Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/auStRSvTy4Yk9OJpiwZVLhfobV4.roa
File: auStRSvTy4Yk9OJpiwZVLhfobV4.roa (raw, json)
Hash identifier: oSxbkpxwy5xGNJFWQ1HW1WOuN119XeYUDeR6N0MrxbA=
Subject key identifier: 6A:E4:AD:45:2B:D3:CB:86:24:F4:E2:69:8B:06:55:2E:17:E8:6D:5E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 72F4
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/auStRSvTy4Yk9OJpiwZVLhfobV4.roa
Signing time: Thu 03 Jul 2025 20:44:51 +0000
ROA not before: Thu 03 Jul 2025 20:44:51 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29428 (0x72f4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 3 20:44:51 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=6AE4AD452BD3CB8624F4E2698B06552E17E86D5E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:28:9d:42:ca:38:9d:81:f6:9c:52:d0:0c:13:
53:fa:1a:1d:d8:cd:7a:17:dd:1c:aa:31:6d:50:05:
4a:95:f4:cb:cd:52:a1:10:bc:39:49:32:c4:f4:17:
53:d8:85:d9:bc:00:42:2b:8a:2f:30:c3:70:0b:15:
bc:e5:0f:ac:59:e3:bf:ba:7c:e4:5d:87:e5:12:b7:
8c:10:65:20:81:56:0b:6c:84:34:dd:12:4d:e0:88:
2f:fd:d5:ec:72:b2:44:b0:4e:c5:10:51:8b:8b:d5:
e0:f7:b6:f8:7f:ad:51:34:29:16:64:1a:f0:a1:9a:
f0:6c:a2:7a:ad:0d:e3:c4:66:d6:08:71:5c:f6:94:
67:db:9b:48:b6:e9:81:f8:d6:da:6c:3d:d7:a3:b9:
03:0e:81:3a:77:4b:29:50:b1:d7:00:8a:f8:ab:48:
19:ef:79:85:8b:6c:58:95:dd:fe:8f:13:fd:16:d9:
81:51:3f:bf:62:68:38:af:a3:b3:0c:37:b1:3d:95:
3e:9f:2a:b1:29:44:a6:36:a9:5d:47:0d:8e:c9:df:
d9:88:8c:f0:40:fe:66:b3:ba:36:1b:9d:d9:59:6e:
33:39:19:76:6e:dd:67:d1:fa:45:30:c4:49:08:40:
7f:ee:24:b9:29:73:26:82:2d:c3:5b:68:b2:72:24:
39:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:E4:AD:45:2B:D3:CB:86:24:F4:E2:69:8B:06:55:2E:17:E8:6D:5E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/auStRSvTy4Yk9OJpiwZVLhfobV4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
3f:1b:6c:d1:64:71:e4:69:f9:f7:7a:53:e1:0d:e8:84:f1:7c:
77:73:5f:6a:ae:00:46:3e:9d:14:07:40:5c:c0:dc:7f:7e:45:
6c:d2:eb:8a:23:3b:ae:97:50:54:24:3e:15:48:d8:34:f7:4f:
55:f3:72:f6:2b:b6:44:b1:a1:3b:7a:14:2f:ad:ad:5b:41:9d:
33:d7:f1:d1:86:31:27:41:58:a9:73:e3:af:e2:9c:8f:5a:e4:
99:1e:db:73:3b:08:6c:2b:a5:cd:90:7f:a4:3f:0d:e1:a7:ce:
8d:ba:03:24:46:8b:bf:08:1d:87:5c:f0:0b:d0:8a:9c:09:71:
1e:6e:e3:19:33:36:da:82:d8:ae:5f:7c:4a:c8:ef:9b:2f:84:
27:bf:b6:a8:98:80:ce:39:0a:46:b0:4b:92:a7:67:8b:ad:e5:
48:8e:cd:01:a9:3e:83:ce:9c:be:b8:ed:a5:cf:f7:5c:d9:c5:
bd:0c:bf:46:cb:43:1a:2b:c2:e8:5d:08:e6:89:8a:69:3a:57:
e2:b0:cf:3e:d8:09:fa:18:b6:e9:c8:4a:d0:ea:8b:23:88:0c:
e1:db:b9:cd:71:45:d4:6b:83:23:b3:be:70:46:c6:5b:27:ae:
45:bd:ee:08:d9:7a:d5:10:1f:1f:e6:6a:9a:43:45:1a:8d:15:
4a:27:84:1a
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcvQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDMy
MDQ0NTFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDZBRTRBRDQ1MkJEM0NC
ODYyNEY0RTI2OThCMDY1NTJFMTdFODZENUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCsKJ1CyjidgfacUtAME1P6Gh3YzXoX3RyqMW1QBUqV9MvNUqEQ
vDlJMsT0F1PYhdm8AEIrii8ww3ALFbzlD6xZ47+6fORdh+USt4wQZSCBVgtshDTd
Ek3giC/91exyskSwTsUQUYuL1eD3tvh/rVE0KRZkGvChmvBsonqtDePEZtYIcVz2
lGfbm0i26YH41tpsPdejuQMOgTp3SylQsdcAivirSBnveYWLbFiV3f6PE/0W2YFR
P79iaDivo7MMN7E9lT6fKrEpRKY2qV1HDY7J39mIjPBA/mazujYbndlZbjM5GXZu
3WfR+kUwxEkIQH/uJLkpcyaCLcNbaLJyJDnzAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUauStRSvTy4Yk9OJpiwZVLhfobV4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2F1U3RSU3ZUeTRZazlP
SnBpd1pWTGhmb2JWNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA/G2zR
ZHHkafn3elPhDeiE8Xx3c19qrgBGPp0UB0BcwNx/fkVs0uuKIzuul1BUJD4VSNg0
909V83L2K7ZEsaE7ehQvra1bQZ0z1/HRhjEnQVipc+Ov4pyPWuSZHttzOwhsK6XN
kH+kPw3hp86NugMkRou/CB2HXPAL0IqcCXEebuMZMzbagtiuX3xKyO+bL4Qnv7ao
mIDOOQpGsEuSp2eLreVIjs0BqT6Dzpy+uO2lz/dc2cW9DL9Gy0MaK8LoXQjmiYpp
OlfisM8+2An6GLbpyErQ6osjiAzh27nNcUXUa4Mjs75wRsZbJ65Fve4I2XrVEB8f
5mqaQ0UajRVKJ4Qa
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:52:24 2025 by rpki-client