:d2:19:60:ef:cd:80:19:6b:5a:32:0c:
16:84:7d:df:12:08:a9:61:6d:02:5e:cf:e3:44:7e:
f8:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:15:73:D9:57:EF:1E:9B:E2:72:32:F7:2D:D5:C8:80:3D:9F:0F:62
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3xVz2VfvHpvicjL3LdXIgD2fD2I.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
a1:c2:a8:ad:22:67:e8:30:6f:42:8a:84:c6:39:f9:10:79:fb:
72:d2:b4:bf:56:96:61:d9:5f:5c:a7:45:99:d7:2c:55:0c:d8:
6d:93:43:b8:48:0f:58:e6:b5:c5:fc:86:69:fc:c1:a7:4b:3c:
df:e1:ea:74:34:3c:d3:4e:70:96:f5:d7:8a:51:52:33:5d:79:
e0:78:03:b5:1c:8d:f8:6f:4a:3e:b6:63:70:ba:9f:70:92:92:
03:41:f0:9f:81:37:77:d2:05:2c:19:9c:a3:0a:4b:fe:10:ef:
b4:f5:d3:be:4a:fc:2a:92:7d:1e:c2:06:0a:03:cc:8d:94:8b:
39:93:77:66:8d:ff:42:70:91:c1:d8:74:af:64:1d:78:80:a3:
86:84:55:ae:8c:15:58:2b:1c:b9:16:0d:36:58:f6:18:7b:5d:
b7:26:3a:33:81:77:8b:02:77:b2:a0:1d:6f:d1:6c:17:b2:f6:
0b:ad:c3:28:2d:71:8a:16:60:40:98:cf:db:06:4a:72:c9:d6:
d8:a2:d9:1a:7b:a3:1a:1a:97:1a:61:fc:a8:39:4c:97:0c:d9:
cc:2b:07:b7:20:30:a8:bd:f6:8e:1c:d1:a0:f6:a4:62:11:ac:
3e:1c:f7:aa:c7:42:17:cc:e3:da:c3:29:c5:24:37:6c:83:72:
ef:fe:18:e8
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYjIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTky
MjQwNDBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKERGMTU3M0Q5NTdFRjFF
OUJFMjcyMzJGNzJERDVDODgwM0Q5RjBGNjIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/izgqB+FYU4tO3OdoFSUUb7E+1X/TgVYUPWf7MMhxh0t+wfPi
yhLryBXM8QAEexO8COvOGnDI5ikwdeSBAej8V/9gUjHc5kIupzwkPNQpJuY0E+BZ
nj+DuGG+sMi5K+aIdDzIxdtc/p67nsm/gndNGa3Xvkd2TH7MILuhhjPPhO+dMfrx
LBcP504g+D+VPmAQjgobPKer6yxYoISnDteLTmW9Eu1GMqiu0igjKxPtu1KUDai9
2XGgqnw5CZk2U104P/+l4hUGUYjDjAqunZCshu/mousjRbjAFS5NIgD4XXxYBmTS
GWDvzYAZa1oyDBaEfd8SCKlhbQJez+NEfvjlAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU3xVz2VfvHpvicjL3LdXIgD2fD2IwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzN4VnoyVmZ2SHB2aWNq
TDNMZFhJZ0QyZkQySS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQChwqit
ImfoMG9CioTGOfkQefty0rS/VpZh2V9cp0WZ1yxVDNhtk0O4SA9Y5rXF/IZp/MGn
Szzf4ep0NDzTTnCW9deKUVIzXXngeAO1HI34b0o+tmNwup9wkpIDQfCfgTd30gUs
GZyjCkv+EO+09dO+Svwqkn0ewgYKA8yNlIs5k3dmjf9CcJHB2HSvZB14gKOGhFWu
jBVYKxy5Fg02WPYYe123JjozgXeLAneyoB1v0WwXsvYLrcMoLXGKFmBAmM/bBkpy
ydbYotkae6MaGpcaYfyoOUyXDNnMKwe3IDCovfaOHNGg9qRiEaw+HPeqx0IXzOPa
wynFJDdsg3Lv/hjo
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:55:40 2025 by rpki-client