Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/A0Xg1_y7F5C6sncW8E-ciX3XgKA.roa
File: A0Xg1_y7F5C6sncW8E-ciX3XgKA.roa (raw, json)
Hash identifier: 1HM0Um/kA7Yh1z6RhSY1F+qbCC6zlnD8WtEf6ATKVOc=
Subject key identifier: 03:45:E0:D7:FC:BB:17:90:BA:B2:77:16:F0:4F:9C:89:7D:D7:80:A0
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6358
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/A0Xg1_y7F5C6sncW8E-ciX3XgKA.roa
Signing time: Fri 23 May 2025 00:11:44 +0000
ROA not before: Fri 23 May 2025 00:11:44 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25432 (0x6358)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 23 00:11:44 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=0345E0D7FCBB1790BAB27716F04F9C897DD780A0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:bf:b7:54:95:81:18:51:80:d1:d6:b1:fc:4d:
04:df:c2:4b:a3:80:3b:29:d4:18:8c:b4:6b:ab:52:
de:71:ae:b4:aa:aa:d4:32:64:7e:c4:24:5e:52:69:
0e:77:6b:c3:79:53:dd:6c:88:2e:1b:bf:69:06:20:
d1:bb:ad:bf:35:03:f7:79:86:92:80:a9:e9:b7:fc:
a2:b8:d4:74:cf:4d:55:43:01:f9:49:8b:ad:f9:ad:
90:b3:ca:d8:ff:6b:58:7c:c1:d2:17:9f:18:8e:c6:
5f:23:89:ba:34:c4:41:84:01:2e:85:91:1e:2b:ce:
ac:c9:82:fe:3f:c5:47:0c:cf:99:78:a8:69:e5:03:
58:4d:48:d0:c1:ce:41:aa:a1:4d:3e:99:c2:cd:65:
c1:f2:46:74:72:11:20:21:b5:3a:63:32:14:80:47:
88:fb:1e:36:aa:99:77:b4:bc:7c:54:fc:8e:15:cd:
48:d4:b8:ab:a1:24:a2:85:82:86:06:8c:3f:65:2c:
bd:1b:e1:e8:4b:3f:3d:22:20:12:55:09:8e:81:74:
0b:fa:29:45:68:7f:45:5b:a9:b9:6b:b3:b8:75:99:
19:a2:f0:e5:4c:a8:4e:d2:25:be:31:3a:84:50:0c:
54:de:57:ea:85:a5:76:95:bd:3f:c7:81:f4:ad:75:
e0:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:45:E0:D7:FC:BB:17:90:BA:B2:77:16:F0:4F:9C:89:7D:D7:80:A0
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/A0Xg1_y7F5C6sncW8E-ciX3XgKA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
af:d8:54:9d:8e:54:02:3a:69:a9:87:37:0f:89:ae:04:b6:1e:
f6:e7:78:23:b2:ab:87:a1:35:8b:54:2d:7a:45:07:6b:59:b5:
de:5a:38:24:49:cd:16:ef:47:9f:f8:b6:e1:17:a6:d6:c5:0b:
5f:ea:7c:59:2f:e4:ea:42:81:f8:7a:58:eb:e6:d8:d1:f3:f9:
97:cf:54:db:e6:e9:dc:07:dc:6e:cc:98:f1:6a:03:dc:df:21:
75:9f:6e:3f:39:62:b0:46:27:0e:35:0d:58:57:06:29:43:30:
8f:cf:a3:d5:92:32:07:24:02:3c:ad:df:33:cd:25:6d:08:e6:
81:d7:11:d9:4f:cc:ed:78:cb:f7:36:a3:69:d7:44:e4:7f:6a:
d2:e2:a8:f6:f5:a7:e6:ef:7a:0a:aa:e4:21:3c:4b:26:7a:b7:
05:69:60:c0:09:ec:65:cf:cf:45:8a:67:db:10:d9:c2:33:48:
88:05:e3:93:9d:97:aa:f0:12:d7:54:3b:38:12:7f:65:ce:40:
a8:cf:3d:31:cd:84:f0:f6:fb:7b:93:75:85:66:8d:c5:ba:07:
4a:67:3d:52:05:47:71:ba:5a:97:f5:65:0c:90:20:72:72:1d:
d2:e9:bc:7f:14:62:b3:a1:75:95:34:15:ea:78:44:5a:dc:67:
53:4a:b0:b7
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICY1gwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjMw
MDExNDRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDAzNDVFMEQ3RkNCQjE3
OTBCQUIyNzcxNkYwNEY5Qzg5N0RENzgwQTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCov7dUlYEYUYDR1rH8TQTfwkujgDsp1BiMtGurUt5xrrSqqtQy
ZH7EJF5SaQ53a8N5U91siC4bv2kGING7rb81A/d5hpKAqem3/KK41HTPTVVDAflJ
i635rZCzytj/a1h8wdIXnxiOxl8jibo0xEGEAS6FkR4rzqzJgv4/xUcMz5l4qGnl
A1hNSNDBzkGqoU0+mcLNZcHyRnRyESAhtTpjMhSAR4j7HjaqmXe0vHxU/I4VzUjU
uKuhJKKFgoYGjD9lLL0b4ehLPz0iIBJVCY6BdAv6KUVof0Vbqblrs7h1mRmi8OVM
qE7SJb4xOoRQDFTeV+qFpXaVvT/HgfStdeBvAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUA0Xg1/y7F5C6sncW8E+ciX3XgKAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0EwWGcxX3k3RjVDNnNu
Y1c4RS1jaVgzWGdLQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCv2FSd
jlQCOmmphzcPia4Eth7253gjsquHoTWLVC16RQdrWbXeWjgkSc0W70ef+LbhF6bW
xQtf6nxZL+TqQoH4eljr5tjR8/mXz1Tb5uncB9xuzJjxagPc3yF1n24/OWKwRicO
NQ1YVwYpQzCPz6PVkjIHJAI8rd8zzSVtCOaB1xHZT8zteMv3NqNp10Tkf2rS4qj2
9afm73oKquQhPEsmercFaWDACexlz89FimfbENnCM0iIBeOTnZeq8BLXVDs4En9l
zkCozz0xzYTw9vt7k3WFZo3FugdKZz1SBUdxulqX9WUMkCBych3S6bx/FGKzoXWV
NBXqeERa3GdTSrC3
-----END CERTIFICATE-----
Generated at Wed Jun 4 02:14:30 2025 by rpki-client