Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/XLOrv0Pw0TPFhQuRoziqIt4fegQ.roa
File: XLOrv0Pw0TPFhQuRoziqIt4fegQ.roa (raw, json)
Hash identifier: 0McJjU9YpQHG5Kdet1+0k+ng8aYUdh1qA9B8Y/rwAmo=
Subject key identifier: 5C:B3:AB:BF:43:F0:D1:33:C5:85:0B:91:A3:38:AA:22:DE:1F:7A:04
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6F3E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XLOrv0Pw0TPFhQuRoziqIt4fegQ.roa
Signing time: Tue 24 Jun 2025 05:14:23 +0000
ROA not before: Tue 24 Jun 2025 05:14:23 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28478 (0x6f3e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 24 05:14:23 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=5CB3ABBF43F0D133C5850B91A338AA22DE1F7A04
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:54:60:76:8d:15:37:4e:08:0f:f9:2c:11:2e:
09:29:93:ed:09:80:ea:57:26:73:04:0f:98:d9:b1:
c8:00:1d:09:08:75:fd:81:16:4f:d9:a5:0b:e7:57:
65:91:4a:79:8b:6f:9a:ac:df:ed:3a:2f:54:9f:c2:
a6:c9:77:8d:d4:b3:0d:ec:f4:ea:37:8e:84:ae:84:
49:f2:6f:f5:2b:1d:6b:7e:4f:e3:c2:78:29:53:95:
e7:ed:7e:92:1b:73:41:23:a6:e6:05:f4:d8:2c:64:
2c:a9:88:f7:e2:21:f1:1e:cd:1f:a2:e4:3f:3c:2d:
98:82:08:3d:ce:10:db:0a:8f:7f:d2:dc:8c:33:61:
65:24:05:57:0c:0d:d0:f9:75:bc:82:d0:23:39:65:
ea:c1:91:84:fc:3f:9c:85:a7:e7:32:90:65:e2:a8:
68:8f:f1:44:6c:e7:3b:81:e5:3d:45:06:9d:c6:f3:
c3:14:1e:bd:7f:b1:80:e7:d4:7b:70:1d:c6:4f:49:
b0:a4:f8:d3:8f:68:82:52:0c:ea:3e:54:65:b9:e8:
b6:8f:6c:92:88:10:49:bb:dc:81:cb:3f:e8:0d:6f:
40:b0:0e:18:c4:21:7c:9c:f1:c0:14:ef:0d:eb:fd:
43:d4:fc:ed:d0:23:b2:3e:5e:a2:d2:58:e1:c0:79:
82:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:B3:AB:BF:43:F0:D1:33:C5:85:0B:91:A3:38:AA:22:DE:1F:7A:04
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XLOrv0Pw0TPFhQuRoziqIt4fegQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
6b:da:32:e3:ed:2b:59:78:ec:11:22:9e:ab:3b:60:2b:9f:ee:
63:30:3e:98:81:09:e7:50:d3:d9:1d:b7:55:2e:e6:e3:70:d6:
ed:fe:bf:38:5a:b0:de:ae:b0:35:59:de:ac:ef:37:c0:3f:a1:
91:55:47:dd:57:7b:d0:2d:43:86:64:10:94:35:bf:23:d1:d0:
91:cd:dd:a1:dc:06:b6:98:1f:a2:fc:15:1a:07:0d:23:57:3b:
65:7c:f1:0b:ff:79:2f:e3:66:a8:f6:82:2f:36:5c:1b:6b:ed:
96:0b:ac:65:d9:1e:15:96:be:54:41:4f:39:df:14:58:3f:33:
31:7c:a9:cc:5c:11:de:b7:5b:34:41:19:54:38:ed:44:31:f6:
6c:aa:34:f9:f7:6f:62:4b:6c:bb:2f:09:5f:e5:a2:05:22:9c:
16:63:01:eb:1a:3e:cb:5f:ae:78:0d:b7:12:5b:93:8d:4f:cf:
3e:b8:ea:9b:39:95:c3:6d:c9:ac:ec:07:70:34:19:98:8b:3c:
0f:39:e8:9c:f1:3b:25:db:bf:c6:24:0e:f6:8c:42:90:67:92:
68:15:ac:d6:e3:61:53:f5:3e:7a:32:bf:c8:46:81:bc:d0:f0:
0a:1a:0a:56:b0:03:79:84:c7:ec:ab:8a:52:6b:d5:0d:31:60:
f6:bf:b0:94
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbz4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjQw
NTE0MjNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDVDQjNBQkJGNDNGMEQx
MzNDNTg1MEI5MUEzMzhBQTIyREUxRjdBMDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDAVGB2jRU3TggP+SwRLgkpk+0JgOpXJnMED5jZscgAHQkIdf2B
Fk/ZpQvnV2WRSnmLb5qs3+06L1SfwqbJd43Usw3s9Oo3joSuhEnyb/UrHWt+T+PC
eClTleftfpIbc0EjpuYF9NgsZCypiPfiIfEezR+i5D88LZiCCD3OENsKj3/S3Iwz
YWUkBVcMDdD5dbyC0CM5ZerBkYT8P5yFp+cykGXiqGiP8URs5zuB5T1FBp3G88MU
Hr1/sYDn1HtwHcZPSbCk+NOPaIJSDOo+VGW56LaPbJKIEEm73IHLP+gNb0CwDhjE
IXyc8cAU7w3r/UPU/O3QI7I+XqLSWOHAeYI9AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUXLOrv0Pw0TPFhQuRoziqIt4fegQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1hMT3J2MFB3MFRQRmhR
dVJvemlxSXQ0ZmVnUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBr2jLj
7StZeOwRIp6rO2Arn+5jMD6YgQnnUNPZHbdVLubjcNbt/r84WrDerrA1Wd6s7zfA
P6GRVUfdV3vQLUOGZBCUNb8j0dCRzd2h3Aa2mB+i/BUaBw0jVztlfPEL/3kv42ao
9oIvNlwba+2WC6xl2R4Vlr5UQU853xRYPzMxfKnMXBHet1s0QRlUOO1EMfZsqjT5
929iS2y7Lwlf5aIFIpwWYwHrGj7LX654DbcSW5ONT88+uOqbOZXDbcms7AdwNBmY
izwPOeic8Tsl27/GJA72jEKQZ5JoFazW42FT9T56Mr/IRoG80PAKGgpWsAN5hMfs
q4pSa9UNMWD2v7CU
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:55:55 2025 by rpki-client