Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/I6XaMBWF9d_hLXOgUlX7VLW_sZE.roa
File: I6XaMBWF9d_hLXOgUlX7VLW_sZE.roa (raw, json)
Hash identifier: Pb5h73YjkeIBCc/Nunb+Is7Efr6aK+RdspXl/xOWOcw=
Subject key identifier: 23:A5:DA:30:15:85:F5:DF:E1:2D:73:A0:52:55:FB:54:B5:BF:B1:91
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 66D6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/I6XaMBWF9d_hLXOgUlX7VLW_sZE.roa
Signing time: Sun 01 Jun 2025 07:41:33 +0000
ROA not before: Sun 01 Jun 2025 07:41:33 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26326 (0x66d6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 1 07:41:33 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=23A5DA301585F5DFE12D73A05255FB54B5BFB191
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:23:8b:a8:b3:91:f1:7b:bc:2c:1a:02:0f:b1:
41:b2:14:1d:e7:52:64:a2:a4:3a:46:8f:36:a8:98:
dc:1b:40:b0:ed:1d:8d:c0:96:4f:e3:2f:33:0e:37:
53:62:31:97:fc:6a:b1:94:1e:a1:bd:c4:6a:42:1b:
0a:dc:59:cd:e3:de:0f:8e:96:ca:69:35:f1:9e:ff:
d0:e7:b7:75:92:bd:ae:18:26:73:86:27:df:83:5a:
29:8d:0f:33:ec:3a:c6:d1:9d:0c:15:d4:a6:b4:31:
f3:7e:db:7e:0b:0c:85:9f:55:b4:8f:db:6e:2b:79:
9a:c0:0f:6a:2d:fc:7b:1d:0b:09:9b:c1:8a:dc:77:
64:08:f4:fd:4c:92:9d:1b:cd:3e:16:d8:ef:eb:e0:
5e:3c:cb:35:e5:fc:9b:f1:77:2f:b6:df:43:7c:53:
fc:90:74:f0:a4:25:f1:8d:d8:d9:6d:f6:63:2a:35:
9c:97:69:05:f0:a6:90:34:ad:67:fc:4a:0f:3e:be:
3d:69:12:61:ef:bc:64:df:57:b4:29:e5:d7:90:8d:
07:44:07:3b:b2:ab:00:40:ee:54:c7:38:d7:7e:24:
b6:9d:8a:11:2a:9c:5e:09:b9:d2:7f:f8:0f:cd:86:
ee:bc:5f:09:5f:4b:72:f2:b6:9f:83:87:cf:79:ed:
58:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:A5:DA:30:15:85:F5:DF:E1:2D:73:A0:52:55:FB:54:B5:BF:B1:91
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/I6XaMBWF9d_hLXOgUlX7VLW_sZE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
03:c5:0e:ca:4a:a5:10:a5:6d:2d:5e:8c:63:6a:f8:14:50:05:
98:bb:ac:0a:63:8d:f8:83:92:f6:24:e7:6f:2f:9d:74:99:9b:
6f:bd:28:f2:fd:6e:85:72:b3:0e:eb:48:ec:b6:93:da:dd:13:
5c:54:e4:50:79:a9:f5:e5:03:14:51:a8:85:c8:d6:e0:db:9b:
6a:a1:07:c5:f5:1e:0b:ea:e4:d1:ed:0d:1d:34:31:f0:80:d6:
42:b0:1b:93:55:55:4b:e4:60:b8:69:14:51:07:7b:73:d8:dc:
fd:b0:0a:06:4b:32:41:82:40:0b:fb:ee:ec:01:a4:2a:b4:5c:
f3:dd:27:ee:48:0c:af:9a:93:d9:f7:91:06:c0:98:eb:9a:2c:
b5:92:42:60:cd:18:a6:f9:a0:35:16:d4:fc:f0:a1:2b:0a:c1:
91:be:85:3a:5f:c3:c7:ca:e5:e1:a3:3e:f3:16:69:4d:7f:81:
c1:0d:a5:dc:68:f8:b4:33:71:3e:9c:57:f9:16:0c:65:4b:9b:
7d:88:de:2d:8b:6c:bc:28:fd:fe:9c:6a:34:9e:49:c0:d4:11:
25:b5:45:5e:0c:40:c9:31:50:38:c6:66:0f:79:80:da:05:9a:
fd:9e:02:ce:a1:fe:f6:1c:44:3a:45:25:af:b1:ad:f0:70:c3:
c3:7a:42:fe
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZtYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDEw
NzQxMzNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDIzQTVEQTMwMTU4NUY1
REZFMTJENzNBMDUyNTVGQjU0QjVCRkIxOTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKI4uos5Hxe7wsGgIPsUGyFB3nUmSipDpGjzaomNwbQLDtHY3A
lk/jLzMON1NiMZf8arGUHqG9xGpCGwrcWc3j3g+OlsppNfGe/9Dnt3WSva4YJnOG
J9+DWimNDzPsOsbRnQwV1Ka0MfN+234LDIWfVbSP224reZrAD2ot/HsdCwmbwYrc
d2QI9P1Mkp0bzT4W2O/r4F48yzXl/Jvxdy+230N8U/yQdPCkJfGN2Nlt9mMqNZyX
aQXwppA0rWf8Sg8+vj1pEmHvvGTfV7Qp5deQjQdEBzuyqwBA7lTHONd+JLadihEq
nF4JudJ/+A/Nhu68XwlfS3Lytp+Dh8957VjJAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUI6XaMBWF9d/hLXOgUlX7VLW/sZEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0k2WGFNQldGOWRfaExY
T2dVbFg3VkxXX3NaRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQADxQ7K
SqUQpW0tXoxjavgUUAWYu6wKY434g5L2JOdvL510mZtvvSjy/W6FcrMO60jstpPa
3RNcVORQean15QMUUaiFyNbg25tqoQfF9R4L6uTR7Q0dNDHwgNZCsBuTVVVL5GC4
aRRRB3tz2Nz9sAoGSzJBgkAL++7sAaQqtFzz3SfuSAyvmpPZ95EGwJjrmiy1kkJg
zRim+aA1FtT88KErCsGRvoU6X8PHyuXhoz7zFmlNf4HBDaXcaPi0M3E+nFf5Fgxl
S5t9iN4ti2y8KP3+nGo0nknA1BEltUVeDEDJMVA4xmYPeYDaBZr9ngLOof72HEQ6
RSWvsa3wcMPDekL+
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:10:27 2025 by rpki-client