Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/_5En5WJpIpU6KgHI8keWLxyfuhU.roa
File: _5En5WJpIpU6KgHI8keWLxyfuhU.roa (raw, json)
Hash identifier: xF1XGQNWtwdXmzZbxFXRcjmi5KOeXTh8mueVHkTgwto=
Subject key identifier: FF:91:27:E5:62:69:22:95:3A:2A:01:C8:F2:47:96:2F:1C:9F:BA:15
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 629A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_5En5WJpIpU6KgHI8keWLxyfuhU.roa
Signing time: Wed 21 May 2025 00:40:46 +0000
ROA not before: Wed 21 May 2025 00:40:46 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25242 (0x629a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 21 00:40:46 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=FF9127E5626922953A2A01C8F247962F1C9FBA15
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:8a:51:6d:8b:ab:f4:59:2f:fe:30:19:a7:80:
e3:32:5b:bd:94:46:eb:08:39:c7:cc:fa:d2:e4:11:
52:26:62:5e:37:fa:6e:4f:73:76:b5:33:f6:5f:9b:
23:15:4f:ea:67:63:31:36:c5:d3:2a:ea:7c:0b:9e:
f5:c5:1b:55:34:b6:13:f7:0c:2b:2a:c4:0a:da:27:
d6:03:1a:66:39:af:9c:43:e7:33:5c:9d:dc:a8:66:
61:e8:3e:19:c7:8d:a7:6c:14:26:86:c1:5f:44:f9:
6b:c6:3f:cf:bf:84:9c:62:16:d7:58:cb:8a:b4:05:
27:e1:d4:83:ed:b6:3f:0b:cc:a2:b6:18:9e:7c:63:
9a:b2:10:2f:7e:fe:49:7d:5b:5a:a9:a0:95:45:83:
19:31:f9:c6:57:14:65:9e:3e:cf:94:8d:ec:2b:a3:
e0:79:15:a8:40:cc:00:47:73:29:0c:a1:f2:00:cd:
cc:b2:96:d5:04:8f:2a:a2:27:2a:34:af:90:fe:8c:
70:fb:0e:a6:35:55:b9:7f:a6:b6:63:47:a6:c1:84:
01:99:31:06:94:99:00:0b:c7:0e:09:8d:1f:29:ac:
ae:a5:91:b5:4a:4e:00:1d:cf:25:58:1b:81:e3:94:
b2:13:96:2e:98:4b:24:4f:ad:aa:24:9e:40:99:16:
19:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:91:27:E5:62:69:22:95:3A:2A:01:C8:F2:47:96:2F:1C:9F:BA:15
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_5En5WJpIpU6KgHI8keWLxyfuhU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
44:06:9f:3d:f9:20:64:d4:a2:9a:9a:1b:b9:71:0c:37:da:a1:
55:c3:13:19:69:1c:17:e2:50:3b:35:73:60:14:31:08:6a:77:
95:32:20:73:fd:d8:f6:df:39:4e:90:2b:aa:33:5b:02:3c:3a:
22:42:5b:7e:a1:3a:82:6c:e3:ff:e7:0d:6d:7d:76:1d:91:ce:
0d:eb:81:c6:32:f6:ca:d4:41:65:d2:aa:fd:bd:bc:3f:4b:42:
6e:d6:38:55:71:7e:77:8e:8d:a8:2c:0b:1d:3b:d6:f9:d0:4f:
65:b5:9b:98:b6:a8:20:e4:3a:d2:79:0c:77:03:87:38:05:53:
32:cc:6b:ef:65:1f:21:15:0e:4d:ea:a5:76:c4:eb:3d:51:46:
16:ef:2e:d4:34:03:93:ff:2e:28:45:5b:f6:25:21:91:93:2a:
4e:80:5f:7e:46:b1:1c:58:a0:03:2a:60:85:13:18:41:06:98:
41:79:1c:0c:81:05:68:f3:c7:5b:95:89:c6:1c:c6:10:6f:ed:
b1:9e:96:fb:01:41:7e:f0:81:e8:bd:c2:78:0a:76:45:18:42:
6d:05:81:4b:e0:35:ab:c1:c4:9b:f4:89:a2:9d:0d:83:e9:83:
de:88:35:31:41:a6:a8:e8:8a:0a:23:d3:25:34:bf:25:bc:b8:
d2:8a:f4:35
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYpowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjEw
MDQwNDZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEZGOTEyN0U1NjI2OTIy
OTUzQTJBMDFDOEYyNDc5NjJGMUM5RkJBMTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDOilFti6v0WS/+MBmngOMyW72URusIOcfM+tLkEVImYl43+m5P
c3a1M/ZfmyMVT+pnYzE2xdMq6nwLnvXFG1U0thP3DCsqxAraJ9YDGmY5r5xD5zNc
ndyoZmHoPhnHjadsFCaGwV9E+WvGP8+/hJxiFtdYy4q0BSfh1IPttj8LzKK2GJ58
Y5qyEC9+/kl9W1qpoJVFgxkx+cZXFGWePs+Ujewro+B5FahAzABHcykMofIAzcyy
ltUEjyqiJyo0r5D+jHD7DqY1Vbl/prZjR6bBhAGZMQaUmQALxw4JjR8prK6lkbVK
TgAdzyVYG4HjlLITli6YSyRPraoknkCZFhkPAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU/5En5WJpIpU6KgHI8keWLxyfuhUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L181RW41V0pwSXBVNktn
SEk4a2VXTHh5ZnVoVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBEBp89
+SBk1KKamhu5cQw32qFVwxMZaRwX4lA7NXNgFDEIaneVMiBz/dj23zlOkCuqM1sC
PDoiQlt+oTqCbOP/5w1tfXYdkc4N64HGMvbK1EFl0qr9vbw/S0Ju1jhVcX53jo2o
LAsdO9b50E9ltZuYtqgg5DrSeQx3A4c4BVMyzGvvZR8hFQ5N6qV2xOs9UUYW7y7U
NAOT/y4oRVv2JSGRkypOgF9+RrEcWKADKmCFExhBBphBeRwMgQVo88dblYnGHMYQ
b+2xnpb7AUF+8IHovcJ4CnZFGEJtBYFL4DWrwcSb9IminQ2D6YPeiDUxQaao6IoK
I9MlNL8lvLjSivQ1
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:23:38 2025 by rpki-client