Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/DRTqrYCb5TVG01Dd3OQoRCTXrfA.roa
File: DRTqrYCb5TVG01Dd3OQoRCTXrfA.roa (raw, json)
Hash identifier: RLmTrZgnfgUIClZQE7RYGrGBW+TsyNhBbDeFpOCM2pE=
Subject key identifier: 0D:14:EA:AD:80:9B:E5:35:46:D3:50:DD:DC:E4:28:44:24:D7:AD:F0
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6D72
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/DRTqrYCb5TVG01Dd3OQoRCTXrfA.roa
Signing time: Thu 19 Jun 2025 02:38:40 +0000
ROA not before: Thu 19 Jun 2025 02:38:40 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28018 (0x6d72)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 19 02:38:40 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=0D14EAAD809BE53546D350DDDCE4284424D7ADF0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:a1:19:93:80:ae:7b:e3:0a:25:95:31:74:10:
b5:4d:0d:2d:e7:d6:24:68:f4:91:e2:62:9c:25:7c:
76:37:47:5f:a8:4d:72:fd:7f:87:ce:5b:01:01:6e:
8b:5e:5d:03:39:dd:08:fe:56:fc:4f:a9:b2:9b:7a:
2b:5c:10:68:fe:9a:08:cd:96:41:78:82:9b:0e:ba:
c3:8d:8a:d7:dd:2c:5c:58:3f:b6:44:4c:0e:1f:98:
09:f5:63:34:bc:b1:93:a7:3e:8d:33:0d:da:c4:03:
a2:d9:3e:17:20:27:32:8e:48:e4:bf:6d:21:07:a5:
96:86:aa:ac:66:9c:2a:3c:f2:d5:76:8a:18:be:b3:
23:82:ef:5f:7b:ea:0a:68:06:8e:8f:e8:84:01:b3:
e4:34:4b:e8:9d:ce:0d:48:eb:99:eb:af:b0:de:0b:
17:0f:5f:41:46:fe:6d:56:7a:f8:2f:c8:d2:3e:1a:
60:ff:3e:64:69:6b:55:74:8a:c9:0d:40:84:a3:ae:
99:ec:8c:8d:a4:61:4f:e8:85:a8:89:c4:51:fe:26:
76:d1:ea:12:14:bf:83:a6:19:ca:e7:bf:87:4c:2a:
01:33:a0:1b:c5:56:7b:e3:27:8d:75:e3:ad:44:02:
86:2b:f4:74:d9:c2:c5:c6:8e:aa:b0:d9:af:41:b2:
4b:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:14:EA:AD:80:9B:E5:35:46:D3:50:DD:DC:E4:28:44:24:D7:AD:F0
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/DRTqrYCb5TVG01Dd3OQoRCTXrfA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
52:6f:26:ec:4a:5a:d7:c1:03:e2:fd:66:f7:66:0f:24:42:30:
74:57:f1:a9:c7:f3:5c:fc:f9:b2:b8:92:43:58:58:af:60:18:
f9:d0:6f:de:69:9f:47:f7:34:eb:48:cf:e8:6f:72:06:09:19:
7a:23:04:72:86:93:be:aa:be:71:11:12:cd:34:ad:5c:16:86:
a8:a2:af:8f:d8:7b:0c:c0:c8:0f:e8:3a:63:e4:04:6d:14:3c:
6c:87:15:e0:ed:26:ce:a8:57:69:15:1d:36:fb:20:4c:6c:92:
c5:a0:93:04:58:5f:a9:b3:eb:fc:55:a1:01:92:33:a9:66:b7:
0d:9a:77:2f:4d:9c:ed:a7:a2:27:9e:e5:3d:a3:fc:02:bc:46:
03:70:8d:ca:61:e9:e8:fb:8c:70:5d:67:c8:34:31:cb:a0:0e:
0f:18:c3:8d:e7:e9:15:bf:2e:01:51:15:c3:30:27:06:e1:d9:
7b:8d:e4:68:e8:72:68:47:93:a1:10:d4:6b:52:0f:30:e7:c6:
f1:b0:71:fd:c3:59:53:2f:26:4a:30:d0:bb:0a:1c:75:09:f3:
03:24:b8:27:ae:6a:2b:e1:84:10:f3:5c:0f:ac:58:d5:68:35:
1d:8c:d5:33:86:1b:1d:79:cc:34:9b:2c:84:3a:18:45:ad:51:
80:18:94:a3
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbXIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTkw
MjM4NDBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDBEMTRFQUFEODA5QkU1
MzU0NkQzNTBERERDRTQyODQ0MjREN0FERjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDAoRmTgK574wollTF0ELVNDS3n1iRo9JHiYpwlfHY3R1+oTXL9
f4fOWwEBboteXQM53Qj+VvxPqbKbeitcEGj+mgjNlkF4gpsOusONitfdLFxYP7ZE
TA4fmAn1YzS8sZOnPo0zDdrEA6LZPhcgJzKOSOS/bSEHpZaGqqxmnCo88tV2ihi+
syOC71976gpoBo6P6IQBs+Q0S+idzg1I65nrr7DeCxcPX0FG/m1WevgvyNI+GmD/
PmRpa1V0iskNQISjrpnsjI2kYU/ohaiJxFH+JnbR6hIUv4OmGcrnv4dMKgEzoBvF
VnvjJ411461EAoYr9HTZwsXGjqqw2a9BskuvAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUDRTqrYCb5TVG01Dd3OQoRCTXrfAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0RSVHFyWUNiNVRWRzAx
RGQzT1FvUkNUWHJmQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBSbybs
SlrXwQPi/Wb3Zg8kQjB0V/Gpx/Nc/PmyuJJDWFivYBj50G/eaZ9H9zTrSM/ob3IG
CRl6IwRyhpO+qr5xERLNNK1cFoaooq+P2HsMwMgP6Dpj5ARtFDxshxXg7SbOqFdp
FR02+yBMbJLFoJMEWF+ps+v8VaEBkjOpZrcNmncvTZztp6InnuU9o/wCvEYDcI3K
Yeno+4xwXWfINDHLoA4PGMON5+kVvy4BURXDMCcG4dl7jeRo6HJoR5OhENRrUg8w
58bxsHH9w1lTLyZKMNC7Chx1CfMDJLgnrmor4YQQ81wPrFjVaDUdjNUzhhsdecw0
myyEOhhFrVGAGJSj
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:34:20 2025 by rpki-client