Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Tdrm1J1ievPDC2qChm_1TKavxTE.roa
File: Tdrm1J1ievPDC2qChm_1TKavxTE.roa (raw, json)
Hash identifier: bvoIFftgs/yhIpD/oNN5ujTH+d4axl/Cl7+yt+FAdGc=
Subject key identifier: 4D:DA:E6:D4:9D:62:7A:F3:C3:0B:6A:82:86:6F:F5:4C:A6:AF:C5:31
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 704E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Tdrm1J1ievPDC2qChm_1TKavxTE.roa
Signing time: Thu 26 Jun 2025 19:14:33 +0000
ROA not before: Thu 26 Jun 2025 19:14:33 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28750 (0x704e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 26 19:14:33 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=4DDAE6D49D627AF3C30B6A82866FF54CA6AFC531
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:ac:02:64:bb:f1:3a:71:30:59:53:c5:fa:da:
e7:73:0a:f5:e4:8b:49:ba:12:8d:c3:91:86:1d:9e:
88:5a:13:06:95:ae:17:f3:38:48:eb:98:7e:df:91:
10:8c:f6:8e:03:c9:bc:84:8d:da:0c:39:09:a1:d1:
f6:97:d1:78:fb:f4:15:e5:0e:67:b5:37:a2:00:42:
8a:6c:97:3e:80:be:a7:63:3d:fe:9e:a7:c0:36:df:
e6:40:11:d5:82:3e:51:d0:ba:68:1b:dc:30:da:99:
ed:bd:8c:1c:ea:63:1e:b8:22:de:30:96:4d:f5:dd:
ed:c8:d8:74:59:a5:b5:67:5d:93:f2:6a:11:4e:08:
95:3a:49:01:d8:0c:00:65:1a:d9:e1:47:de:10:8e:
94:f2:ab:bf:cf:c1:5c:ba:0b:4c:6c:06:af:71:40:
9b:b1:b2:b6:d8:f4:2c:18:d7:af:e6:df:2e:8f:4d:
43:b7:a0:0d:2b:f7:3d:7e:ba:fb:44:25:98:11:e7:
1d:a4:f4:08:81:36:9b:0c:87:1b:12:1a:d4:c7:f9:
8f:72:89:d3:c6:96:ba:d9:81:44:37:b8:f9:2a:16:
e3:b2:77:e5:78:fc:dc:c1:61:33:46:2b:3a:f1:4e:
1e:31:be:40:c7:c4:0a:65:b8:32:c9:c0:7e:04:a8:
2b:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:DA:E6:D4:9D:62:7A:F3:C3:0B:6A:82:86:6F:F5:4C:A6:AF:C5:31
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Tdrm1J1ievPDC2qChm_1TKavxTE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
0d:4d:ae:0a:1d:2c:c4:2d:45:63:47:a0:d5:36:f5:5e:a5:ef:
3e:64:8d:a8:67:a5:f7:d5:47:19:e1:57:dc:a0:c3:05:a2:ff:
f6:dd:87:09:52:df:d4:a3:de:56:7a:ca:4e:17:73:a2:b9:c4:
8d:29:ac:77:b2:67:8c:b5:2d:78:12:0f:1e:bb:d1:90:b1:02:
e7:ed:d5:0f:01:73:3d:97:6c:64:a5:5a:5d:93:a9:53:82:8b:
e4:a0:7a:0f:e2:d9:5e:ad:f5:ae:01:fa:97:bf:52:6b:cc:d8:
8c:53:2d:48:00:da:d0:25:ca:b3:53:bc:f2:37:a5:7b:b7:e6:
c8:bc:c5:1b:8f:4d:45:d1:09:34:64:24:07:41:45:41:70:22:
59:37:58:a0:40:76:50:09:89:ea:f7:da:5d:f6:00:1e:b9:40:
ad:e0:23:c3:6f:0a:83:93:73:d5:48:a4:1d:f1:e2:7a:f7:69:
6e:61:a9:5f:ae:3d:4f:32:b6:65:6b:8c:5e:47:1f:b7:1f:fd:
45:c1:76:55:64:7b:62:18:0c:1f:09:79:a2:98:62:f9:e8:07:
74:7a:bd:f9:65:76:1d:32:2f:03:c5:60:9c:b8:e5:9b:54:9b:
e5:97:4e:af:59:9c:30:c1:8b:d9:ec:5d:52:e3:35:d7:31:df:
de:ec:a3:10
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcE4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjYx
OTE0MzNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDREREFFNkQ0OUQ2MjdB
RjNDMzBCNkE4Mjg2NkZGNTRDQTZBRkM1MzEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6rAJku/E6cTBZU8X62udzCvXki0m6Eo3DkYYdnohaEwaVrhfz
OEjrmH7fkRCM9o4DybyEjdoMOQmh0faX0Xj79BXlDme1N6IAQopslz6AvqdjPf6e
p8A23+ZAEdWCPlHQumgb3DDame29jBzqYx64It4wlk313e3I2HRZpbVnXZPyahFO
CJU6SQHYDABlGtnhR94QjpTyq7/PwVy6C0xsBq9xQJuxsrbY9CwY16/m3y6PTUO3
oA0r9z1+uvtEJZgR5x2k9AiBNpsMhxsSGtTH+Y9yidPGlrrZgUQ3uPkqFuOyd+V4
/NzBYTNGKzrxTh4xvkDHxApluDLJwH4EqCtFAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUTdrm1J1ievPDC2qChm/1TKavxTEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1Rkcm0xSjFpZXZQREMy
cUNobV8xVEthdnhURS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQANTa4K
HSzELUVjR6DVNvVepe8+ZI2oZ6X31UcZ4VfcoMMFov/23YcJUt/Uo95WespOF3Oi
ucSNKax3smeMtS14Eg8eu9GQsQLn7dUPAXM9l2xkpVpdk6lTgovkoHoP4tlerfWu
AfqXv1JrzNiMUy1IANrQJcqzU7zyN6V7t+bIvMUbj01F0Qk0ZCQHQUVBcCJZN1ig
QHZQCYnq99pd9gAeuUCt4CPDbwqDk3PVSKQd8eJ692luYalfrj1PMrZla4xeRx+3
H/1FwXZVZHtiGAwfCXmimGL56Ad0er35ZXYdMi8DxWCcuOWbVJvll06vWZwwwYvZ
7F1S4zXXMd/e7KMQ
-----END CERTIFICATE-----
Generated at Sun Jul 20 20:47:01 2025 by rpki-client