Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/c3qK9vFkFjyYJ6eZRRSSj3ufef4.roa
File: c3qK9vFkFjyYJ6eZRRSSj3ufef4.roa (raw, json)
Hash identifier: VUsB9BfUrnr4xoCkkgB0Ez7K4Qb8dxMoy2y0LUktT/Y=
Subject key identifier: 73:7A:8A:F6:F1:64:16:3C:98:27:A7:99:45:14:92:8F:7B:9F:79:FE
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6520
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/c3qK9vFkFjyYJ6eZRRSSj3ufef4.roa
Signing time: Tue 27 May 2025 18:11:17 +0000
ROA not before: Tue 27 May 2025 18:11:17 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25888 (0x6520)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 27 18:11:17 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=737A8AF6F164163C9827A7994514928F7B9F79FE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:1b:39:f2:5b:91:a9:0b:75:41:27:94:d5:04:
13:2e:12:be:3e:73:fd:47:a4:d4:79:9f:d0:85:05:
d4:e0:01:7e:bb:38:14:d4:24:1d:87:24:2b:97:3d:
b8:e5:bb:64:c7:43:6e:46:2a:04:f1:f7:c4:ba:47:
23:e2:48:22:0a:cc:81:d4:76:2a:8e:4d:24:c3:c2:
8e:9e:8d:90:b1:57:a7:f0:84:c5:4a:f1:ef:f8:80:
54:8d:32:a7:24:c8:e9:c4:5b:bd:07:21:fd:0a:a0:
ae:c0:de:0b:d1:0e:a9:d1:fb:7e:22:cf:30:ae:df:
ea:5a:bc:b6:db:46:a4:b2:94:03:ca:e6:3b:ac:ec:
a6:37:de:74:fe:df:d6:63:e2:7e:af:6d:c3:9d:45:
ea:6c:f0:3e:5d:b8:ff:95:34:99:99:20:3c:86:90:
50:87:db:f9:d9:16:d1:75:7a:07:d6:66:8b:12:cb:
bc:f9:69:d0:c6:35:26:1d:31:8b:9d:e2:89:09:6d:
fd:b3:53:ff:75:16:fc:6e:bc:87:82:56:3a:08:ec:
c7:d9:3d:8b:97:da:1b:84:35:a7:ef:1c:2d:4a:30:
95:b7:41:97:61:22:8a:ac:af:31:e1:4f:c0:32:29:
ee:b8:3a:75:30:e6:d0:dd:00:1f:06:da:04:34:08:
cc:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:7A:8A:F6:F1:64:16:3C:98:27:A7:99:45:14:92:8F:7B:9F:79:FE
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/c3qK9vFkFjyYJ6eZRRSSj3ufef4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
4e:e0:d1:20:8b:89:53:ba:ee:9d:22:eb:83:ec:81:8a:34:74:
e4:64:61:bd:ea:5d:4d:eb:e6:e0:35:5b:12:c6:a7:ca:a9:b6:
e6:e2:e7:9f:eb:10:e9:8f:45:a0:b5:d7:7b:92:f0:3f:2b:7a:
d0:42:f4:d9:ee:57:fc:3a:94:94:c6:4e:00:2a:54:d3:75:74:
d9:64:8f:77:1b:42:e7:bb:73:3b:2d:b8:ea:48:f0:ef:05:3d:
5a:0a:fc:d9:c8:4f:16:e6:62:91:de:13:5a:5c:9c:8f:46:23:
26:d3:2b:25:6d:f9:90:da:ff:f6:2d:25:b5:e0:46:83:d4:07:
bc:7c:21:cb:df:88:55:7d:2e:bc:10:4e:6b:73:7a:03:db:bf:
04:03:5a:29:d5:f1:e2:f4:57:a0:f2:7e:9a:e1:a1:f7:53:df:
f4:40:f2:ed:99:09:8a:40:8f:a9:95:58:34:0b:53:d5:cb:6a:
98:17:ee:b5:95:de:de:38:8c:ea:8b:d8:4e:96:64:ec:cb:2a:
dd:14:8f:2b:52:5f:04:88:65:1d:91:3d:41:52:59:a0:98:d4:
aa:a8:62:1e:33:7f:ac:2f:54:28:46:83:e1:4d:8d:66:23:71:
70:2b:63:8f:d3:f5:4b:5d:c2:f6:ef:63:20:e9:83:4f:cc:d3:
61:69:cb:03
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZSAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1Mjcx
ODExMTdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDczN0E4QUY2RjE2NDE2
M0M5ODI3QTc5OTQ1MTQ5MjhGN0I5Rjc5RkUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDdGznyW5GpC3VBJ5TVBBMuEr4+c/1HpNR5n9CFBdTgAX67OBTU
JB2HJCuXPbjlu2THQ25GKgTx98S6RyPiSCIKzIHUdiqOTSTDwo6ejZCxV6fwhMVK
8e/4gFSNMqckyOnEW70HIf0KoK7A3gvRDqnR+34izzCu3+pavLbbRqSylAPK5jus
7KY33nT+39Zj4n6vbcOdReps8D5duP+VNJmZIDyGkFCH2/nZFtF1egfWZosSy7z5
adDGNSYdMYud4okJbf2zU/91FvxuvIeCVjoI7MfZPYuX2huENafvHC1KMJW3QZdh
IoqsrzHhT8AyKe64OnUw5tDdAB8G2gQ0CMzjAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUc3qK9vFkFjyYJ6eZRRSSj3ufef4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2MzcUs5dkZrRmp5WUo2
ZVpSUlNTajN1ZmVmNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBO4NEg
i4lTuu6dIuuD7IGKNHTkZGG96l1N6+bgNVsSxqfKqbbm4uef6xDpj0Wgtdd7kvA/
K3rQQvTZ7lf8OpSUxk4AKlTTdXTZZI93G0Lnu3M7LbjqSPDvBT1aCvzZyE8W5mKR
3hNaXJyPRiMm0yslbfmQ2v/2LSW14EaD1Ae8fCHL34hVfS68EE5rc3oD278EA1op
1fHi9Feg8n6a4aH3U9/0QPLtmQmKQI+plVg0C1PVy2qYF+61ld7eOIzqi9hOlmTs
yyrdFI8rUl8EiGUdkT1BUlmgmNSqqGIeM3+sL1QoRoPhTY1mI3FwK2OP0/VLXcL2
72Mg6YNPzNNhacsD
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:12:25 2025 by rpki-client