Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/bBk1AJw0jLAmmFCPNM8iD1XjcRM.roa
File: bBk1AJw0jLAmmFCPNM8iD1XjcRM.roa (raw, json)
Hash identifier: j0J88LQ4rkyKFKTzMPSx+deiiQrkeDHLrpH1xmkxXPU=
Subject key identifier: 6C:19:35:00:9C:34:8C:B0:26:98:50:8F:34:CF:22:0F:55:E3:71:13
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 60DA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/bBk1AJw0jLAmmFCPNM8iD1XjcRM.roa
Signing time: Fri 16 May 2025 08:40:20 +0000
ROA not before: Fri 16 May 2025 08:40:20 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24794 (0x60da)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 16 08:40:20 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=6C1935009C348CB02698508F34CF220F55E37113
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:bc:2f:c5:51:7c:67:f0:5b:aa:ea:ac:ea:71:
25:71:6e:e5:ec:3b:05:8c:dc:e4:c9:49:cb:74:a5:
12:80:9b:06:78:64:07:61:82:8a:f5:fb:61:be:e8:
40:33:87:ef:49:4e:81:94:ea:af:31:f5:c5:12:62:
0d:1e:1e:d4:a0:b7:54:29:77:e9:28:a4:f4:cf:54:
58:dc:b8:ed:23:00:5a:29:92:6a:1f:74:34:58:ea:
89:a4:75:7f:2c:38:b3:d9:ce:4b:70:57:35:b0:c3:
94:49:5c:f3:a5:d4:92:c2:1d:f7:b4:ef:2b:fb:a0:
a6:f2:12:ee:3b:37:f1:c7:65:51:10:05:58:de:17:
d6:41:01:05:29:b1:31:4a:3c:2e:52:8d:2c:1d:23:
3f:f6:fd:2c:96:22:19:99:2a:af:1e:4f:8c:e2:b8:
af:ac:7c:9a:56:f6:98:46:8b:79:1b:0c:e2:e6:68:
09:72:7e:f0:b3:cb:45:3d:f4:8e:e6:87:6e:8b:9e:
48:a4:aa:e5:66:56:7b:cb:be:68:88:d3:f7:6b:e0:
57:a9:9c:ec:e5:38:f4:27:94:09:c9:4a:38:7d:33:
ac:67:7a:ca:90:78:61:07:d6:86:72:e8:41:f3:3a:
1c:0c:19:ce:3e:5c:92:34:7c:08:4b:50:c3:ad:f3:
4c:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:19:35:00:9C:34:8C:B0:26:98:50:8F:34:CF:22:0F:55:E3:71:13
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/bBk1AJw0jLAmmFCPNM8iD1XjcRM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
9e:9b:b2:9c:a6:e2:43:5e:09:be:c9:e9:a0:5e:e3:c0:38:6e:
19:bf:b0:f7:88:36:fe:2e:46:c1:86:43:19:16:a6:83:be:7f:
23:88:b4:5f:31:90:75:73:36:76:cd:c6:81:18:be:3d:b7:c4:
32:70:0f:e4:a5:71:c2:4e:44:15:fb:48:94:0d:b2:d8:08:b3:
91:db:21:70:43:50:8d:e9:69:08:6a:15:6a:47:49:4f:d8:57:
45:c7:64:66:29:af:29:ed:23:d0:fa:d7:53:90:ae:03:09:f4:
eb:5d:06:30:38:a4:b4:87:dc:e2:c4:2d:fc:e0:55:f8:67:8c:
9e:f9:f3:bc:e0:54:bb:b4:12:03:d8:c5:84:a0:3a:09:07:46:
4e:e3:7b:6c:82:1a:aa:cb:9b:e7:57:49:4a:4c:97:37:9c:86:
c4:df:bd:42:6d:65:8d:cc:df:b5:af:2d:b8:d9:7b:29:4c:90:
63:f6:39:12:0b:10:80:6c:04:ea:75:4f:9f:8a:3b:68:87:06:
37:28:e2:57:3a:88:48:71:3a:55:d0:59:81:c5:da:28:22:ed:
99:ce:fa:7a:c1:0f:6c:32:1e:b9:d0:94:b3:02:ef:80:7f:d2:
5f:33:21:7f:d6:d7:1b:05:2f:43:ed:a0:95:55:93:4d:4c:5d:
b6:a9:90:b2
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYNowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTYw
ODQwMjBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDZDMTkzNTAwOUMzNDhD
QjAyNjk4NTA4RjM0Q0YyMjBGNTVFMzcxMTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCpvC/FUXxn8Fuq6qzqcSVxbuXsOwWM3OTJSct0pRKAmwZ4ZAdh
gor1+2G+6EAzh+9JToGU6q8x9cUSYg0eHtSgt1Qpd+kopPTPVFjcuO0jAFopkmof
dDRY6omkdX8sOLPZzktwVzWww5RJXPOl1JLCHfe07yv7oKbyEu47N/HHZVEQBVje
F9ZBAQUpsTFKPC5SjSwdIz/2/SyWIhmZKq8eT4ziuK+sfJpW9phGi3kbDOLmaAly
fvCzy0U99I7mh26LnkikquVmVnvLvmiI0/dr4FepnOzlOPQnlAnJSjh9M6xnesqQ
eGEH1oZy6EHzOhwMGc4+XJI0fAhLUMOt80w3AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUbBk1AJw0jLAmmFCPNM8iD1XjcRMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2JCazFBSncwakxBbW1G
Q1BOTThpRDFYamNSTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCem7Kc
puJDXgm+yemgXuPAOG4Zv7D3iDb+LkbBhkMZFqaDvn8jiLRfMZB1czZ2zcaBGL49
t8QycA/kpXHCTkQV+0iUDbLYCLOR2yFwQ1CN6WkIahVqR0lP2FdFx2RmKa8p7SPQ
+tdTkK4DCfTrXQYwOKS0h9zixC384FX4Z4ye+fO84FS7tBID2MWEoDoJB0ZO43ts
ghqqy5vnV0lKTJc3nIbE371CbWWNzN+1ry242XspTJBj9jkSCxCAbATqdU+fijto
hwY3KOJXOohIcTpV0FmBxdooIu2Zzvp6wQ9sMh650JSzAu+Af9JfMyF/1tcbBS9D
7aCVVZNNTF22qZCy
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:04:10 2025 by rpki-client