Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ZW5POqHgQenD61m_WZByIJsNuw4.roa
File: ZW5POqHgQenD61m_WZByIJsNuw4.roa (raw, json)
Hash identifier: wO3SG4AfPKhnu85Eus6a0dsOP5/a53K59SHvamm0vhE=
Subject key identifier: 65:6E:4F:3A:A1:E0:41:E9:C3:EB:59:BF:59:90:72:20:9B:0D:BB:0E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 64C4
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZW5POqHgQenD61m_WZByIJsNuw4.roa
Signing time: Mon 26 May 2025 19:13:31 +0000
ROA not before: Mon 26 May 2025 19:13:31 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25796 (0x64c4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 26 19:13:31 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=656E4F3AA1E041E9C3EB59BF599072209B0DBB0E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:0e:36:19:bf:5e:44:d2:f5:c8:e4:9f:59:af:
40:ca:9b:c1:0f:90:1b:19:08:31:8e:0f:14:5f:89:
32:4e:1b:37:a1:eb:b0:e0:2d:16:1e:60:ee:68:ce:
80:25:31:63:e1:5d:8b:fe:04:2f:2f:4a:ff:e4:ca:
e3:cb:8e:ca:6c:0a:89:cc:b1:e9:ce:8e:14:96:98:
8b:1b:4c:bd:48:7c:58:2c:04:3f:c9:8a:77:b1:85:
3e:ca:c3:7c:63:fd:be:c0:50:90:9f:75:47:5a:3f:
86:b1:fe:5e:3a:9d:72:ba:0b:ca:78:32:96:9c:b4:
6e:e8:be:68:d3:14:0c:57:63:0b:bb:dd:1f:0b:86:
4c:11:fc:73:e4:ba:f0:47:bd:59:d2:50:3a:06:06:
d7:58:16:c5:be:c7:dc:c1:71:0d:08:68:27:0e:df:
d9:b0:16:2d:b4:86:69:02:21:80:50:d7:60:6a:69:
dd:e5:2f:f0:40:22:62:0d:94:41:68:53:98:21:f8:
d0:6d:bd:05:d5:5a:16:a9:1c:e6:70:50:8a:51:42:
19:bb:64:1b:37:a7:94:9e:19:5f:9b:a5:a9:cf:fd:
d9:c0:8b:cf:88:65:ff:b0:2f:e3:c8:01:2f:06:f2:
97:46:4c:29:e7:11:d5:fa:24:d3:0a:bd:d4:0d:12:
67:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:6E:4F:3A:A1:E0:41:E9:C3:EB:59:BF:59:90:72:20:9B:0D:BB:0E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZW5POqHgQenD61m_WZByIJsNuw4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
6c:1b:c7:aa:48:8b:cf:b7:9f:86:66:7f:8e:63:0c:21:09:ae:
84:df:21:55:62:1d:28:b2:d1:ac:14:0a:a7:2e:bc:ca:db:e3:
6b:7d:3c:91:08:f0:4c:51:de:87:b8:3f:22:f2:9b:6d:d0:45:
c9:b0:b7:40:2f:e4:db:e6:2e:08:09:70:2e:64:ee:32:2e:d4:
1a:de:13:32:cd:b4:6f:19:c4:7e:d7:9b:6a:2b:2a:6b:96:2a:
8b:61:93:ce:47:fd:bc:03:11:68:a0:94:cd:d9:23:31:fd:84:
21:cc:39:5f:91:00:93:ad:e7:b0:8d:37:c8:0f:e3:0c:0e:44:
0d:6c:e3:51:a4:33:e9:0a:6d:dd:31:8e:fb:06:c5:41:c2:8b:
b4:8a:65:c0:03:35:33:a5:3c:75:1b:65:2d:78:7c:df:87:17:
18:a9:fb:66:87:7f:8a:e4:fe:02:67:f2:e1:12:27:b4:26:27:
ad:11:28:df:54:a7:e9:0d:e8:12:6c:43:ac:f7:bd:c5:cf:bc:
dc:a5:1f:45:63:e3:69:f5:17:a6:78:ff:ef:9d:84:c1:f1:28:
ef:17:ee:e4:86:eb:06:1d:ef:af:68:b3:9d:32:b0:fb:f7:f5:
41:e8:84:97:39:d7:52:b1:25:c4:13:fd:46:1e:94:3e:8f:ec:
f8:72:5e:1b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZMQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjYx
OTEzMzFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDY1NkU0RjNBQTFFMDQx
RTlDM0VCNTlCRjU5OTA3MjIwOUIwREJCMEUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7DjYZv15E0vXI5J9Zr0DKm8EPkBsZCDGODxRfiTJOGzeh67Dg
LRYeYO5ozoAlMWPhXYv+BC8vSv/kyuPLjspsConMsenOjhSWmIsbTL1IfFgsBD/J
inexhT7Kw3xj/b7AUJCfdUdaP4ax/l46nXK6C8p4MpactG7ovmjTFAxXYwu73R8L
hkwR/HPkuvBHvVnSUDoGBtdYFsW+x9zBcQ0IaCcO39mwFi20hmkCIYBQ12Bqad3l
L/BAImINlEFoU5gh+NBtvQXVWhapHOZwUIpRQhm7ZBs3p5SeGV+bpanP/dnAi8+I
Zf+wL+PIAS8G8pdGTCnnEdX6JNMKvdQNEmdFAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUZW5POqHgQenD61m/WZByIJsNuw4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1pXNVBPcUhnUWVuRDYx
bV9XWkJ5SUpzTnV3NC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBsG8eq
SIvPt5+GZn+OYwwhCa6E3yFVYh0ostGsFAqnLrzK2+NrfTyRCPBMUd6HuD8i8ptt
0EXJsLdAL+Tb5i4ICXAuZO4yLtQa3hMyzbRvGcR+15tqKyprliqLYZPOR/28AxFo
oJTN2SMx/YQhzDlfkQCTreewjTfID+MMDkQNbONRpDPpCm3dMY77BsVBwou0imXA
AzUzpTx1G2UteHzfhxcYqftmh3+K5P4CZ/LhEie0JietESjfVKfpDegSbEOs973F
z7zcpR9FY+Np9RemeP/vnYTB8SjvF+7khusGHe+vaLOdMrD79/VB6ISXOddSsSXE
E/1GHpQ+j+z4cl4b
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:17:30 2025 by rpki-client