Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/CeFfWWjNRvTl_tYtLOCdPjrkjmM.roa
File: CeFfWWjNRvTl_tYtLOCdPjrkjmM.roa (raw, json)
Hash identifier: qt8LkeiwJ3v0bGxzYyvZM+7pQdFn5ZfnMrBdwlt6QCs=
Subject key identifier: 09:E1:5F:59:68:CD:46:F4:E5:FE:D6:2D:2C:E0:9D:3E:3A:E4:8E:63
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6692
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/CeFfWWjNRvTl_tYtLOCdPjrkjmM.roa
Signing time: Sat 31 May 2025 14:41:41 +0000
ROA not before: Sat 31 May 2025 14:41:41 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26258 (0x6692)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 31 14:41:41 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=09E15F5968CD46F4E5FED62D2CE09D3E3AE48E63
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:0c:dd:06:41:48:c3:d9:3f:0f:3d:fa:cf:7c:
3a:07:83:d4:64:de:70:f1:4f:3b:06:15:0a:fc:d4:
03:5c:6a:ba:b6:d2:0a:c4:7e:71:8d:ec:1c:12:a5:
86:0e:7b:82:9d:e1:2a:66:f5:4a:b7:60:37:28:62:
20:de:9e:e8:b4:3c:17:47:4f:b3:89:93:d9:c5:5e:
69:3f:ee:0b:db:c1:81:44:4d:81:fb:66:ed:80:da:
0d:6b:c0:de:e2:9a:66:ef:be:47:20:98:31:af:6d:
b5:a7:2e:30:ba:b5:cc:65:e3:d3:02:17:2f:85:8e:
60:a8:e3:02:f2:94:6e:aa:76:f7:9b:54:e4:75:81:
ba:60:c7:f0:ae:3c:58:b7:c9:39:c0:c5:e1:b5:83:
97:66:51:ed:55:79:56:61:e9:01:af:64:b0:86:0e:
0b:b9:b6:4e:f1:43:15:a9:e2:cd:80:9b:df:f7:c4:
6c:a7:83:40:f4:6b:6b:1f:7a:21:12:4e:9f:72:a9:
5a:82:6d:c9:40:6a:7b:0e:8e:59:29:01:30:a4:ca:
52:57:f9:19:8a:ac:d3:84:bd:f3:14:b1:72:31:aa:
fd:9e:de:96:9c:3d:22:c2:b7:00:3c:b0:27:b5:41:
1c:92:3a:1c:95:95:11:e4:37:3c:5c:22:f8:ff:84:
3a:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:E1:5F:59:68:CD:46:F4:E5:FE:D6:2D:2C:E0:9D:3E:3A:E4:8E:63
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/CeFfWWjNRvTl_tYtLOCdPjrkjmM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
af:c4:d3:47:be:8f:44:98:9e:e1:44:ce:62:be:e9:87:4c:08:
64:bb:21:84:6e:84:22:e5:88:82:1a:4e:97:04:45:2b:e5:6c:
f9:95:12:0f:d0:ec:23:79:9f:d1:4c:f7:40:61:57:db:08:be:
10:30:c9:19:6c:09:ec:d7:7b:2f:1e:b0:40:87:2f:44:e3:3b:
76:7c:aa:6d:b7:71:ec:49:5c:3d:b7:6a:33:6b:4b:04:13:50:
80:92:98:09:0b:b9:3e:25:17:9b:be:47:25:58:91:30:07:9d:
2b:9e:04:d0:51:ef:9d:44:0a:33:b9:8c:c0:ba:8b:71:66:54:
85:1c:05:e2:6f:fb:65:8b:07:7e:1e:90:d3:40:c3:ed:36:00:
e9:ef:bb:fb:5a:64:15:7d:b4:ce:80:a1:97:0a:cc:9e:e4:6b:
1d:c9:58:9f:3b:7c:a9:3c:64:de:6a:35:4d:d8:c3:44:24:87:
5b:1f:67:f5:fa:95:14:f4:b5:a1:ee:10:79:ec:05:18:05:50:
08:d2:f1:41:a1:29:d2:55:5d:49:72:a0:4f:00:51:ad:da:5e:
d3:56:c1:dc:c4:1d:39:b7:74:6f:2b:c0:ad:9e:0e:37:e4:a4:
49:6c:47:ab:cf:b6:0f:ae:a0:f4:a8:24:9b:5a:29:4e:07:7c:
f2:36:77:66
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZpIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MzEx
NDQxNDFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDA5RTE1RjU5NjhDRDQ2
RjRFNUZFRDYyRDJDRTA5RDNFM0FFNDhFNjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDMDN0GQUjD2T8PPfrPfDoHg9Rk3nDxTzsGFQr81ANcarq20grE
fnGN7BwSpYYOe4Kd4Spm9Uq3YDcoYiDenui0PBdHT7OJk9nFXmk/7gvbwYFETYH7
Zu2A2g1rwN7immbvvkcgmDGvbbWnLjC6tcxl49MCFy+FjmCo4wLylG6qdvebVOR1
gbpgx/CuPFi3yTnAxeG1g5dmUe1VeVZh6QGvZLCGDgu5tk7xQxWp4s2Am9/3xGyn
g0D0a2sfeiESTp9yqVqCbclAansOjlkpATCkylJX+RmKrNOEvfMUsXIxqv2e3pac
PSLCtwA8sCe1QRySOhyVlRHkNzxcIvj/hDo/AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUCeFfWWjNRvTl/tYtLOCdPjrkjmMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0NlRmZXV2pOUnZUbF90
WXRMT0NkUGpya2ptTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCvxNNH
vo9EmJ7hRM5ivumHTAhkuyGEboQi5YiCGk6XBEUr5Wz5lRIP0OwjeZ/RTPdAYVfb
CL4QMMkZbAns13svHrBAhy9E4zt2fKptt3HsSVw9t2oza0sEE1CAkpgJC7k+JReb
vkclWJEwB50rngTQUe+dRAozuYzAuotxZlSFHAXib/tliwd+HpDTQMPtNgDp77v7
WmQVfbTOgKGXCsye5GsdyVifO3ypPGTeajVN2MNEJIdbH2f1+pUU9LWh7hB57AUY
BVAI0vFBoSnSVV1JcqBPAFGt2l7TVsHcxB05t3RvK8Ctng435KRJbEerz7YPrqD0
qCSbWilOB3zyNndm
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:10:30 2025 by rpki-client