Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/eKHUnoQm75lFJR160h2AW617lDk.roa
File: eKHUnoQm75lFJR160h2AW617lDk.roa (raw, json)
Hash identifier: wsvEEZcCHWX1Y2vJTvEMgyEFOvFNj4VetV+EIUgTt3c=
Subject key identifier: 78:A1:D4:9E:84:26:EF:99:45:25:1D:7A:D2:1D:80:5B:AD:7B:94:39
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5FD8
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/eKHUnoQm75lFJR160h2AW617lDk.roa
Signing time: Tue 13 May 2025 16:12:36 +0000
ROA not before: Tue 13 May 2025 16:12:36 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24536 (0x5fd8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 13 16:12:36 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=78A1D49E8426EF9945251D7AD21D805BAD7B9439
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:af:a2:c4:87:63:57:9e:70:df:dc:5c:a1:bf:
30:74:b3:7d:19:1d:ed:21:eb:2c:e2:ba:b6:a5:1a:
d7:20:c4:dc:c5:f6:51:a4:db:8f:8e:b9:28:2b:da:
82:f8:3e:e8:0b:f3:d2:83:5c:93:9c:4e:c3:d6:98:
ca:1c:54:15:b7:e9:9a:2e:38:0c:78:50:84:d7:30:
da:97:2a:71:f6:03:5f:53:e2:b5:e8:8b:35:13:90:
eb:3d:0d:df:93:31:f9:10:85:05:af:04:98:dd:00:
a7:94:7d:6c:bf:f0:3b:31:0a:9a:f4:23:99:b6:86:
5f:8c:26:97:34:ea:b3:6a:d8:92:f7:61:1f:68:03:
45:e9:ac:33:b0:80:4a:b3:2c:a0:9c:97:00:b1:3a:
c7:c2:3f:45:a9:e7:a2:3d:87:13:bc:69:66:55:79:
76:32:59:07:77:6e:eb:4e:c7:bd:97:9d:b6:5c:8e:
99:15:c6:d4:65:68:95:9f:27:1c:14:fd:52:c8:e8:
9d:6a:05:55:fa:04:10:2f:10:98:02:da:19:f1:17:
62:21:4b:5d:f5:d0:27:2e:d3:8a:64:7a:c2:0a:a1:
56:8a:05:2e:73:1d:75:ac:5e:e8:02:ea:1b:54:a2:
3f:41:eb:b5:f0:1f:e7:e8:7c:55:73:8e:ca:f3:fe:
a8:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
78:A1:D4:9E:84:26:EF:99:45:25:1D:7A:D2:1D:80:5B:AD:7B:94:39
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/eKHUnoQm75lFJR160h2AW617lDk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
11:74:61:d4:dd:f8:8e:59:2b:04:94:70:0d:0a:06:cb:59:b2:
43:5f:ec:e2:85:9d:ca:ce:7c:50:a4:a9:79:d1:f2:8a:0f:3c:
88:cc:0f:db:46:19:5d:d6:20:a2:38:84:52:a4:4c:84:c0:1e:
d8:23:90:d6:bf:e0:b9:bd:d7:8b:21:a9:c0:e8:9f:f7:ba:fd:
98:ba:55:18:da:89:21:50:bb:e5:6c:ac:39:a2:54:e8:56:04:
0c:3b:ba:8d:5c:9e:71:70:77:38:39:f4:50:1f:86:e4:17:15:
c8:27:f1:9e:5c:b6:7d:02:6b:44:a2:a6:8b:8f:5d:aa:dc:8e:
4c:8e:de:ca:5a:a0:27:be:7a:00:f2:41:cd:11:69:1d:4e:17:
55:70:6a:cf:68:4f:cc:41:b7:9d:92:f1:16:5f:0f:79:d1:9b:
72:ee:26:a9:57:af:b9:76:e4:aa:1a:32:e2:a5:08:53:c0:84:
aa:55:9c:3b:4d:1c:04:68:7c:b8:c3:e6:14:aa:25:f5:e4:b3:
ab:b7:02:9b:95:bc:da:f2:02:05:fb:a7:10:63:78:92:32:15:
09:cd:51:e0:7b:5a:c5:66:27:46:1e:b5:9e:9e:b4:df:d3:a3:
b6:53:f3:eb:55:b2:ea:eb:73:50:4b:bb:4b:90:3f:9e:c8:29:
7c:84:ec:f8
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICX9gwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTMx
NjEyMzZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDc4QTFENDlFODQyNkVG
OTk0NTI1MUQ3QUQyMUQ4MDVCQUQ3Qjk0MzkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQClr6LEh2NXnnDf3FyhvzB0s30ZHe0h6yziuralGtcgxNzF9lGk
24+OuSgr2oL4PugL89KDXJOcTsPWmMocVBW36ZouOAx4UITXMNqXKnH2A19T4rXo
izUTkOs9Dd+TMfkQhQWvBJjdAKeUfWy/8DsxCpr0I5m2hl+MJpc06rNq2JL3YR9o
A0XprDOwgEqzLKCclwCxOsfCP0Wp56I9hxO8aWZVeXYyWQd3butOx72XnbZcjpkV
xtRlaJWfJxwU/VLI6J1qBVX6BBAvEJgC2hnxF2IhS1310Ccu04pkesIKoVaKBS5z
HXWsXugC6htUoj9B67XwH+fofFVzjsrz/qgrAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUeKHUnoQm75lFJR160h2AW617lDkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2VLSFVub1FtNzVsRkpS
MTYwaDJBVzYxN2xEay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQARdGHU
3fiOWSsElHANCgbLWbJDX+zihZ3KznxQpKl50fKKDzyIzA/bRhld1iCiOIRSpEyE
wB7YI5DWv+C5vdeLIanA6J/3uv2YulUY2okhULvlbKw5olToVgQMO7qNXJ5xcHc4
OfRQH4bkFxXIJ/GeXLZ9AmtEoqaLj12q3I5Mjt7KWqAnvnoA8kHNEWkdThdVcGrP
aE/MQbedkvEWXw950Zty7iapV6+5duSqGjLipQhTwISqVZw7TRwEaHy4w+YUqiX1
5LOrtwKblbza8gIF+6cQY3iSMhUJzVHge1rFZidGHrWenrTf06O2U/PrVbLq63NQ
S7tLkD+eyCl8hOz4
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:42:12 2025 by rpki-client