Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/_e6aZsCxqyjbo1O48iF-i_0OlTM.roa
File: _e6aZsCxqyjbo1O48iF-i_0OlTM.roa (raw, json)
Hash identifier: r9opdDc+ZMOjy/rNmOZmFJ0h61rJTyaRG0gBjX9PKPI=
Subject key identifier: FD:EE:9A:66:C0:B1:AB:28:DB:A3:53:B8:F2:21:7E:8B:FD:0E:95:33
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 71D8
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_e6aZsCxqyjbo1O48iF-i_0OlTM.roa
Signing time: Mon 30 Jun 2025 21:44:44 +0000
ROA not before: Mon 30 Jun 2025 21:44:44 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29144 (0x71d8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 30 21:44:44 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=FDEE9A66C0B1AB28DBA353B8F2217E8BFD0E9533
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:f6:a5:4b:1b:da:7c:cd:9c:87:08:d9:a4:a1:
60:69:2c:6f:1d:cb:3c:0b:19:d8:11:f4:6e:78:e2:
a2:4b:aa:64:fd:f3:e9:be:83:6f:b7:93:ca:cc:f3:
94:d3:c4:eb:19:b2:b7:d7:e3:27:d3:85:f1:31:0c:
a3:d7:2f:69:12:ff:98:f9:4c:a2:6e:94:a2:f2:62:
3a:5b:33:e0:a7:78:80:9b:e2:57:ba:16:4a:ae:0a:
62:d7:55:75:8a:b3:e4:22:82:d3:12:3b:e3:8a:2b:
d3:d0:47:12:00:60:a4:1d:c3:19:26:29:d3:a8:50:
22:b1:5e:02:cf:cb:40:0b:2e:e5:5a:b0:56:1c:7d:
fd:bd:15:6f:9d:4c:1e:48:74:8a:4e:27:20:d4:fb:
23:ec:e7:77:de:a4:c4:98:60:30:0a:14:e4:5b:ab:
62:39:89:65:14:53:9f:e9:d1:fb:c0:44:f3:fb:4f:
60:48:eb:a4:1a:d1:b8:b7:a8:12:3f:20:39:f0:e7:
5f:c7:df:e0:bd:c3:50:60:28:f4:5d:21:57:e5:20:
aa:a5:7c:bd:5c:dc:c6:cd:c3:35:ce:65:b2:11:ee:
6b:55:93:5a:ec:c8:83:69:0b:e1:aa:04:75:96:01:
21:af:6c:91:42:96:b7:a1:5d:67:7c:0c:48:93:0c:
ff:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:EE:9A:66:C0:B1:AB:28:DB:A3:53:B8:F2:21:7E:8B:FD:0E:95:33
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_e6aZsCxqyjbo1O48iF-i_0OlTM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
b4:43:a7:d6:df:79:3a:6d:50:49:d3:af:1b:39:a7:0c:b7:ef:
4c:d7:ce:b7:04:93:ec:c6:18:24:66:b9:d1:86:3d:21:e3:12:
52:a4:fb:c8:e7:37:be:b0:74:b1:08:07:29:0a:83:0c:4f:56:
7f:8c:88:81:99:b8:12:6a:fd:f8:29:72:14:20:85:90:40:f1:
b4:59:00:ec:5d:fc:d8:23:cc:71:19:85:e0:ee:89:38:09:b0:
0b:4d:80:7a:d4:13:01:6d:7b:0e:d7:d6:3a:9b:f1:58:54:e6:
00:79:18:e5:36:69:08:8c:7f:a4:9d:41:e3:b6:24:11:02:f8:
a2:0f:a6:96:8f:4f:01:a3:a7:4b:cd:a3:03:ba:33:bb:e9:be:
6a:6f:58:c2:53:f7:47:b0:54:82:a9:6d:f5:2c:98:59:e4:96:
2f:0b:06:75:76:b0:c3:96:6d:ee:5d:d7:f5:ca:89:05:ee:f1:
90:f4:1f:6c:f6:c0:ac:c1:e5:14:e8:ce:d0:d9:b5:ed:92:cc:
c3:eb:e5:0f:8b:44:3c:d2:75:ed:16:ab:39:9e:b6:87:77:69:
30:ca:ee:33:c7:9a:81:b1:7c:76:b8:e4:01:72:9b:70:25:95:
2b:c5:20:c2:2b:92:c6:10:68:37:61:5b:09:2c:84:22:37:10:
0e:12:0b:e9
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcdgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MzAy
MTQ0NDRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEZERUU5QTY2QzBCMUFC
MjhEQkEzNTNCOEYyMjE3RThCRkQwRTk1MzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDY9qVLG9p8zZyHCNmkoWBpLG8dyzwLGdgR9G544qJLqmT98+m+
g2+3k8rM85TTxOsZsrfX4yfThfExDKPXL2kS/5j5TKJulKLyYjpbM+CneICb4le6
FkquCmLXVXWKs+QigtMSO+OKK9PQRxIAYKQdwxkmKdOoUCKxXgLPy0ALLuVasFYc
ff29FW+dTB5IdIpOJyDU+yPs53fepMSYYDAKFORbq2I5iWUUU5/p0fvARPP7T2BI
66Qa0bi3qBI/IDnw51/H3+C9w1BgKPRdIVflIKqlfL1c3MbNwzXOZbIR7mtVk1rs
yINpC+GqBHWWASGvbJFClrehXWd8DEiTDP9bAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU/e6aZsCxqyjbo1O48iF+i/0OlTMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L19lNmFac0N4cXlqYm8x
TzQ4aUYtaV8wT2xUTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQC0Q6fW
33k6bVBJ068bOacMt+9M1863BJPsxhgkZrnRhj0h4xJSpPvI5ze+sHSxCAcpCoMM
T1Z/jIiBmbgSav34KXIUIIWQQPG0WQDsXfzYI8xxGYXg7ok4CbALTYB61BMBbXsO
19Y6m/FYVOYAeRjlNmkIjH+knUHjtiQRAviiD6aWj08Bo6dLzaMDujO76b5qb1jC
U/dHsFSCqW31LJhZ5JYvCwZ1drDDlm3uXdf1yokF7vGQ9B9s9sCsweUU6M7Q2bXt
kszD6+UPi0Q80nXtFqs5nraHd2kwyu4zx5qBsXx2uOQBcptwJZUrxSDCK5LGEGg3
YVsJLIQiNxAOEgvp
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:42:14 2025 by rpki-client