Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/KxM0iCEAt_0Rezi3XAaTPQ796AU.roa
File: KxM0iCEAt_0Rezi3XAaTPQ796AU.roa (raw, json)
Hash identifier: sT9wv+ajh9myDr/j5tLSw3XzP1R3YU6pz+cdm6jJM6c=
Subject key identifier: 2B:13:34:88:21:00:B7:FD:11:7B:38:B7:5C:06:93:3D:0E:FD:E8:05
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 63DC
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/KxM0iCEAt_0Rezi3XAaTPQ796AU.roa
Signing time: Sat 24 May 2025 09:13:17 +0000
ROA not before: Sat 24 May 2025 09:13:17 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25564 (0x63dc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 24 09:13:17 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=2B1334882100B7FD117B38B75C06933D0EFDE805
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:64:98:18:2b:86:38:12:73:fb:92:9a:88:d3:
a2:88:27:a7:f1:08:03:bf:5c:84:e7:1b:be:50:61:
9b:e3:27:f8:f0:5d:07:8a:c2:cd:9e:28:94:c4:00:
de:f2:5a:3e:11:84:90:01:f2:4d:97:3e:e2:ef:5b:
23:06:cd:c3:e7:70:2d:7b:76:88:d9:eb:c3:f2:6a:
4a:87:12:0f:c2:20:c7:fe:b7:5f:7b:ca:f8:de:b4:
32:ce:3b:26:81:1d:4c:e1:13:12:9b:44:7e:8f:03:
86:a4:82:ad:e2:21:24:2f:c6:31:66:17:87:ca:42:
61:36:2d:44:63:4e:c3:f5:26:cc:a2:1b:d3:c0:03:
ae:e2:fa:c1:52:1b:0b:89:64:b8:b4:70:5e:82:8b:
09:bc:a4:d5:d4:b7:5d:b3:15:a7:3f:42:44:80:ac:
39:ce:9e:19:ca:25:c1:0d:b3:16:ad:25:57:eb:84:
55:ad:e8:c4:19:a7:f6:09:64:7c:fe:35:59:89:02:
f9:b2:09:a1:7d:fb:b9:c4:76:c7:fe:1d:a5:27:c1:
42:b4:61:fa:12:e5:97:1c:73:10:0c:91:45:8e:47:
9c:b9:42:16:7d:f9:33:f1:aa:f1:26:86:d8:c6:25:
44:08:93:cc:32:7f:87:86:6f:32:e8:91:65:eb:19:
1a:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:13:34:88:21:00:B7:FD:11:7B:38:B7:5C:06:93:3D:0E:FD:E8:05
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/KxM0iCEAt_0Rezi3XAaTPQ796AU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
5c:e3:b7:9d:02:3f:dc:e8:8e:fb:e3:4a:fc:41:26:d1:c7:52:
30:3e:aa:cd:b9:b3:1a:66:9a:8a:96:ba:c7:01:13:6e:9a:b4:
a4:0f:61:7f:49:32:24:e7:27:f6:13:28:02:36:73:09:be:49:
6b:ac:ce:db:03:85:5b:02:c0:1c:5e:11:48:fc:d7:be:a0:ae:
5a:c7:0f:c0:d8:7a:9b:b1:a2:8b:f3:f4:e7:1e:26:f9:aa:32:
82:ff:71:d7:ac:b3:0e:1f:2c:b9:78:63:c6:1d:3d:d3:98:a2:
22:e5:d9:7b:80:84:d8:7c:0f:34:3e:b7:29:33:6d:bf:84:b9:
f0:33:71:15:eb:23:d9:8d:18:b4:66:9a:c9:8b:4c:83:48:70:
de:9e:2c:78:22:e3:de:20:51:11:28:bb:12:ae:88:a3:88:71:
70:38:e4:0e:24:e5:d0:0e:92:e0:d0:7d:89:e1:89:89:eb:cf:
02:43:fb:c9:6b:c1:01:20:28:a6:44:8e:0b:12:b5:e3:8b:af:
f5:25:a5:3f:cc:a4:9a:e4:56:1a:48:67:b2:55:e4:7d:b8:9d:
89:77:ad:9b:dd:15:47:0c:4d:be:79:56:21:d1:94:20:bd:c5:
c3:b5:87:56:ee:51:c9:04:9e:e1:18:a3:69:5f:a0:69:b8:32:
cb:e9:4b:05
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICY9wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjQw
OTEzMTdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDJCMTMzNDg4MjEwMEI3
RkQxMTdCMzhCNzVDMDY5MzNEMEVGREU4MDUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC4ZJgYK4Y4EnP7kpqI06KIJ6fxCAO/XITnG75QYZvjJ/jwXQeK
ws2eKJTEAN7yWj4RhJAB8k2XPuLvWyMGzcPncC17dojZ68PyakqHEg/CIMf+t197
yvjetDLOOyaBHUzhExKbRH6PA4akgq3iISQvxjFmF4fKQmE2LURjTsP1JsyiG9PA
A67i+sFSGwuJZLi0cF6Ciwm8pNXUt12zFac/QkSArDnOnhnKJcENsxatJVfrhFWt
6MQZp/YJZHz+NVmJAvmyCaF9+7nEdsf+HaUnwUK0YfoS5ZcccxAMkUWOR5y5QhZ9
+TPxqvEmhtjGJUQIk8wyf4eGbzLokWXrGRqFAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUKxM0iCEAt/0Rezi3XAaTPQ796AUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0t4TTBpQ0VBdF8wUmV6
aTNYQWFUUFE3OTZBVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBc47ed
Aj/c6I7740r8QSbRx1IwPqrNubMaZpqKlrrHARNumrSkD2F/STIk5yf2EygCNnMJ
vklrrM7bA4VbAsAcXhFI/Ne+oK5axw/A2HqbsaKL8/TnHib5qjKC/3HXrLMOHyy5
eGPGHT3TmKIi5dl7gITYfA80PrcpM22/hLnwM3EV6yPZjRi0ZprJi0yDSHDenix4
IuPeIFERKLsSroijiHFwOOQOJOXQDpLg0H2J4YmJ688CQ/vJa8EBICimRI4LErXj
i6/1JaU/zKSa5FYaSGeyVeR9uJ2Jd62b3RVHDE2+eVYh0ZQgvcXDtYdW7lHJBJ7h
GKNpX6BpuDLL6UsF
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:54:30 2025 by rpki-client