Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/auW6zBWr6PXvTOt7GNzU8IqEneA.roa
File: auW6zBWr6PXvTOt7GNzU8IqEneA.roa (raw, json)
Hash identifier: oFlOGwTAEssXfTdVlPXAI1Fk8PraY68WQHk00/ML6gM=
Subject key identifier: 6A:E5:BA:CC:15:AB:E8:F5:EF:4C:EB:7B:18:DC:D4:F0:8A:84:9D:E0
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6DB8
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/auW6zBWr6PXvTOt7GNzU8IqEneA.roa
Signing time: Fri 20 Jun 2025 01:57:23 +0000
ROA not before: Fri 20 Jun 2025 01:57:23 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28088 (0x6db8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 20 01:57:23 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=6AE5BACC15ABE8F5EF4CEB7B18DCD4F08A849DE0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:09:d0:82:d0:23:f4:5d:b0:63:c9:f7:ec:ab:
ee:b3:5f:58:9c:d6:eb:d2:57:3c:31:a1:7b:41:8e:
f0:12:55:27:6b:ad:69:10:5c:26:40:ad:e1:db:58:
9d:39:b2:fa:21:b6:01:ba:e0:50:21:3a:d4:1f:f7:
0d:d9:ff:7f:8f:60:0e:81:9e:d3:80:81:41:3d:db:
7f:a4:4f:86:ea:05:fe:0f:94:5a:44:03:15:74:2b:
30:03:8e:02:ce:52:c4:53:c8:8f:27:0e:1c:58:47:
dd:ad:7d:30:ef:ff:8d:3d:c4:a4:4a:e5:3d:84:bd:
79:5d:31:e4:6e:40:26:91:dd:fd:4a:a4:83:6e:14:
1d:8d:c0:d0:99:d5:41:e6:9b:f1:bb:d6:81:7b:15:
64:d9:df:77:74:ec:82:77:c2:0c:67:b2:0c:93:06:
24:c1:79:5f:76:b6:a2:a9:1a:8c:8f:4c:78:fa:85:
05:e1:c8:5f:d7:3e:43:da:55:c7:77:d2:30:7d:2e:
25:9f:c4:d5:78:1a:67:40:f7:f0:f8:08:c4:f6:fb:
90:80:83:4c:a7:a8:89:5d:e0:b0:6b:12:6c:20:32:
68:77:59:f8:1e:4b:c8:a2:bf:58:e7:6c:3d:d4:a4:
fe:50:57:e4:d7:94:7f:4e:cd:22:25:63:a9:f6:71:
59:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:E5:BA:CC:15:AB:E8:F5:EF:4C:EB:7B:18:DC:D4:F0:8A:84:9D:E0
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/auW6zBWr6PXvTOt7GNzU8IqEneA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
48:36:9e:ad:da:3d:89:8a:61:b7:59:e6:a1:8b:28:dc:6e:50:
8a:7d:63:a8:9a:63:2b:4f:45:5c:1c:fb:fd:83:19:60:89:65:
54:51:de:c6:4a:cb:d2:2a:e4:3e:eb:13:e2:1a:55:b9:b8:86:
a3:32:63:ee:07:dd:77:85:9d:60:7d:e3:bf:89:7e:a2:d7:b2:
99:c6:9d:05:6a:53:32:7b:98:df:95:cf:55:02:6b:eb:33:df:
1f:70:39:26:37:ac:3b:b7:c7:b9:c2:bf:57:33:96:7f:97:e4:
b4:30:10:b5:aa:34:9b:b1:94:33:7c:f0:b3:e1:1a:c1:32:e5:
08:ad:34:62:16:9d:bb:c9:b7:98:aa:83:62:d3:77:34:0c:13:
34:da:87:7d:bf:b8:55:60:84:e8:69:1e:4f:28:92:16:46:08:
82:43:ac:03:58:c6:5d:32:8b:80:01:f8:a3:66:39:d8:ce:4e:
b0:50:17:42:e8:ff:5c:9f:74:fb:1a:71:ee:49:b8:1a:84:61:
4e:38:1f:a6:a6:ab:0b:f9:6f:a2:13:5d:1d:b0:f3:56:27:e1:
e7:57:2c:0e:2f:d7:2e:28:58:78:9d:ea:3f:04:55:7b:92:c8:
1b:b8:06:3f:2f:6c:3b:04:5e:de:13:07:af:a5:db:2e:fc:7f:
b3:8a:5d:e6
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbbgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjAw
MTU3MjNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDZBRTVCQUNDMTVBQkU4
RjVFRjRDRUI3QjE4RENENEYwOEE4NDlERTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDpCdCC0CP0XbBjyffsq+6zX1ic1uvSVzwxoXtBjvASVSdrrWkQ
XCZAreHbWJ05svohtgG64FAhOtQf9w3Z/3+PYA6BntOAgUE923+kT4bqBf4PlFpE
AxV0KzADjgLOUsRTyI8nDhxYR92tfTDv/409xKRK5T2EvXldMeRuQCaR3f1KpINu
FB2NwNCZ1UHmm/G71oF7FWTZ33d07IJ3wgxnsgyTBiTBeV92tqKpGoyPTHj6hQXh
yF/XPkPaVcd30jB9LiWfxNV4GmdA9/D4CMT2+5CAg0ynqIld4LBrEmwgMmh3Wfge
S8iiv1jnbD3UpP5QV+TXlH9OzSIlY6n2cVlTAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUauW6zBWr6PXvTOt7GNzU8IqEneAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2F1VzZ6QldyNlBYdlRP
dDdHTnpVOElxRW5lQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBINp6t
2j2JimG3WeahiyjcblCKfWOommMrT0VcHPv9gxlgiWVUUd7GSsvSKuQ+6xPiGlW5
uIajMmPuB913hZ1gfeO/iX6i17KZxp0FalMye5jflc9VAmvrM98fcDkmN6w7t8e5
wr9XM5Z/l+S0MBC1qjSbsZQzfPCz4RrBMuUIrTRiFp27ybeYqoNi03c0DBM02od9
v7hVYIToaR5PKJIWRgiCQ6wDWMZdMouAAfijZjnYzk6wUBdC6P9cn3T7GnHuSbga
hGFOOB+mpqsL+W+iE10dsPNWJ+HnVywOL9cuKFh4neo/BFV7ksgbuAY/L2w7BF7e
Ewevpdsu/H+zil3m
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:45:36 2025 by rpki-client