Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/XgRU0etd9KUA5KQFo_GpKliqlWA.roa
File: XgRU0etd9KUA5KQFo_GpKliqlWA.roa (raw, json)
Hash identifier: lmtzXHWKa1fpLiHBiBGWhN9HFOr9jKDGqNB65fNCT9s=
Subject key identifier: 5E:04:54:D1:EB:5D:F4:A5:00:E4:A4:05:A3:F1:A9:2A:58:AA:95:60
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6300
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XgRU0etd9KUA5KQFo_GpKliqlWA.roa
Signing time: Thu 22 May 2025 02:10:45 +0000
ROA not before: Thu 22 May 2025 02:10:45 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25344 (0x6300)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 22 02:10:45 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=5E0454D1EB5DF4A500E4A405A3F1A92A58AA9560
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:1e:a0:a8:60:3a:8d:70:4f:3f:8f:b4:8e:0b:
b3:10:c7:73:10:2e:21:5b:ed:81:c7:20:84:15:95:
5e:b7:48:2e:10:d3:54:77:9d:4f:e8:72:1f:c4:46:
58:ef:1d:51:01:81:78:9a:0e:6e:91:43:52:07:b0:
82:db:5e:da:b1:12:e1:7a:58:b9:88:f6:6f:ee:d1:
10:70:ac:2b:69:0d:00:3e:ab:d7:22:79:c7:04:a0:
2e:0f:18:72:1b:c9:5f:70:93:66:8e:60:34:2a:62:
c5:b6:19:6c:17:c0:ff:0d:0a:79:44:07:d8:85:6f:
26:89:0a:db:aa:3f:b3:aa:32:8e:e2:db:f1:c3:86:
e3:fa:d4:bb:5a:c7:4b:2d:b1:a3:80:93:b3:c4:99:
af:1e:e4:43:fb:b5:a7:7a:7c:c2:6d:1f:21:21:77:
50:43:bd:b7:c1:0c:8b:67:78:93:21:6c:51:b8:f7:
3a:ee:66:af:f8:74:fa:44:ec:7f:18:76:ea:b8:39:
95:9f:a7:1d:b2:a1:0b:6e:31:0e:4e:90:64:6a:2f:
ae:ec:62:2e:c3:fc:38:9a:77:fa:c9:3a:6a:fa:ad:
ed:19:b5:2d:f7:55:68:40:ae:35:9e:1d:de:14:4f:
66:e8:07:df:a8:96:97:26:83:6e:9b:b9:84:a7:bb:
f9:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:04:54:D1:EB:5D:F4:A5:00:E4:A4:05:A3:F1:A9:2A:58:AA:95:60
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XgRU0etd9KUA5KQFo_GpKliqlWA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
bc:52:0f:bd:ec:36:4a:4f:4e:55:46:ee:32:06:0a:22:e0:9f:
17:98:bb:c4:20:3f:80:e3:19:c0:33:83:36:07:1b:b2:6e:40:
a6:83:87:7a:80:2b:59:8b:b7:12:82:a5:89:dd:65:0a:97:56:
88:7e:2a:82:d0:a1:ec:5c:40:46:87:41:15:5a:cd:90:70:e5:
f9:4a:df:23:ad:35:67:05:da:2d:04:1c:5c:2c:36:60:5a:c3:
7e:66:47:9e:b1:99:69:aa:66:04:64:67:16:d3:0e:c3:7a:65:
da:01:13:5e:46:56:4c:e2:ea:99:63:c2:22:fe:54:05:9d:78:
5a:17:bd:4b:e5:91:13:d3:20:18:3e:14:de:54:b8:03:ea:1c:
22:80:eb:d6:a8:72:08:db:ff:52:18:f7:bc:e5:84:aa:31:2e:
b1:9d:bb:10:1f:7b:0e:de:5d:d5:6e:e9:4d:cc:b2:2b:68:c5:
98:4f:72:0c:9e:39:81:2a:c8:4a:4f:b7:a6:e4:85:cd:83:d9:
74:53:0c:69:a1:50:02:e8:dd:49:eb:f9:65:16:f6:ef:af:83:
f4:29:67:61:df:7d:b5:c3:e1:e4:2b:c7:4e:3f:d3:08:ca:79:
88:8e:4c:d1:58:87:6c:dd:d1:72:ef:36:ee:80:9d:d1:c8:77:
a8:7b:74:26
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYwAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjIw
MjEwNDVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDVFMDQ1NEQxRUI1REY0
QTUwMEU0QTQwNUEzRjFBOTJBNThBQTk1NjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDtHqCoYDqNcE8/j7SOC7MQx3MQLiFb7YHHIIQVlV63SC4Q01R3
nU/och/ERljvHVEBgXiaDm6RQ1IHsILbXtqxEuF6WLmI9m/u0RBwrCtpDQA+q9ci
eccEoC4PGHIbyV9wk2aOYDQqYsW2GWwXwP8NCnlEB9iFbyaJCtuqP7OqMo7i2/HD
huP61Ltax0stsaOAk7PEma8e5EP7tad6fMJtHyEhd1BDvbfBDItneJMhbFG49zru
Zq/4dPpE7H8Yduq4OZWfpx2yoQtuMQ5OkGRqL67sYi7D/Diad/rJOmr6re0ZtS33
VWhArjWeHd4UT2boB9+olpcmg26buYSnu/kXAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUXgRU0etd9KUA5KQFo/GpKliqlWAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1hnUlUwZXRkOUtVQTVL
UUZvX0dwS2xpcWxXQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQC8Ug+9
7DZKT05VRu4yBgoi4J8XmLvEID+A4xnAM4M2BxuybkCmg4d6gCtZi7cSgqWJ3WUK
l1aIfiqC0KHsXEBGh0EVWs2QcOX5St8jrTVnBdotBBxcLDZgWsN+ZkeesZlpqmYE
ZGcW0w7DemXaARNeRlZM4uqZY8Ii/lQFnXhaF71L5ZET0yAYPhTeVLgD6hwigOvW
qHII2/9SGPe85YSqMS6xnbsQH3sO3l3VbulNzLIraMWYT3IMnjmBKshKT7em5IXN
g9l0UwxpoVAC6N1J6/llFvbvr4P0KWdh3321w+HkK8dOP9MIynmIjkzRWIds3dFy
7zbugJ3RyHeoe3Qm
-----END CERTIFICATE-----
Generated at Wed Jun 4 02:23:15 2025 by rpki-client