Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/eXMu4abFq72x-nh3qBeT-0xX0gI.roa
File: eXMu4abFq72x-nh3qBeT-0xX0gI.roa (raw, json)
Hash identifier: XXf4YM186DMceDuy54KxYaNl0Ko49Hor8ANjyzZVVx4=
Subject key identifier: 79:73:2E:E1:A6:C5:AB:BD:B1:FA:78:77:A8:17:93:FB:4C:57:D2:02
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6E38
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/eXMu4abFq72x-nh3qBeT-0xX0gI.roa
Signing time: Sat 21 Jun 2025 11:44:09 +0000
ROA not before: Sat 21 Jun 2025 11:44:09 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28216 (0x6e38)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 21 11:44:09 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=79732EE1A6C5ABBDB1FA7877A81793FB4C57D202
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:bb:4f:b0:60:5b:14:e6:c5:49:8f:41:20:e0:
44:f5:8a:05:9c:bd:29:13:e0:7d:72:8e:8a:f4:24:
0d:d4:f7:e5:27:fb:7f:a3:96:71:70:e6:a2:2e:ee:
8f:ff:1b:54:2c:f2:51:f7:ea:73:2a:88:b3:26:f4:
3c:8f:1c:fa:a8:c4:0e:a7:94:72:18:79:22:5e:82:
97:7a:82:78:6c:5e:59:e5:86:58:71:54:3c:4e:9a:
09:d6:5b:00:bd:50:c1:a3:b1:6a:c1:86:60:53:12:
d3:ef:5f:1b:51:c6:1b:b4:b7:20:bf:85:7f:9b:59:
3f:33:49:39:d1:e2:c3:5b:72:cc:d0:c5:90:66:99:
59:78:47:7f:8c:12:21:d7:dc:df:b4:5c:f6:ed:ee:
60:08:52:cd:f7:92:17:74:c8:b4:84:3d:80:30:2e:
ca:f0:44:e6:04:cb:bd:07:7c:77:26:da:fe:b8:d1:
b6:a8:63:35:dd:89:b1:44:6c:bc:36:7e:3e:db:af:
58:20:ff:a0:dc:12:2a:6e:93:a0:0e:71:c3:13:02:
4b:01:c9:d5:81:49:d2:16:3b:d8:5e:ac:e3:f1:b7:
f6:bc:bc:f4:4e:af:f1:b3:f7:55:6d:85:60:52:82:
93:ab:54:27:f1:dc:76:66:6c:9d:7f:84:55:d0:cf:
94:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
79:73:2E:E1:A6:C5:AB:BD:B1:FA:78:77:A8:17:93:FB:4C:57:D2:02
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/eXMu4abFq72x-nh3qBeT-0xX0gI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
3e:cd:ef:ba:af:1f:5f:9f:4d:6a:67:d8:8a:1b:86:07:3c:54:
0a:11:0d:b3:fa:fc:9c:a3:ce:4f:37:ac:b0:28:f4:87:da:68:
bc:18:42:11:5b:48:7c:02:cb:f8:dd:cf:55:f4:09:bd:21:29:
fc:0f:23:9e:3c:dc:fb:8c:f5:18:ef:77:ca:95:64:1b:dc:e3:
53:06:03:5d:80:89:a7:65:21:6e:f7:8e:de:88:6b:f7:eb:3c:
8d:e9:97:15:c5:11:a8:21:da:ae:91:8d:7d:18:c1:d5:c6:74:
b5:8c:a7:53:e6:22:e7:4b:78:25:b0:54:b1:97:cc:23:53:97:
4f:81:0c:13:a6:28:85:9b:5a:1c:c8:c8:64:ad:08:c6:e4:e2:
04:2f:d7:84:ca:46:25:10:eb:b2:12:f9:9a:c6:df:70:21:ba:
68:0e:c8:db:87:cc:c9:db:d8:f1:3c:1e:5c:8e:1c:13:60:ef:
34:41:11:72:17:62:64:64:06:39:bc:03:5d:e1:26:27:b7:19:
44:2c:78:55:44:84:ee:a5:5a:67:2b:41:d0:20:bf:07:9f:1b:
82:9c:98:17:a4:60:71:6f:09:8a:21:14:79:82:f0:93:b7:8c:
30:81:55:cf:f0:0f:18:20:04:d0:ba:8c:ef:1f:3e:e0:2a:46:
3f:e4:25:e4
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbjgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjEx
MTQ0MDlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDc5NzMyRUUxQTZDNUFC
QkRCMUZBNzg3N0E4MTc5M0ZCNEM1N0QyMDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDFu0+wYFsU5sVJj0Eg4ET1igWcvSkT4H1yjor0JA3U9+Un+3+j
lnFw5qIu7o//G1Qs8lH36nMqiLMm9DyPHPqoxA6nlHIYeSJegpd6gnhsXlnlhlhx
VDxOmgnWWwC9UMGjsWrBhmBTEtPvXxtRxhu0tyC/hX+bWT8zSTnR4sNbcszQxZBm
mVl4R3+MEiHX3N+0XPbt7mAIUs33khd0yLSEPYAwLsrwROYEy70HfHcm2v640bao
YzXdibFEbLw2fj7br1gg/6DcEipuk6AOccMTAksBydWBSdIWO9herOPxt/a8vPRO
r/Gz91VthWBSgpOrVCfx3HZmbJ1/hFXQz5RZAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUeXMu4abFq72x+nh3qBeT+0xX0gIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2VYTXU0YWJGcTcyeC1u
aDNxQmVULTB4WDBnSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA+ze+6
rx9fn01qZ9iKG4YHPFQKEQ2z+vyco85PN6ywKPSH2mi8GEIRW0h8Asv43c9V9Am9
ISn8DyOePNz7jPUY73fKlWQb3ONTBgNdgImnZSFu947eiGv36zyN6ZcVxRGoIdqu
kY19GMHVxnS1jKdT5iLnS3glsFSxl8wjU5dPgQwTpiiFm1ocyMhkrQjG5OIEL9eE
ykYlEOuyEvmaxt9wIbpoDsjbh8zJ29jxPB5cjhwTYO80QRFyF2JkZAY5vANd4SYn
txlELHhVRITupVpnK0HQIL8HnxuCnJgXpGBxbwmKIRR5gvCTt4wwgVXP8A8YIATQ
uozvHz7gKkY/5CXk
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:35:56 2025 by rpki-client