Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/KbCE-HDH476KNBfcYWh_FCg0EmU.roa
File: KbCE-HDH476KNBfcYWh_FCg0EmU.roa (raw, json)
Hash identifier: ZyUzp2/sCzEdwaaxu4jhm9t8BqQpHjzIxwU+7YXiJ5U=
Subject key identifier: 29:B0:84:F8:70:C7:E3:BE:8A:34:17:DC:61:68:7F:14:28:34:12:65
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6220
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/KbCE-HDH476KNBfcYWh_FCg0EmU.roa
Signing time: Mon 19 May 2025 18:10:38 +0000
ROA not before: Mon 19 May 2025 18:10:38 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25120 (0x6220)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 19 18:10:38 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=29B084F870C7E3BE8A3417DC61687F1428341265
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f0:20:84:97:a6:64:a3:db:0a:da:c0:83:79:ca:
74:1c:1b:40:f7:04:03:90:b1:3a:de:1d:37:3b:4a:
54:f2:0f:34:23:14:bb:f5:39:79:91:df:ee:ad:93:
e8:af:b7:0a:5c:ce:6a:4a:25:01:78:be:17:3d:d7:
05:38:c4:67:ea:ff:b2:12:62:cb:91:fe:13:46:aa:
33:24:96:80:78:d5:9f:d7:3f:91:b5:cb:48:f7:e5:
b2:62:ac:41:e1:9e:60:ad:48:e6:69:94:4b:59:1b:
65:b6:94:a6:63:48:2c:a1:1c:c0:ef:d1:60:1d:a8:
61:67:15:f5:08:c2:27:8c:03:24:83:81:6e:7b:3d:
3c:ba:9d:78:8c:cf:12:0f:a4:ba:94:3a:d4:ac:c1:
9f:d5:55:44:56:27:d0:b4:26:5c:a4:b9:ed:d1:3a:
6e:d4:e7:dc:b4:47:2d:91:5c:e1:b7:d9:5d:7e:61:
8c:95:05:67:98:4b:51:fb:39:fb:e7:7b:8d:0a:8a:
95:f2:45:4e:b2:b3:30:91:ee:f0:8d:06:99:4f:28:
5f:7a:e3:36:28:fc:c5:7b:4e:cb:0b:81:d2:85:0a:
5e:aa:ad:b1:2f:68:e2:32:2b:5d:87:fc:57:d9:e4:
e7:43:d9:06:dd:4b:b2:a7:31:de:95:b2:22:80:50:
cf:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:B0:84:F8:70:C7:E3:BE:8A:34:17:DC:61:68:7F:14:28:34:12:65
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/KbCE-HDH476KNBfcYWh_FCg0EmU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
83:08:c0:cf:b8:7e:b8:15:c8:eb:f7:81:13:19:5b:3e:e0:b6:
aa:48:e2:f8:c4:af:07:ad:fd:9d:4e:2d:34:ae:50:60:04:d4:
aa:ab:3f:7a:f9:29:4d:92:e9:1f:9c:b0:29:3f:65:8d:ea:f5:
2c:d2:6c:e5:c7:51:db:b6:2d:e2:5b:5e:cc:97:d7:d7:37:aa:
a0:2e:2c:46:e6:07:37:9b:4f:2c:c8:a0:79:38:95:b2:92:2b:
46:13:1c:90:34:fc:e2:a8:73:7e:98:cc:98:95:f6:3b:09:88:
d7:96:78:71:31:2e:29:36:3e:6a:9e:7b:ed:61:1c:35:01:ff:
c0:50:61:09:87:cc:f1:06:d0:d3:eb:fb:3d:1e:fe:80:8d:18:
e0:aa:3a:9d:9b:6e:77:66:ab:4a:dd:09:e5:b0:00:74:5d:87:
33:f1:2a:2b:4b:df:83:a2:53:27:ec:0b:31:64:f4:ce:78:06:
9c:e1:f6:5b:93:30:e4:ff:22:05:3f:d1:db:7c:99:54:b5:6c:
f4:75:f7:5e:bb:95:a0:c7:79:68:eb:a6:57:a3:f1:59:9f:fc:
03:68:17:e1:3b:07:15:0e:f2:c9:6d:70:d4:97:5c:05:40:ae:
ea:e3:0e:f4:14:e8:1a:c8:7f:24:86:b3:5a:ca:b7:6b:7a:23:
a3:f3:ed:f2
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYiAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTkx
ODEwMzhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDI5QjA4NEY4NzBDN0Uz
QkU4QTM0MTdEQzYxNjg3RjE0MjgzNDEyNjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDwIISXpmSj2wrawIN5ynQcG0D3BAOQsTreHTc7SlTyDzQjFLv1
OXmR3+6tk+ivtwpczmpKJQF4vhc91wU4xGfq/7ISYsuR/hNGqjMkloB41Z/XP5G1
y0j35bJirEHhnmCtSOZplEtZG2W2lKZjSCyhHMDv0WAdqGFnFfUIwieMAySDgW57
PTy6nXiMzxIPpLqUOtSswZ/VVURWJ9C0Jlykue3ROm7U59y0Ry2RXOG32V1+YYyV
BWeYS1H7Ofvne40KipXyRU6yszCR7vCNBplPKF964zYo/MV7TssLgdKFCl6qrbEv
aOIyK12H/FfZ5OdD2QbdS7KnMd6VsiKAUM8TAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUKbCE+HDH476KNBfcYWh/FCg0EmUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0tiQ0UtSERINDc2S05C
ZmNZV2hfRkNnMEVtVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCDCMDP
uH64Fcjr94ETGVs+4LaqSOL4xK8Hrf2dTi00rlBgBNSqqz96+SlNkukfnLApP2WN
6vUs0mzlx1Hbti3iW17Ml9fXN6qgLixG5gc3m08syKB5OJWykitGExyQNPziqHN+
mMyYlfY7CYjXlnhxMS4pNj5qnnvtYRw1Af/AUGEJh8zxBtDT6/s9Hv6AjRjgqjqd
m253ZqtK3QnlsAB0XYcz8SorS9+DolMn7AsxZPTOeAac4fZbkzDk/yIFP9HbfJlU
tWz0dfdeu5Wgx3lo66ZXo/FZn/wDaBfhOwcVDvLJbXDUl1wFQK7q4w70FOgayH8k
hrNayrdreiOj8+3y
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:55:59 2025 by rpki-client