Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/RatZ8bfMZk9R4eWaBffb_6IYAuw.roa
File: RatZ8bfMZk9R4eWaBffb_6IYAuw.roa (raw, json)
Hash identifier: 4j1LwF3LFkIywmT+cAVioIxXgkuqIvfOtQSV0RUxsno=
Subject key identifier: 45:AB:59:F1:B7:CC:66:4F:51:E1:E5:9A:05:F7:DB:FF:A2:18:02:EC
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 72C6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/RatZ8bfMZk9R4eWaBffb_6IYAuw.roa
Signing time: Thu 03 Jul 2025 09:14:56 +0000
ROA not before: Thu 03 Jul 2025 09:14:56 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29382 (0x72c6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 3 09:14:56 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=45AB59F1B7CC664F51E1E59A05F7DBFFA21802EC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:8b:f5:5e:2a:03:e5:02:1d:b4:7f:52:dd:cd:
2a:b4:54:4b:ae:86:1d:f2:63:28:77:e4:3d:86:ab:
c2:9b:93:d3:7e:e7:f1:dd:b7:ae:31:e3:06:01:ac:
9b:4d:be:92:2a:10:58:bb:10:c9:b9:d6:d2:2a:2b:
0e:15:8a:ec:42:9e:d1:5c:87:b2:42:04:c2:a8:7c:
f7:70:bb:f0:e9:95:b8:fc:61:ca:1f:a4:bd:56:2b:
c2:20:d7:5a:ac:14:41:c0:74:a9:8d:c8:d6:91:da:
06:b2:bf:15:4f:0d:50:2f:df:12:f9:bf:e7:64:f5:
f3:6b:a4:e0:9b:8f:40:b9:44:d1:83:19:73:13:b0:
84:7f:ea:32:73:45:32:86:7b:4e:d0:27:42:80:26:
c4:79:e3:5a:c5:8e:c3:d1:a1:23:ac:86:4a:80:95:
94:9d:30:c4:bf:75:63:90:b0:1a:92:1a:99:5f:5d:
a8:0e:18:98:e9:45:1b:06:0b:a8:48:72:cb:49:d8:
43:96:ac:7f:9f:b6:a4:89:52:37:d0:01:90:cd:d4:
2b:fe:65:54:47:f2:70:f0:5b:5d:1f:4d:a8:ec:b6:
80:d2:55:8a:a2:05:a1:3c:de:84:2a:f4:d2:c6:81:
3e:38:f7:f7:b1:86:c2:34:ca:19:79:b0:94:88:2b:
a9:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:AB:59:F1:B7:CC:66:4F:51:E1:E5:9A:05:F7:DB:FF:A2:18:02:EC
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/RatZ8bfMZk9R4eWaBffb_6IYAuw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
ac:ac:b1:d5:37:d9:01:4c:0b:d8:50:00:5d:b7:38:e5:31:6a:
40:57:62:14:48:19:de:dc:9d:18:6b:68:b1:b8:4b:cd:3f:3e:
6b:09:7b:91:b7:20:c2:ee:94:7a:b6:5b:28:35:f4:0c:43:ab:
5a:9e:d7:eb:33:ca:13:c4:ce:6e:c6:f4:eb:e5:52:a9:90:56:
97:bd:db:c7:90:a7:95:be:9b:73:20:a2:48:8e:4d:71:e8:b1:
31:db:23:00:d5:fa:8d:ea:3e:a7:08:99:f7:37:90:42:1a:23:
eb:2f:82:0c:45:f4:46:8b:ee:32:1d:c4:b5:dd:d8:fa:98:0e:
7a:8e:65:29:f2:1f:9b:89:28:08:d6:ed:42:23:a2:4c:9b:0b:
82:0b:0d:97:dd:56:6f:5b:92:25:27:73:b5:4a:32:a3:aa:5e:
7b:a6:16:d4:8e:1f:03:f3:65:f1:f5:20:7b:db:70:13:b7:0a:
00:76:b4:1a:73:3a:1c:04:20:66:61:96:de:3f:ef:81:d1:e3:
12:60:8c:ce:04:af:ee:8b:bd:8e:8d:09:ce:51:57:99:9c:b6:
da:bd:98:c7:6b:30:6d:16:52:57:f6:d6:ff:f0:99:83:4c:2c:
b7:22:8d:4b:70:f1:98:21:18:55:0a:29:82:24:05:3c:2e:b5:
fb:87:c4:c5
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcsYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDMw
OTE0NTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDQ1QUI1OUYxQjdDQzY2
NEY1MUUxRTU5QTA1RjdEQkZGQTIxODAyRUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCbi/VeKgPlAh20f1LdzSq0VEuuhh3yYyh35D2Gq8Kbk9N+5/Hd
t64x4wYBrJtNvpIqEFi7EMm51tIqKw4ViuxCntFch7JCBMKofPdwu/Dplbj8Ycof
pL1WK8Ig11qsFEHAdKmNyNaR2gayvxVPDVAv3xL5v+dk9fNrpOCbj0C5RNGDGXMT
sIR/6jJzRTKGe07QJ0KAJsR541rFjsPRoSOshkqAlZSdMMS/dWOQsBqSGplfXagO
GJjpRRsGC6hIcstJ2EOWrH+ftqSJUjfQAZDN1Cv+ZVRH8nDwW10fTajstoDSVYqi
BaE83oQq9NLGgT449/exhsI0yhl5sJSIK6mhAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQURatZ8bfMZk9R4eWaBffb/6IYAuwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1JhdFo4YmZNWms5UjRl
V2FCZmZiXzZJWUF1dy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCsrLHV
N9kBTAvYUABdtzjlMWpAV2IUSBne3J0Ya2ixuEvNPz5rCXuRtyDC7pR6tlsoNfQM
Q6tantfrM8oTxM5uxvTr5VKpkFaXvdvHkKeVvptzIKJIjk1x6LEx2yMA1fqN6j6n
CJn3N5BCGiPrL4IMRfRGi+4yHcS13dj6mA56jmUp8h+biSgI1u1CI6JMmwuCCw2X
3VZvW5IlJ3O1SjKjql57phbUjh8D82Xx9SB723ATtwoAdrQaczocBCBmYZbeP++B
0eMSYIzOBK/ui72OjQnOUVeZnLbavZjHazBtFlJX9tb/8JmDTCy3Io1LcPGYIRhV
CimCJAU8LrX7h8TF
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:44:20 2025 by rpki-client