Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ZOd2iWEL7e-4Uw62jfNm_RHF4lc.roa
File: ZOd2iWEL7e-4Uw62jfNm_RHF4lc.roa (raw, json)
Hash identifier: bTBihyWDMphGpvgC5scaZl3wTGNtnDObNXSSZ9GiDc8=
Subject key identifier: 64:E7:76:89:61:0B:ED:EF:B8:53:0E:B6:8D:F3:66:FD:11:C5:E2:57
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 61B8
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZOd2iWEL7e-4Uw62jfNm_RHF4lc.roa
Signing time: Sun 18 May 2025 16:10:36 +0000
ROA not before: Sun 18 May 2025 16:10:36 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25016 (0x61b8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 18 16:10:36 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=64E77689610BEDEFB8530EB68DF366FD11C5E257
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:3d:c0:a1:ef:4c:6c:b5:ac:96:12:d3:01:f2:
96:f0:f9:79:a5:65:5a:da:d7:8a:95:00:25:ff:c5:
d6:e3:c8:db:3f:32:bb:d8:64:19:0f:c4:fd:9c:48:
09:32:af:38:80:29:e6:f9:c0:f9:32:19:72:90:d1:
9b:81:80:b4:7c:ef:23:80:e0:d3:cf:23:4e:fd:40:
07:33:37:7b:d4:8c:98:66:61:df:b9:53:fc:84:23:
93:8f:08:33:a4:61:59:59:2f:e4:d8:c9:8d:9b:13:
a1:70:52:24:55:a7:d0:b5:b8:ed:fc:c9:50:31:88:
1c:45:39:91:0b:a8:44:2d:74:8a:90:0a:99:82:bb:
b2:fd:b3:e7:2a:e8:2a:4e:4d:96:f4:80:98:bc:e1:
1c:c2:54:3a:32:cd:17:cf:2d:4e:f6:df:d0:bb:3d:
70:97:61:b6:b9:87:11:11:fa:09:5c:e2:b1:58:f8:
2a:1a:9c:88:9f:b8:75:4c:4c:dc:5b:51:77:ed:e3:
0a:1d:ff:81:23:47:79:20:43:69:4d:7d:e8:9d:ef:
e7:9c:4c:84:9e:a7:8b:95:6c:cf:19:89:78:50:b5:
50:7e:39:8f:0b:5e:de:fe:44:99:49:06:cf:4e:17:
9d:61:cd:a1:d0:88:b9:14:77:69:83:19:ec:74:bd:
23:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:E7:76:89:61:0B:ED:EF:B8:53:0E:B6:8D:F3:66:FD:11:C5:E2:57
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZOd2iWEL7e-4Uw62jfNm_RHF4lc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
9c:0d:48:98:b1:f5:e5:f8:91:7c:33:5e:42:f5:85:97:0c:ab:
c4:2d:a3:af:a5:80:ad:52:b4:fa:cc:1b:db:08:aa:97:16:8c:
ac:05:e6:15:6c:08:32:bd:45:12:c2:86:cb:d7:c7:04:ce:4b:
8c:58:4b:5c:1c:c1:8c:a6:16:e8:cf:9a:93:45:78:5a:8d:51:
44:1f:b8:f9:08:a2:1f:49:f1:46:ef:2f:81:86:d0:4b:34:2e:
cc:48:de:4a:48:56:47:10:fd:73:69:e6:77:ee:55:fe:8c:60:
19:3f:bc:cf:06:2c:32:f0:9d:bc:3b:ef:d1:53:3f:23:69:a1:
fe:fb:07:f4:28:f4:bf:b2:af:d4:8d:06:a8:5b:8f:81:94:3b:
bc:a3:8e:5a:3f:a4:13:fc:f0:ee:57:ed:0b:16:a9:17:eb:83:
ff:03:c0:87:ba:7b:22:e6:b7:1f:11:a2:87:2d:48:c6:4f:fa:
50:4c:f7:55:dd:ab:eb:28:d9:f0:52:6e:43:8b:7a:30:59:31:
71:4e:7a:92:e8:3e:e3:de:f0:44:00:12:a0:6c:12:45:52:42:
d3:7a:8f:40:1f:76:85:5e:4e:4c:a5:16:55:f9:d2:87:75:aa:
84:ec:42:37:c1:14:da:b4:1b:f9:bb:5c:81:d5:5c:2e:a0:af:
00:a5:9a:60
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYbgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTgx
NjEwMzZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDY0RTc3Njg5NjEwQkVE
RUZCODUzMEVCNjhERjM2NkZEMTFDNUUyNTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDIPcCh70xstayWEtMB8pbw+XmlZVra14qVACX/xdbjyNs/MrvY
ZBkPxP2cSAkyrziAKeb5wPkyGXKQ0ZuBgLR87yOA4NPPI079QAczN3vUjJhmYd+5
U/yEI5OPCDOkYVlZL+TYyY2bE6FwUiRVp9C1uO38yVAxiBxFOZELqEQtdIqQCpmC
u7L9s+cq6CpOTZb0gJi84RzCVDoyzRfPLU7239C7PXCXYba5hxER+glc4rFY+Coa
nIifuHVMTNxbUXft4wod/4EjR3kgQ2lNfeid7+ecTISep4uVbM8ZiXhQtVB+OY8L
Xt7+RJlJBs9OF51hzaHQiLkUd2mDGex0vSNDAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUZOd2iWEL7e+4Uw62jfNm/RHF4lcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1pPZDJpV0VMN2UtNFV3
NjJqZk5tX1JIRjRsYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCcDUiY
sfXl+JF8M15C9YWXDKvELaOvpYCtUrT6zBvbCKqXFoysBeYVbAgyvUUSwobL18cE
zkuMWEtcHMGMphboz5qTRXhajVFEH7j5CKIfSfFG7y+BhtBLNC7MSN5KSFZHEP1z
aeZ37lX+jGAZP7zPBiwy8J28O+/RUz8jaaH++wf0KPS/sq/UjQaoW4+BlDu8o45a
P6QT/PDuV+0LFqkX64P/A8CHunsi5rcfEaKHLUjGT/pQTPdV3avrKNnwUm5Di3ow
WTFxTnqS6D7j3vBEABKgbBJFUkLTeo9AH3aFXk5MpRZV+dKHdaqE7EI3wRTatBv5
u1yB1VwuoK8ApZpg
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:59:06 2025 by rpki-client