Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/O6ZfOPYwfF3-6ACqYfuD_AxkPag.roa
File: O6ZfOPYwfF3-6ACqYfuD_AxkPag.roa (raw, json)
Hash identifier: 5tXJYpRCblGdRuTpk0cvkw0tksHLBDwJExMr5764aBs=
Subject key identifier: 3B:A6:5F:38:F6:30:7C:5D:FE:E8:00:AA:61:FB:83:FC:0C:64:3D:A8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 64E0
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/O6ZfOPYwfF3-6ACqYfuD_AxkPag.roa
Signing time: Tue 27 May 2025 02:12:31 +0000
ROA not before: Tue 27 May 2025 02:12:31 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25824 (0x64e0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 27 02:12:31 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=3BA65F38F6307C5DFEE800AA61FB83FC0C643DA8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:15:56:3c:ec:b6:f8:7e:fb:be:eb:8d:57:c4:
75:e9:00:db:5e:8b:9e:4a:39:76:06:13:3c:5a:25:
81:da:3c:95:66:bf:9b:68:73:18:29:03:da:f5:5c:
ea:92:64:d2:13:be:83:68:84:9a:df:ac:63:43:2b:
d1:12:d2:20:77:a8:f1:5c:93:f9:80:ce:f8:61:59:
18:69:96:e9:dd:3c:58:be:d8:28:54:c7:87:fa:c9:
11:36:33:f2:88:22:d9:0c:a6:af:9b:27:d7:56:a8:
3e:13:9b:a5:c5:6e:52:1d:81:56:c2:a3:60:77:b7:
9a:a8:64:ea:e2:d0:6c:cb:b5:9b:96:79:9e:40:27:
e0:1e:79:44:ce:a1:ff:ac:71:9c:61:91:fc:72:6d:
ed:38:83:bb:4f:95:a0:ec:6b:a3:3d:3d:10:61:ec:
44:21:6d:32:b2:c5:16:28:1c:b5:8c:e6:5c:2c:df:
90:fb:23:c5:00:d7:d5:75:fd:83:b2:8a:f7:d4:7e:
95:6e:33:9a:64:b9:89:d5:1d:6b:67:f4:e6:da:e9:
a4:ed:87:6a:4f:e6:eb:11:b9:84:ff:00:f6:dc:82:
f0:75:0a:11:5e:8d:f2:1c:3e:a8:bb:9f:ad:63:ee:
5b:72:6e:f7:a0:47:94:1f:33:5b:5a:b0:a0:1d:9c:
ba:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:A6:5F:38:F6:30:7C:5D:FE:E8:00:AA:61:FB:83:FC:0C:64:3D:A8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/O6ZfOPYwfF3-6ACqYfuD_AxkPag.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
10:c9:58:5f:a1:dd:f8:fe:10:62:b0:e3:83:dc:60:d6:45:f4:
42:23:9a:fd:1e:ae:31:5d:f4:09:8a:a9:6c:0d:f8:bc:51:53:
ac:ed:60:e1:d6:d4:95:23:91:a1:47:26:84:cf:4c:89:2b:4c:
69:92:ca:e2:1d:60:c8:53:46:f7:8a:9d:3f:ff:0e:3f:b1:d7:
a6:fc:11:96:01:f8:a5:ae:50:75:e6:8c:3c:dd:9f:cf:4b:17:
01:0f:5f:b9:f7:cf:27:93:3d:d9:30:f4:d3:27:28:6d:df:ec:
56:6f:bb:84:51:5d:52:ab:97:21:34:22:a4:2c:3d:53:9b:24:
95:f6:83:c0:75:a7:51:74:fc:8c:ad:41:66:5c:9d:65:a7:96:
89:60:9b:9e:c6:f9:43:a3:e2:37:20:a4:19:82:e4:39:ee:66:
77:1c:d6:5a:2f:fa:08:6a:4d:31:94:28:dc:38:f7:4a:83:6e:
b3:97:ef:ca:9f:92:8b:86:96:80:d4:be:5d:2a:18:98:97:34:
5a:f3:af:f4:a8:63:2a:f4:9e:c9:b5:2b:9e:3a:3d:04:a9:e7:
ad:55:6f:1c:72:67:92:f5:80:6b:0e:0e:27:29:06:f1:f7:7c:
4d:a8:68:f2:a1:22:ae:fb:b4:52:8c:95:3b:76:6c:32:04:43:
7d:a4:0e:d7
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZOAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1Mjcw
MjEyMzFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDNCQTY1RjM4RjYzMDdD
NURGRUU4MDBBQTYxRkI4M0ZDMEM2NDNEQTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDEFVY87Lb4fvu+641XxHXpANtei55KOXYGEzxaJYHaPJVmv5to
cxgpA9r1XOqSZNITvoNohJrfrGNDK9ES0iB3qPFck/mAzvhhWRhplundPFi+2ChU
x4f6yRE2M/KIItkMpq+bJ9dWqD4Tm6XFblIdgVbCo2B3t5qoZOri0GzLtZuWeZ5A
J+AeeUTOof+scZxhkfxybe04g7tPlaDsa6M9PRBh7EQhbTKyxRYoHLWM5lws35D7
I8UA19V1/YOyivfUfpVuM5pkuYnVHWtn9Oba6aTth2pP5usRuYT/APbcgvB1ChFe
jfIcPqi7n61j7ltybvegR5QfM1tasKAdnLqDAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUO6ZfOPYwfF3+6ACqYfuD/AxkPagwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L082WmZPUFl3ZkYzLTZB
Q3FZZnVEX0F4a1BhZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAQyVhf
od34/hBisOOD3GDWRfRCI5r9Hq4xXfQJiqlsDfi8UVOs7WDh1tSVI5GhRyaEz0yJ
K0xpksriHWDIU0b3ip0//w4/sdem/BGWAfilrlB15ow83Z/PSxcBD1+5988nkz3Z
MPTTJyht3+xWb7uEUV1Sq5chNCKkLD1TmySV9oPAdadRdPyMrUFmXJ1lp5aJYJue
xvlDo+I3IKQZguQ57mZ3HNZaL/oIak0xlCjcOPdKg26zl+/Kn5KLhpaA1L5dKhiY
lzRa86/0qGMq9J7JtSueOj0EqeetVW8ccmeS9YBrDg4nKQbx93xNqGjyoSKu+7RS
jJU7dmwyBEN9pA7X
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:02:26 2025 by rpki-client