Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/_WjJACeWcGWSVouilTpMNRk2f0Y.roa
File: _WjJACeWcGWSVouilTpMNRk2f0Y.roa (raw, json)
Hash identifier: 2DAUOlIEK6JPUr//lOlpQ3JbD5XpFGpDGvasPM2P1eI=
Subject key identifier: FD:68:C9:00:27:96:70:65:92:56:8B:A2:95:3A:4C:35:19:36:7F:46
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 62D6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_WjJACeWcGWSVouilTpMNRk2f0Y.roa
Signing time: Wed 21 May 2025 15:40:41 +0000
ROA not before: Wed 21 May 2025 15:40:41 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25302 (0x62d6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 21 15:40:41 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=FD68C9002796706592568BA2953A4C3519367F46
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:51:39:dd:08:91:04:69:8e:3d:9b:07:0d:9a:
58:86:7a:20:db:77:a3:6e:c6:5a:7c:28:d2:57:1a:
14:f3:eb:a6:24:8c:33:f2:49:b6:e8:4d:2d:3c:27:
60:83:2e:90:48:7d:4f:54:a1:56:19:21:79:60:de:
bf:fc:7d:2a:55:df:bc:55:5e:01:ab:80:e8:ca:6c:
24:d1:bc:75:4c:62:3d:0f:1c:df:0a:93:16:7f:62:
03:d1:5d:6e:21:fe:b1:41:81:c6:b6:66:ae:ee:4c:
22:c3:90:12:74:24:c6:26:3d:89:b9:b7:52:1c:37:
52:80:be:ac:f7:f6:75:d8:f3:57:b5:d7:28:24:8a:
c9:5c:ce:3f:04:c1:df:94:81:72:4f:8e:03:86:a8:
d7:83:95:3a:ef:27:51:7a:db:dc:fc:92:3b:2f:ab:
5e:5f:e8:b5:b9:20:d7:ad:a8:97:e0:44:8f:73:c2:
ae:27:f7:ea:8a:81:60:bd:c6:b6:60:60:ea:95:bd:
9c:2b:a6:4c:67:fb:84:dc:35:b4:6b:cc:88:30:2e:
7b:d6:a5:10:74:76:29:2e:9d:ef:84:5f:3e:13:22:
35:91:4e:a3:06:b1:09:3a:83:02:ef:33:e3:87:37:
55:93:2e:a4:8b:61:1d:e4:09:50:b8:b0:c1:94:74:
87:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:68:C9:00:27:96:70:65:92:56:8B:A2:95:3A:4C:35:19:36:7F:46
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_WjJACeWcGWSVouilTpMNRk2f0Y.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
25:e4:f1:57:11:81:49:e3:8b:6a:69:60:78:06:8d:5d:37:36:
a5:21:35:81:02:3f:c0:2e:97:73:a0:ac:0c:ef:ae:13:6b:90:
78:5f:5c:01:fc:11:36:63:3e:33:e0:fb:b0:39:20:df:61:ed:
ad:bc:cc:fa:ab:8f:00:2c:75:19:76:76:98:92:65:c5:0d:8c:
50:a3:a8:46:9e:ed:8c:82:25:a2:01:2a:a1:43:2c:2a:c0:c6:
a7:27:5d:ec:50:44:05:42:4e:2f:17:49:3a:db:b1:4b:0b:b5:
3b:0a:71:ae:f3:5c:de:2b:cd:61:4e:0a:fe:71:a8:89:b5:0a:
ba:b8:37:08:55:a0:f5:70:e8:05:2b:74:2e:c4:f2:be:c4:36:
f0:60:1d:78:60:7e:f0:d6:6c:27:2b:f6:cf:12:12:22:b8:e4:
d9:3d:d3:87:97:eb:d2:87:77:47:47:b9:52:c9:ad:80:d7:31:
fd:57:b7:a9:fa:1c:3f:59:55:67:67:b2:70:b7:58:bc:ce:05:
55:d5:00:86:52:05:a2:c9:fc:72:53:0a:be:b2:a9:13:cf:d0:
60:97:f6:ff:3a:77:49:26:7b:37:b2:9e:c6:df:03:f4:e4:c3:
49:12:eb:10:9d:5c:f8:ea:39:e0:ec:78:51:62:87:77:97:7f:
6b:51:46:fc
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYtYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjEx
NTQwNDFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEZENjhDOTAwMjc5Njcw
NjU5MjU2OEJBMjk1M0E0QzM1MTkzNjdGNDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+UTndCJEEaY49mwcNmliGeiDbd6Nuxlp8KNJXGhTz66YkjDPy
SbboTS08J2CDLpBIfU9UoVYZIXlg3r/8fSpV37xVXgGrgOjKbCTRvHVMYj0PHN8K
kxZ/YgPRXW4h/rFBgca2Zq7uTCLDkBJ0JMYmPYm5t1IcN1KAvqz39nXY81e11ygk
islczj8Ewd+UgXJPjgOGqNeDlTrvJ1F629z8kjsvq15f6LW5INetqJfgRI9zwq4n
9+qKgWC9xrZgYOqVvZwrpkxn+4TcNbRrzIgwLnvWpRB0dikune+EXz4TIjWRTqMG
sQk6gwLvM+OHN1WTLqSLYR3kCVC4sMGUdIcrAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU/WjJACeWcGWSVouilTpMNRk2f0YwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L19XakpBQ2VXY0dXU1Zv
dWlsVHBNTlJrMmYwWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAl5PFX
EYFJ44tqaWB4Bo1dNzalITWBAj/ALpdzoKwM764Ta5B4X1wB/BE2Yz4z4PuwOSDf
Ye2tvMz6q48ALHUZdnaYkmXFDYxQo6hGnu2MgiWiASqhQywqwManJ13sUEQFQk4v
F0k627FLC7U7CnGu81zeK81hTgr+caiJtQq6uDcIVaD1cOgFK3QuxPK+xDbwYB14
YH7w1mwnK/bPEhIiuOTZPdOHl+vSh3dHR7lSya2A1zH9V7ep+hw/WVVnZ7Jwt1i8
zgVV1QCGUgWiyfxyUwq+sqkTz9Bgl/b/OndJJns3sp7G3wP05MNJEusQnVz46jng
7HhRYod3l39rUUb8
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:59:59 2025 by rpki-client