Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/72xcGZXOOezulKg04QLkv_9-fJs.roa
File: 72xcGZXOOezulKg04QLkv_9-fJs.roa (raw, json)
Hash identifier: 2ptG77Kt5RzNKQbRB4E6vnlIks8Oq/Co01X4l7cObrQ=
Subject key identifier: EF:6C:5C:19:95:CE:39:EC:EE:94:A8:34:E1:02:E4:BF:FF:7E:7C:9B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6640
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/72xcGZXOOezulKg04QLkv_9-fJs.roa
Signing time: Fri 30 May 2025 18:11:36 +0000
ROA not before: Fri 30 May 2025 18:11:36 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26176 (0x6640)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 30 18:11:36 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=EF6C5C1995CE39ECEE94A834E102E4BFFF7E7C9B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:9c:2b:c7:4c:df:61:ab:c2:be:40:15:0f:2b:
0d:d7:97:c1:53:74:9f:cf:79:bd:da:5b:9a:6e:62:
cb:41:25:b7:d9:9b:64:6f:76:e1:72:5d:f2:95:92:
99:1f:e9:d9:14:b9:a0:bc:cf:e1:07:ad:b7:61:48:
fb:b1:77:c6:02:d8:c5:a5:d6:84:2f:63:a6:a3:10:
3b:04:66:5f:96:99:94:82:53:1d:62:48:d3:fa:ee:
79:b7:bb:86:43:ab:6e:ad:1a:c0:33:d8:92:61:2d:
c9:7b:1d:79:84:d5:d5:b8:ce:ed:66:2f:75:53:55:
ab:8f:92:a8:a2:b2:e3:1a:f9:27:a8:82:f3:c9:7b:
74:24:64:b0:19:9f:89:fb:47:c6:73:6c:19:8f:7a:
b9:b1:9a:97:2e:a1:98:f4:a7:82:bf:8b:85:4b:30:
2c:cc:38:61:3e:bc:a7:1e:c5:ae:0e:04:5c:e9:68:
0a:1e:e6:0c:e1:1b:44:79:7d:2a:c7:aa:bb:27:2e:
78:fe:c5:8f:2a:c8:74:e5:24:f4:5e:6e:49:2c:b1:
98:d2:24:c2:c2:0a:43:32:c4:c4:0a:12:ee:e8:5b:
69:76:56:10:12:8c:62:2c:07:44:28:f2:fc:e8:33:
14:22:28:28:12:7c:3a:d2:c7:04:6a:f0:6c:82:35:
a8:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:6C:5C:19:95:CE:39:EC:EE:94:A8:34:E1:02:E4:BF:FF:7E:7C:9B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/72xcGZXOOezulKg04QLkv_9-fJs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
02:a4:b6:d2:77:95:cb:55:e3:5e:f4:da:f1:2d:a5:34:8a:77:
a3:a8:45:24:f9:48:50:e1:5c:1a:8c:c4:2d:83:c2:af:94:bf:
ec:22:a2:2a:5e:71:04:95:ea:96:7d:61:4b:ec:7b:b5:2f:fb:
95:f8:f9:88:e6:67:d4:bd:a4:b6:fa:4c:76:1a:f6:0c:06:e8:
8d:bd:d1:ff:db:03:ce:a1:b7:98:08:c7:73:ae:da:34:b9:4e:
c8:dc:00:fa:14:23:87:9e:0b:bf:3e:3e:f6:09:86:5e:34:c7:
c7:b7:1f:13:2d:d7:80:a2:b7:5f:38:3d:77:af:b5:b2:ec:65:
aa:ad:66:c7:cf:3a:8d:c5:5d:14:76:0a:2c:c2:87:00:fd:bd:
06:25:96:c1:fc:b3:d0:93:f8:58:0a:c6:cd:06:d0:21:f5:b5:
7b:f2:a2:e8:27:b4:92:9f:62:0c:66:36:7d:b6:f9:f3:f6:bf:
cd:fe:03:a7:6e:45:18:b0:fe:36:07:b7:ee:dd:22:2f:38:69:
2d:0b:7c:c5:86:a3:d9:3f:bb:84:3a:ae:e1:29:19:b9:15:d5:
a3:85:71:3e:f7:84:fa:50:78:7e:4c:3f:61:d8:d5:ac:28:0a:
42:32:f7:32:7a:b2:c8:aa:43:ab:33:61:4f:73:40:97:9f:3f:
c8:ec:d0:da
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZkAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MzAx
ODExMzZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEVGNkM1QzE5OTVDRTM5
RUNFRTk0QTgzNEUxMDJFNEJGRkY3RTdDOUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+nCvHTN9hq8K+QBUPKw3Xl8FTdJ/Peb3aW5puYstBJbfZm2Rv
duFyXfKVkpkf6dkUuaC8z+EHrbdhSPuxd8YC2MWl1oQvY6ajEDsEZl+WmZSCUx1i
SNP67nm3u4ZDq26tGsAz2JJhLcl7HXmE1dW4zu1mL3VTVauPkqiisuMa+SeogvPJ
e3QkZLAZn4n7R8ZzbBmPermxmpcuoZj0p4K/i4VLMCzMOGE+vKcexa4OBFzpaAoe
5gzhG0R5fSrHqrsnLnj+xY8qyHTlJPRebkkssZjSJMLCCkMyxMQKEu7oW2l2VhAS
jGIsB0Qo8vzoMxQiKCgSfDrSxwRq8GyCNaiZAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU72xcGZXOOezulKg04QLkv/9+fJswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzcyeGNHWlhPT2V6dWxL
ZzA0UUxrdl85LWZKcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQACpLbS
d5XLVeNe9NrxLaU0inejqEUk+UhQ4VwajMQtg8KvlL/sIqIqXnEEleqWfWFL7Hu1
L/uV+PmI5mfUvaS2+kx2GvYMBuiNvdH/2wPOobeYCMdzrto0uU7I3AD6FCOHngu/
Pj72CYZeNMfHtx8TLdeAordfOD13r7Wy7GWqrWbHzzqNxV0UdgoswocA/b0GJZbB
/LPQk/hYCsbNBtAh9bV78qLoJ7SSn2IMZjZ9tvnz9r/N/gOnbkUYsP42B7fu3SIv
OGktC3zFhqPZP7uEOq7hKRm5FdWjhXE+94T6UHh+TD9h2NWsKApCMvcyerLIqkOr
M2FPc0CXnz/I7NDa
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:42:55 2025 by rpki-client