Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/hVkNcMmEUGOVsNDpdQCO14lzJZs.roa
File: hVkNcMmEUGOVsNDpdQCO14lzJZs.roa (raw, json)
Hash identifier: 98aGjPY+MDC8a8IvRbRvMGE8JTaaYZ/qwl8p9tbGKTg=
Subject key identifier: 85:59:0D:70:C9:84:50:63:95:B0:D0:E9:75:00:8E:D7:89:73:25:9B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 63A2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hVkNcMmEUGOVsNDpdQCO14lzJZs.roa
Signing time: Fri 23 May 2025 18:40:58 +0000
ROA not before: Fri 23 May 2025 18:40:58 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25506 (0x63a2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 23 18:40:58 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=85590D70C984506395B0D0E975008ED78973259B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:29:05:29:7e:a4:b4:75:db:cc:84:9b:ef:b6:
7c:4d:48:90:29:49:b9:d6:6b:68:19:66:52:6d:6e:
a9:4c:b0:62:ae:b4:89:3b:ca:f3:05:76:eb:4a:91:
07:23:62:0c:0b:cc:b8:f3:a7:70:03:cc:7c:c1:3e:
af:97:0b:61:5f:54:56:0e:a9:86:f3:03:40:92:68:
e5:3d:88:0d:51:70:dd:90:8f:c3:75:09:d7:08:67:
24:3b:86:a6:1c:92:ad:65:12:8c:56:a0:8a:eb:fa:
5f:b0:60:9e:6e:49:32:41:99:08:c2:0a:fd:bc:d2:
8b:87:d0:8b:6d:60:ee:9c:07:0b:f1:c4:81:49:86:
50:e2:a8:be:97:f1:b9:67:40:2f:37:2c:00:ff:5f:
5d:a6:be:d9:8f:09:ff:b6:b2:e7:e8:17:32:46:75:
05:75:4c:fe:06:08:0e:89:de:db:b9:45:32:75:e9:
39:67:db:8a:19:e6:e5:18:51:2e:75:e2:bb:1e:65:
ae:60:3c:35:87:64:6e:ea:08:5e:b7:bf:6a:e5:6b:
6b:94:0e:b4:73:32:28:f5:9b:69:13:6e:7a:a7:e4:
eb:ea:31:2e:99:f7:ea:4c:aa:5e:ab:7e:11:fa:45:
b1:7e:6e:3c:cb:9d:5d:78:da:57:8c:25:3a:a0:ed:
fe:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:59:0D:70:C9:84:50:63:95:B0:D0:E9:75:00:8E:D7:89:73:25:9B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hVkNcMmEUGOVsNDpdQCO14lzJZs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
3b:c6:73:38:af:d5:b5:6c:a4:50:f2:02:c7:55:fc:28:8d:9f:
b2:4d:59:b8:d4:4c:71:58:e4:08:e1:6f:6a:74:2e:3f:a8:5d:
b8:b6:2a:f5:fd:b8:f0:4d:1a:f8:4b:14:dc:86:40:30:46:68:
42:24:44:82:58:07:f5:73:73:ff:57:c3:bc:13:0f:12:2c:0c:
5f:9c:bb:bc:c2:e3:7b:27:90:0b:64:92:3c:61:8d:e2:cf:e1:
59:d5:20:a7:a7:1c:84:5d:9e:89:68:70:70:28:3b:b6:33:54:
56:ba:dc:fb:1d:4a:47:b6:f9:e0:c3:09:85:02:9d:d5:f5:d0:
71:27:a4:f5:0e:0e:53:cd:ad:76:6e:d3:8f:aa:ba:f0:cf:25:
c2:b6:f6:f8:2c:14:01:fe:8a:23:4d:31:97:57:b8:62:57:9f:
06:e9:22:33:a8:be:4a:f6:f5:4c:a7:1a:b4:ce:83:6e:fc:fa:
6b:86:70:3f:5a:cd:91:6e:b7:82:2a:69:31:ae:c0:9c:23:fe:
84:cc:7f:cf:ad:b6:22:72:68:10:89:bf:dc:59:45:ce:05:fe:
20:25:6f:03:5e:35:71:d0:91:9d:18:a6:86:33:b7:92:e4:fc:
b7:53:8c:57:3d:98:f9:db:8b:55:aa:dc:00:a7:33:41:10:f9:
28:a1:9d:83
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICY6IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjMx
ODQwNThaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDg1NTkwRDcwQzk4NDUw
NjM5NUIwRDBFOTc1MDA4RUQ3ODk3MzI1OUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCkKQUpfqS0ddvMhJvvtnxNSJApSbnWa2gZZlJtbqlMsGKutIk7
yvMFdutKkQcjYgwLzLjzp3ADzHzBPq+XC2FfVFYOqYbzA0CSaOU9iA1RcN2Qj8N1
CdcIZyQ7hqYckq1lEoxWoIrr+l+wYJ5uSTJBmQjCCv280ouH0IttYO6cBwvxxIFJ
hlDiqL6X8blnQC83LAD/X12mvtmPCf+2sufoFzJGdQV1TP4GCA6J3tu5RTJ16Tln
24oZ5uUYUS514rseZa5gPDWHZG7qCF63v2rla2uUDrRzMij1m2kTbnqn5OvqMS6Z
9+pMql6rfhH6RbF+bjzLnV142leMJTqg7f5VAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUhVkNcMmEUGOVsNDpdQCO14lzJZswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2hWa05jTW1FVUdPVnNO
RHBkUUNPMTRsekpacy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA7xnM4
r9W1bKRQ8gLHVfwojZ+yTVm41ExxWOQI4W9qdC4/qF24tir1/bjwTRr4SxTchkAw
RmhCJESCWAf1c3P/V8O8Ew8SLAxfnLu8wuN7J5ALZJI8YY3iz+FZ1SCnpxyEXZ6J
aHBwKDu2M1RWutz7HUpHtvngwwmFAp3V9dBxJ6T1Dg5Tza12btOPqrrwzyXCtvb4
LBQB/oojTTGXV7hiV58G6SIzqL5K9vVMpxq0zoNu/PprhnA/Ws2RbreCKmkxrsCc
I/6EzH/PrbYicmgQib/cWUXOBf4gJW8DXjVx0JGdGKaGM7eS5Py3U4xXPZj524tV
qtwApzNBEPkooZ2D
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:29:12 2025 by rpki-client