Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/XqLvJ1Pi5YaBtpWdb4a-u6--8Ck.roa
File: XqLvJ1Pi5YaBtpWdb4a-u6--8Ck.roa (raw, json)
Hash identifier: rjXRWbcFd7NJ2s8TwlUofa4u3lhY3qScsIG6+HRBE8k=
Subject key identifier: 5E:A2:EF:27:53:E2:E5:86:81:B6:95:9D:6F:86:BE:BB:AF:BE:F0:29
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6470
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XqLvJ1Pi5YaBtpWdb4a-u6--8Ck.roa
Signing time: Sun 25 May 2025 22:11:04 +0000
ROA not before: Sun 25 May 2025 22:11:04 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25712 (0x6470)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 25 22:11:04 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=5EA2EF2753E2E58681B6959D6F86BEBBAFBEF029
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:13:42:66:0b:a7:ea:a1:1f:9c:a6:52:e6:cf:
f9:13:87:d2:39:8f:02:80:aa:7f:04:66:12:d1:8b:
34:1d:ae:bf:d4:82:77:ac:68:7a:79:2e:4d:3d:bc:
fc:f3:13:31:fb:e0:44:50:ab:04:1f:22:6b:0a:f3:
f0:81:42:d3:50:3f:fe:6b:d0:89:d9:46:c9:c1:90:
3a:f2:19:49:2b:36:83:6c:6b:85:12:77:39:6b:b6:
8e:6d:e3:71:ac:8a:1d:0c:f7:90:4c:d4:bb:9f:2b:
ba:67:fd:4f:7c:55:cb:10:9e:e7:fd:7f:30:55:27:
b2:5f:5e:d1:af:19:0b:ad:c7:c0:80:6f:43:8d:9b:
fe:3b:85:2f:50:f5:52:8c:f8:ae:f8:e2:41:36:9d:
64:dd:d0:03:a2:53:18:67:23:9b:e0:1b:03:bb:eb:
9e:ef:e7:e4:97:1f:37:7a:d8:26:fe:7f:97:6c:e4:
19:c4:9a:30:78:ed:56:a1:f2:60:c0:51:c8:40:43:
62:d7:bf:97:31:4f:61:5c:6b:94:00:c1:bc:be:db:
25:c3:9c:4b:c1:fd:cb:44:31:74:3e:ae:25:c5:fb:
32:7b:1b:c5:ab:14:b8:14:0f:e2:31:b6:b1:0e:5b:
32:e4:13:52:12:f3:6d:68:32:38:a7:75:b1:20:1e:
6e:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:A2:EF:27:53:E2:E5:86:81:B6:95:9D:6F:86:BE:BB:AF:BE:F0:29
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XqLvJ1Pi5YaBtpWdb4a-u6--8Ck.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
63:73:28:fb:ce:0e:fc:2e:28:f5:88:99:cd:93:d7:3e:35:20:
f8:80:9d:3e:6e:d0:9d:53:36:b8:f5:92:2a:36:41:55:99:60:
dd:34:32:24:35:ca:b4:2b:0b:34:c7:b4:fd:78:a1:f5:71:19:
94:09:ea:55:b7:fe:f4:0b:ce:ae:68:90:10:cf:b0:51:e6:d8:
98:70:b2:47:c6:14:a2:c6:d3:d0:3d:fa:be:9b:7f:8b:b7:d9:
9a:02:1e:a6:57:b0:76:0b:2a:0f:89:af:fd:37:70:a9:7d:40:
c1:fb:e4:55:49:1c:f1:18:13:23:7c:33:a0:d0:0a:5e:33:a9:
fc:42:0c:99:ee:45:c2:31:4f:bc:2e:b1:c7:fc:6b:0c:5d:a1:
f3:ac:4d:b6:b5:b0:99:dd:15:15:c1:98:ec:0b:ff:03:45:48:
68:a7:4e:fd:d4:21:65:2d:1f:8a:01:49:8a:b4:36:c6:2d:77:
a4:11:53:e5:b6:ee:2e:c2:e8:83:b8:b3:7b:02:21:e2:b3:03:
bf:75:7b:12:f1:04:25:eb:5f:a9:63:64:9d:0e:65:b9:f8:67:
cd:47:a5:4d:69:c2:82:de:c5:49:0f:b2:14:06:c0:68:74:86:
ce:04:31:6c:b1:9b:00:e6:80:25:26:0d:c9:b2:59:c8:c0:99:
b8:00:ec:96
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZHAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjUy
MjExMDRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDVFQTJFRjI3NTNFMkU1
ODY4MUI2OTU5RDZGODZCRUJCQUZCRUYwMjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDOE0JmC6fqoR+cplLmz/kTh9I5jwKAqn8EZhLRizQdrr/Ugnes
aHp5Lk09vPzzEzH74ERQqwQfImsK8/CBQtNQP/5r0InZRsnBkDryGUkrNoNsa4US
dzlrto5t43Gsih0M95BM1LufK7pn/U98VcsQnuf9fzBVJ7JfXtGvGQutx8CAb0ON
m/47hS9Q9VKM+K744kE2nWTd0AOiUxhnI5vgGwO7657v5+SXHzd62Cb+f5ds5BnE
mjB47Vah8mDAUchAQ2LXv5cxT2Fca5QAwby+2yXDnEvB/ctEMXQ+riXF+zJ7G8Wr
FLgUD+IxtrEOWzLkE1IS821oMjindbEgHm6vAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUXqLvJ1Pi5YaBtpWdb4a+u6++8CkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1hxTHZKMVBpNVlhQnRw
V2RiNGEtdTYtLThDay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBjcyj7
zg78Lij1iJnNk9c+NSD4gJ0+btCdUza49ZIqNkFVmWDdNDIkNcq0Kws0x7T9eKH1
cRmUCepVt/70C86uaJAQz7BR5tiYcLJHxhSixtPQPfq+m3+Lt9maAh6mV7B2CyoP
ia/9N3CpfUDB++RVSRzxGBMjfDOg0ApeM6n8QgyZ7kXCMU+8LrHH/GsMXaHzrE22
tbCZ3RUVwZjsC/8DRUhop0791CFlLR+KAUmKtDbGLXekEVPltu4uwuiDuLN7AiHi
swO/dXsS8QQl61+pY2SdDmW5+GfNR6VNacKC3sVJD7IUBsBodIbOBDFssZsA5oAl
Jg3JslnIwJm4AOyW
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:52:25 2025 by rpki-client