Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/C8unKdU-ptsAFuu4ptitbOFid4g.roa
File: C8unKdU-ptsAFuu4ptitbOFid4g.roa (raw, json)
Hash identifier: 57qnI39Lgq9eyDsTa+NzFEHgDA+Y1rY2+6D4+G6yzyo=
Subject key identifier: 0B:CB:A7:29:D5:3E:A6:DB:00:16:EB:B8:A6:D8:AD:6C:E1:62:77:88
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 619A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/C8unKdU-ptsAFuu4ptitbOFid4g.roa
Signing time: Sun 18 May 2025 08:43:27 +0000
ROA not before: Sun 18 May 2025 08:43:27 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24986 (0x619a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 18 08:43:27 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=0BCBA729D53EA6DB0016EBB8A6D8AD6CE1627788
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:50:2e:33:10:d4:4c:c6:97:1f:6b:59:9f:ac:
c0:0a:1a:ae:1d:75:f3:24:83:83:dc:2b:c5:56:92:
39:a1:4f:ae:09:96:a6:2d:2d:7b:ef:e0:0c:4c:1e:
b0:69:70:91:b6:1c:65:02:e5:fc:72:30:33:6f:46:
85:ed:88:25:7d:de:f7:67:12:df:3c:6d:1f:ee:1d:
15:9e:87:5d:97:80:f2:81:0a:a5:93:57:33:d6:e6:
15:90:33:52:7d:6a:24:64:f5:3d:36:4b:ea:1f:a4:
80:73:fa:0a:d8:c7:32:84:51:54:57:04:70:ee:62:
95:b3:d7:9f:09:75:5c:79:67:48:ac:54:3e:7e:f4:
c8:b8:3a:83:a9:75:5e:4a:24:49:81:87:49:1e:e5:
43:dc:55:37:44:40:cf:71:21:2d:66:7f:45:41:96:
fd:51:81:1f:d8:ed:3c:10:cd:4d:4b:19:77:d2:92:
c4:2a:0f:5d:c5:e0:e5:3c:78:af:c9:c0:d7:75:a8:
0a:97:20:a2:0c:82:95:e8:e6:77:00:15:44:d0:80:
e3:53:cd:4e:4d:a0:79:f0:3a:ff:33:00:ae:37:e6:
23:38:8e:49:80:97:f3:7d:74:73:24:e3:84:f2:47:
32:69:93:ab:b9:d1:5b:6f:c5:d8:fe:3a:41:34:1e:
0c:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0B:CB:A7:29:D5:3E:A6:DB:00:16:EB:B8:A6:D8:AD:6C:E1:62:77:88
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/C8unKdU-ptsAFuu4ptitbOFid4g.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
2f:34:87:3d:21:da:b2:63:75:aa:c9:5a:43:fb:6b:8d:c0:62:
a3:49:85:90:cd:c0:d8:5b:7a:ce:fa:a8:33:ed:ee:02:c6:c8:
b4:fb:7f:0f:fe:d0:35:45:7c:80:d2:50:a5:5e:fe:92:e1:27:
05:1f:cb:37:d5:8f:7e:87:eb:a9:5e:e5:4d:09:45:72:8a:22:
e5:23:2f:1a:82:bb:5d:c6:10:cd:5d:d1:f9:32:75:99:c5:61:
65:15:58:ce:58:5a:cc:3d:2f:03:51:b8:4a:32:ac:74:97:1e:
22:32:39:dc:16:3e:ac:8f:40:75:d3:e1:a8:82:08:fd:21:53:
f2:df:e5:15:eb:18:ef:46:0f:a9:ac:09:01:a2:ca:b6:af:41:
76:1b:92:c9:a8:9d:a2:39:46:1e:3b:13:3b:7d:e5:51:44:cb:
c8:a7:bd:a7:ad:55:1b:d8:51:d5:03:2b:db:f3:f1:22:a8:44:
2d:c9:5f:0b:fe:d7:36:b6:26:2c:b7:8d:d2:41:a3:74:7b:32:
45:4b:c0:a6:14:09:8d:ad:98:01:13:a7:81:25:cf:d3:11:ca:
b2:0e:0f:9f:ae:eb:d2:e1:f6:97:b8:d2:24:54:20:40:e7:f9:
61:d9:45:c5:9b:d4:72:aa:ac:5b:5a:eb:e5:c5:2f:7a:bc:be:
c7:f1:f4:e2
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYZowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTgw
ODQzMjdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDBCQ0JBNzI5RDUzRUE2
REIwMDE2RUJCOEE2RDhBRDZDRTE2Mjc3ODgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDWUC4zENRMxpcfa1mfrMAKGq4ddfMkg4PcK8VWkjmhT64JlqYt
LXvv4AxMHrBpcJG2HGUC5fxyMDNvRoXtiCV93vdnEt88bR/uHRWeh12XgPKBCqWT
VzPW5hWQM1J9aiRk9T02S+ofpIBz+grYxzKEUVRXBHDuYpWz158JdVx5Z0isVD5+
9Mi4OoOpdV5KJEmBh0ke5UPcVTdEQM9xIS1mf0VBlv1RgR/Y7TwQzU1LGXfSksQq
D13F4OU8eK/JwNd1qAqXIKIMgpXo5ncAFUTQgONTzU5NoHnwOv8zAK435iM4jkmA
l/N9dHMk44TyRzJpk6u50Vtvxdj+OkE0HgylAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUC8unKdU+ptsAFuu4ptitbOFid4gwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0M4dW5LZFUtcHRzQUZ1
dTRwdGl0Yk9GaWQ0Zy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAvNIc9
IdqyY3WqyVpD+2uNwGKjSYWQzcDYW3rO+qgz7e4Cxsi0+38P/tA1RXyA0lClXv6S
4ScFH8s31Y9+h+upXuVNCUVyiiLlIy8agrtdxhDNXdH5MnWZxWFlFVjOWFrMPS8D
UbhKMqx0lx4iMjncFj6sj0B10+Goggj9IVPy3+UV6xjvRg+prAkBosq2r0F2G5LJ
qJ2iOUYeOxM7feVRRMvIp72nrVUb2FHVAyvb8/EiqEQtyV8L/tc2tiYst43SQaN0
ezJFS8CmFAmNrZgBE6eBJc/TEcqyDg+fruvS4faXuNIkVCBA5/lh2UXFm9Ryqqxb
WuvlxS96vL7H8fTi
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:41:21 2025 by rpki-client