Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/F3_to1GDPvBh-7lKV2WEDBxvXkQ.roa
File: F3_to1GDPvBh-7lKV2WEDBxvXkQ.roa (raw, json)
Hash identifier: cYtHdB6tYYn+GTtHBOYX3QbGDn+weQguyznldmDwVS4=
Subject key identifier: 17:7F:ED:A3:51:83:3E:F0:61:FB:B9:4A:57:65:84:0C:1C:6F:5E:44
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 666C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/F3_to1GDPvBh-7lKV2WEDBxvXkQ.roa
Signing time: Sat 31 May 2025 05:11:34 +0000
ROA not before: Sat 31 May 2025 05:11:34 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26220 (0x666c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 31 05:11:34 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=177FEDA351833EF061FBB94A5765840C1C6F5E44
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:31:0f:dc:82:b6:01:ab:98:8f:af:a0:5e:e5:
91:fa:73:32:89:07:19:17:7b:1e:e7:36:99:e0:cf:
e1:2d:f5:ee:0c:d9:b8:a6:7d:f4:82:d7:ec:39:22:
45:dd:75:0a:f6:31:75:a2:a2:00:76:9a:8f:b4:b4:
d4:65:01:b2:4e:3d:8e:cd:fa:be:5b:ec:77:00:3c:
2e:04:28:97:2a:d9:a9:29:57:94:4f:33:71:ff:29:
b9:49:29:61:71:bd:a4:11:07:c5:33:96:3d:90:82:
9a:77:c2:86:31:09:c2:a6:52:2d:15:5b:15:eb:8a:
99:c5:68:df:45:eb:90:80:2e:84:63:f4:7d:b7:f1:
7a:0a:13:9e:6a:08:1d:85:3f:49:ee:d7:c5:e7:8d:
e4:3b:5b:61:fb:ed:ca:a9:6f:aa:75:39:f0:67:1b:
bb:61:7e:89:25:49:74:f9:94:f0:7b:1d:1b:11:81:
42:07:a4:a7:bf:7e:66:57:83:da:8f:47:ee:80:fc:
9d:46:50:ef:c1:72:5a:6c:4c:10:de:60:ef:75:91:
55:4f:fb:b1:1e:9b:a1:92:8a:7e:96:7b:9a:5b:c1:
1f:ba:e5:96:f4:be:9d:9e:6e:c7:d1:f4:7d:8c:ff:
2a:93:8c:af:a6:19:ee:66:ee:df:7c:b6:bf:e3:b2:
b8:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
17:7F:ED:A3:51:83:3E:F0:61:FB:B9:4A:57:65:84:0C:1C:6F:5E:44
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/F3_to1GDPvBh-7lKV2WEDBxvXkQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
2d:c9:f5:e9:f5:9a:11:6f:c0:a7:bd:07:cd:64:d8:33:4d:9d:
11:e8:9b:1b:af:ea:b9:19:c3:66:ed:cd:f0:c2:ab:52:46:90:
6b:3b:22:3b:58:4b:c9:f6:5f:8f:0d:f9:1b:de:12:30:2c:26:
c6:95:90:bc:6e:26:5f:86:64:9c:35:f0:3c:cd:b9:94:85:d5:
37:8c:e3:e2:54:2f:e9:4b:38:36:6f:ae:10:ed:5a:9d:08:e5:
5e:0d:85:78:df:6b:e6:4c:bd:99:c1:84:f1:f5:85:04:44:0f:
49:e6:03:19:f8:62:41:bc:d3:7f:06:50:65:6e:9c:46:a1:d7:
f3:18:99:ad:b7:e8:53:6b:fd:60:ed:e8:d1:41:37:3f:a8:5e:
34:00:f2:87:48:b8:94:59:d9:6a:46:c2:c6:31:b3:03:60:ba:
12:20:3b:45:65:48:37:57:c4:db:3b:d3:67:57:24:72:2e:f6:
87:f7:f7:d2:4a:6b:1f:58:ce:e2:73:49:70:3c:0a:d3:40:a4:
09:aa:77:bc:a9:6a:6f:99:c6:e7:48:a7:0b:bd:25:ab:b3:ba:
4f:ab:7a:77:7c:1f:c7:86:52:ce:16:cd:c2:03:01:ee:34:6e:
20:4b:9d:0d:70:8b:0b:bf:c8:04:19:24:b1:90:d4:9e:d0:2c:
9d:45:e6:23
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZmwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MzEw
NTExMzRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDE3N0ZFREEzNTE4MzNF
RjA2MUZCQjk0QTU3NjU4NDBDMUM2RjVFNDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDhMQ/cgrYBq5iPr6Be5ZH6czKJBxkXex7nNpngz+Et9e4M2bim
ffSC1+w5IkXddQr2MXWiogB2mo+0tNRlAbJOPY7N+r5b7HcAPC4EKJcq2akpV5RP
M3H/KblJKWFxvaQRB8Uzlj2Qgpp3woYxCcKmUi0VWxXripnFaN9F65CALoRj9H23
8XoKE55qCB2FP0nu18XnjeQ7W2H77cqpb6p1OfBnG7thfoklSXT5lPB7HRsRgUIH
pKe/fmZXg9qPR+6A/J1GUO/BclpsTBDeYO91kVVP+7Eem6GSin6We5pbwR+65Zb0
vp2ebsfR9H2M/yqTjK+mGe5m7t98tr/jsri7AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUF3/to1GDPvBh+7lKV2WEDBxvXkQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0YzX3RvMUdEUHZCaC03
bEtWMldFREJ4dlhrUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAtyfXp
9ZoRb8CnvQfNZNgzTZ0R6Jsbr+q5GcNm7c3wwqtSRpBrOyI7WEvJ9l+PDfkb3hIw
LCbGlZC8biZfhmScNfA8zbmUhdU3jOPiVC/pSzg2b64Q7VqdCOVeDYV432vmTL2Z
wYTx9YUERA9J5gMZ+GJBvNN/BlBlbpxGodfzGJmtt+hTa/1g7ejRQTc/qF40APKH
SLiUWdlqRsLGMbMDYLoSIDtFZUg3V8TbO9NnVyRyLvaH9/fSSmsfWM7ic0lwPArT
QKQJqne8qWpvmcbnSKcLvSWrs7pPq3p3fB/HhlLOFs3CAwHuNG4gS50NcIsLv8gE
GSSxkNSe0CydReYj
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:25:04 2025 by rpki-client