Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/TzcBSEQBYTZ2EMfNlAcTcOtWQws.roa
File: TzcBSEQBYTZ2EMfNlAcTcOtWQws.roa (raw, json)
Hash identifier: QIBKOh1btOkrtc+oyGkLyVdsya6Rnh2thhpvUt6c03g=
Subject key identifier: 4F:37:01:48:44:01:61:36:76:10:C7:CD:94:07:13:70:EB:56:43:0B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6ED6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/TzcBSEQBYTZ2EMfNlAcTcOtWQws.roa
Signing time: Mon 23 Jun 2025 03:14:15 +0000
ROA not before: Mon 23 Jun 2025 03:14:15 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28374 (0x6ed6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 23 03:14:15 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=4F370148440161367610C7CD94071370EB56430B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:67:22:d4:66:61:6f:42:f7:62:4d:95:f4:07:
53:46:56:7b:e2:90:90:6e:85:60:8d:52:d7:f1:2d:
a9:5c:44:3d:c2:70:64:da:05:57:71:b4:67:6a:7c:
1c:98:7d:27:c2:4b:b4:f8:91:bb:08:a2:0f:cd:fe:
21:b7:87:8b:b8:b7:1c:8a:6a:9c:b4:2a:87:6f:a3:
a0:3d:55:dd:e7:03:6e:9e:71:af:94:02:12:4f:31:
e2:30:cf:2b:e8:65:e1:31:6d:e4:bb:9e:34:7e:cb:
b5:dc:00:b3:52:54:c3:6f:d7:85:ab:6a:22:14:a0:
3f:d6:06:7b:f6:d3:ed:8b:15:91:3e:d5:55:7b:16:
ad:ec:d9:b0:48:c3:12:0b:5d:5b:50:1d:a7:f3:0f:
e9:89:33:94:20:25:69:76:70:6b:35:28:78:81:77:
50:fa:7c:ae:b3:f9:3d:d9:c0:5b:b1:c3:f8:88:42:
29:2e:43:46:f9:5d:71:c7:5d:9b:0e:03:7a:f1:ad:
cf:cc:c7:eb:0b:3c:15:61:e9:e6:43:52:0a:55:c1:
6e:7f:60:d7:e5:3a:73:53:50:0a:12:9c:ae:46:6a:
7f:3b:2e:fa:27:0a:60:40:93:c2:f4:8e:ec:37:40:
d6:ce:59:f0:37:80:cd:44:11:40:e8:68:fa:49:fb:
b8:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:37:01:48:44:01:61:36:76:10:C7:CD:94:07:13:70:EB:56:43:0B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/TzcBSEQBYTZ2EMfNlAcTcOtWQws.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
b0:65:32:0d:51:37:a3:af:6d:63:74:4d:6d:1c:29:ae:ea:0e:
3c:64:89:d2:82:de:6e:75:c7:1b:eb:7a:09:01:65:67:16:6e:
93:ca:ce:b4:7a:f0:9e:b0:48:98:17:07:ba:a1:a1:fe:f8:f6:
88:d7:ef:b7:43:d4:f1:d4:3d:1a:d7:86:cd:71:b5:d0:d5:58:
47:9a:36:b1:a7:a4:0a:a5:f5:f5:1b:5b:73:b9:61:0d:90:4f:
09:9e:9c:eb:64:e0:66:1d:98:75:c3:ac:29:c5:cd:18:b6:84:
6c:3c:23:df:eb:c2:01:18:8f:35:89:77:68:11:27:17:c3:d4:
7f:62:a7:03:af:07:a2:36:cd:35:aa:c4:83:85:8c:14:4f:d7:
5c:73:8b:3f:ec:9b:9d:45:b7:ca:8a:3e:0f:7b:3e:30:34:bd:
18:12:6d:4b:00:7b:2d:f9:7c:a6:18:20:27:6c:7a:08:93:e7:
bb:ee:e7:0c:0e:58:4d:ba:bd:4d:fe:78:71:16:fb:27:d7:68:
2e:ce:f4:40:06:20:14:b2:f2:48:9f:31:94:70:01:49:38:22:
15:cd:df:65:f9:09:62:cc:18:81:5d:65:9b:22:dc:28:67:4f:
7d:ca:4a:32:fc:1f:2f:04:1a:b4:f8:cb:18:a1:ba:88:f1:9e:
49:18:4d:6d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbtYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjMw
MzE0MTVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDRGMzcwMTQ4NDQwMTYx
MzY3NjEwQzdDRDk0MDcxMzcwRUI1NjQzMEIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+ZyLUZmFvQvdiTZX0B1NGVnvikJBuhWCNUtfxLalcRD3CcGTa
BVdxtGdqfByYfSfCS7T4kbsIog/N/iG3h4u4txyKapy0Kodvo6A9Vd3nA26eca+U
AhJPMeIwzyvoZeExbeS7njR+y7XcALNSVMNv14WraiIUoD/WBnv20+2LFZE+1VV7
Fq3s2bBIwxILXVtQHafzD+mJM5QgJWl2cGs1KHiBd1D6fK6z+T3ZwFuxw/iIQiku
Q0b5XXHHXZsOA3rxrc/Mx+sLPBVh6eZDUgpVwW5/YNflOnNTUAoSnK5Gan87Lvon
CmBAk8L0juw3QNbOWfA3gM1EEUDoaPpJ+7hLAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUTzcBSEQBYTZ2EMfNlAcTcOtWQwswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1R6Y0JTRVFCWVRaMkVN
Zk5sQWNUY090V1F3cy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCwZTIN
UTejr21jdE1tHCmu6g48ZInSgt5udccb63oJAWVnFm6Tys60evCesEiYFwe6oaH+
+PaI1++3Q9Tx1D0a14bNcbXQ1VhHmjaxp6QKpfX1G1tzuWENkE8JnpzrZOBmHZh1
w6wpxc0YtoRsPCPf68IBGI81iXdoEScXw9R/YqcDrweiNs01qsSDhYwUT9dcc4s/
7JudRbfKij4Pez4wNL0YEm1LAHst+XymGCAnbHoIk+e77ucMDlhNur1N/nhxFvsn
12guzvRABiAUsvJInzGUcAFJOCIVzd9l+QlizBiBXWWbItwoZ099ykoy/B8vBBq0
+MsYobqI8Z5JGE1t
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:41:15 2025 by rpki-client