Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/AZruyDvvmWyFK1mC0SO79N0X1C4.roa
File: AZruyDvvmWyFK1mC0SO79N0X1C4.roa (raw, json)
Hash identifier: e9WKsa4XMU/SNCMdZjR+8lGBzOTSf79fftbq6zYc62U=
Subject key identifier: 01:9A:EE:C8:3B:EF:99:6C:85:2B:59:82:D1:23:BB:F4:DD:17:D4:2E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6268
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/AZruyDvvmWyFK1mC0SO79N0X1C4.roa
Signing time: Tue 20 May 2025 12:10:38 +0000
ROA not before: Tue 20 May 2025 12:10:38 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25192 (0x6268)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 20 12:10:38 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=019AEEC83BEF996C852B5982D123BBF4DD17D42E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:e9:1b:7f:6c:90:22:8b:b0:5f:98:5b:32:a7:
5b:a6:80:fe:28:d4:0e:9d:c5:06:f0:8c:38:0e:bb:
fa:34:84:ae:3e:10:df:c4:95:fd:5b:df:37:3d:59:
72:85:0d:b2:3d:ac:09:af:6b:2a:af:98:af:29:3b:
85:1c:cb:cb:ea:8b:e4:7a:a9:9b:ee:09:7e:b5:3f:
da:82:0b:57:d5:dc:2d:0e:bd:ea:f2:25:f2:42:57:
d4:19:5f:fc:f6:50:ce:37:88:2e:38:d0:b7:dc:6d:
d6:b3:03:78:0a:a9:8a:a8:a5:21:d8:e8:0d:67:63:
a3:a7:ee:2f:6d:a7:55:8e:c1:5e:23:e7:08:07:c7:
e0:b8:d9:a1:6b:e2:f6:da:ed:41:5c:23:aa:a5:63:
7a:0a:d3:da:73:b3:5c:47:50:c8:b2:2b:aa:2f:60:
db:e2:05:be:96:46:eb:c5:0a:a3:42:c2:9c:fa:23:
05:40:dc:ff:8c:67:42:d5:75:1c:12:5c:e9:5b:c7:
6d:d6:77:15:1e:6e:ff:7b:06:80:b4:0a:cd:55:2a:
a7:79:20:c4:52:d4:ad:11:b9:d2:c7:14:d1:6d:23:
20:e1:54:cf:aa:35:74:fe:5e:af:2a:c5:71:c3:f9:
a5:c5:cc:d9:64:2c:83:5d:c6:04:fe:19:9f:0b:93:
1f:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:9A:EE:C8:3B:EF:99:6C:85:2B:59:82:D1:23:BB:F4:DD:17:D4:2E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/AZruyDvvmWyFK1mC0SO79N0X1C4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
8c:24:2d:0c:fb:bf:f8:74:ed:8e:c3:55:db:09:c4:ca:21:6d:
eb:e8:95:0d:3b:3c:41:2f:a5:4a:9e:4f:1c:f0:33:09:b5:59:
3f:2c:18:f2:41:5d:79:0c:3b:eb:e8:f8:5f:55:0f:a0:9a:98:
9d:3e:9b:96:85:e6:d9:e6:cf:c8:f1:9b:40:08:b6:12:91:f4:
7b:71:9c:60:a5:dd:d5:c6:15:d3:51:24:39:d0:e6:c4:5e:fc:
2a:76:bf:7a:aa:69:ec:32:dd:0c:7d:bc:ce:58:60:7d:d2:9d:
f1:9e:42:12:7f:fe:ca:88:34:e3:42:c2:b4:72:50:1e:6f:d6:
e5:ec:ac:71:8c:2f:22:77:30:5b:19:e5:58:64:7c:d6:42:d0:
51:70:88:36:54:90:eb:a1:b4:58:a9:a0:81:1f:9f:2a:11:30:
7b:4d:a4:40:49:d7:48:67:8b:2d:70:0c:ff:27:1b:5b:71:c8:
61:92:cd:eb:c3:6d:6f:42:b1:91:22:42:5e:ad:03:75:81:a2:
8c:56:73:eb:b9:fa:83:0b:7d:a9:61:8d:21:8a:20:a6:3c:55:
be:37:dd:b4:88:fc:d1:86:a0:10:86:27:4b:2a:40:c2:6d:43:
0c:30:f4:bd:49:59:1d:38:ae:4c:f0:95:c9:9f:c8:1f:4a:14:
6c:6b:f7:0f
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYmgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjAx
MjEwMzhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDAxOUFFRUM4M0JFRjk5
NkM4NTJCNTk4MkQxMjNCQkY0REQxN0Q0MkUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC16Rt/bJAii7BfmFsyp1umgP4o1A6dxQbwjDgOu/o0hK4+EN/E
lf1b3zc9WXKFDbI9rAmvayqvmK8pO4Ucy8vqi+R6qZvuCX61P9qCC1fV3C0Overy
JfJCV9QZX/z2UM43iC440LfcbdazA3gKqYqopSHY6A1nY6On7i9tp1WOwV4j5wgH
x+C42aFr4vba7UFcI6qlY3oK09pzs1xHUMiyK6ovYNviBb6WRuvFCqNCwpz6IwVA
3P+MZ0LVdRwSXOlbx23WdxUebv97BoC0Cs1VKqd5IMRS1K0RudLHFNFtIyDhVM+q
NXT+Xq8qxXHD+aXFzNlkLINdxgT+GZ8Lkx+HAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUAZruyDvvmWyFK1mC0SO79N0X1C4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0FacnV5RHZ2bVd5Rksx
bUMwU083OU4wWDFDNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCMJC0M
+7/4dO2Ow1XbCcTKIW3r6JUNOzxBL6VKnk8c8DMJtVk/LBjyQV15DDvr6PhfVQ+g
mpidPpuWhebZ5s/I8ZtACLYSkfR7cZxgpd3VxhXTUSQ50ObEXvwqdr96qmnsMt0M
fbzOWGB90p3xnkISf/7KiDTjQsK0clAeb9bl7KxxjC8idzBbGeVYZHzWQtBRcIg2
VJDrobRYqaCBH58qETB7TaRASddIZ4stcAz/Jxtbcchhks3rw21vQrGRIkJerQN1
gaKMVnPrufqDC32pYY0hiiCmPFW+N920iPzRhqAQhidLKkDCbUMMMPS9SVkdOK5M
8JXJn8gfShRsa/cP
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:52:06 2025 by rpki-client