Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/iR54ozVVCGd0GggSBrp1IDlZqt0.roa
File: iR54ozVVCGd0GggSBrp1IDlZqt0.roa (raw, json)
Hash identifier: ecQVsq/o4mqTC1v3NWuDm6wdx8czhz3MK1fJNL/mC1k=
Subject key identifier: 89:1E:78:A3:35:55:08:67:74:1A:08:12:06:BA:75:20:39:59:AA:DD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 63AA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/iR54ozVVCGd0GggSBrp1IDlZqt0.roa
Signing time: Fri 23 May 2025 20:41:01 +0000
ROA not before: Fri 23 May 2025 20:41:01 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25514 (0x63aa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 23 20:41:01 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=891E78A335550867741A081206BA75203959AADD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:70:18:9c:48:c7:a2:80:44:ea:03:84:1d:e4:
db:10:11:88:35:0d:82:66:b3:45:b3:db:7f:47:9f:
9d:f8:fd:a7:b0:fe:1f:29:bb:94:69:ff:25:a5:d7:
14:73:36:ff:a0:fa:49:15:b1:4e:dc:56:f7:5b:90:
30:d9:76:76:f2:47:ae:0f:f4:ef:17:11:77:ea:7d:
18:b9:56:ae:cc:52:82:d2:8d:0a:0e:b8:91:35:03:
2b:e0:5f:c7:00:0b:e5:72:54:44:a5:c2:53:59:f7:
74:22:9f:7e:99:86:ff:c2:e5:f7:86:e5:e4:87:e1:
97:a5:96:4f:13:7d:5c:1e:17:bf:23:b1:e4:a2:df:
0a:3e:6a:8c:a6:6d:97:24:4d:53:0a:6c:6a:4e:a3:
d9:45:02:ed:0e:bf:5e:66:39:a2:04:e1:d9:d0:f8:
2f:1e:ec:5c:fd:70:e6:b2:15:1c:de:35:63:3c:eb:
0e:09:72:dc:16:9d:63:d6:cb:28:2b:b1:36:73:26:
61:6c:b1:75:92:90:37:94:e4:3f:c5:ee:cc:e9:61:
ba:d2:a2:27:83:2b:08:fc:aa:7e:8b:78:80:2f:ae:
f0:ed:0c:6a:1e:8f:8c:5f:7f:73:08:a3:7c:a4:21:
3c:41:b0:af:47:dc:6a:ac:5f:19:ba:b8:28:cc:6d:
58:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:1E:78:A3:35:55:08:67:74:1A:08:12:06:BA:75:20:39:59:AA:DD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/iR54ozVVCGd0GggSBrp1IDlZqt0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
21:ad:ca:ba:04:f0:54:a0:43:81:d8:4b:e1:5e:36:cd:48:64:
8c:ea:4a:35:77:e0:85:84:e9:24:3e:64:f1:2c:39:32:b6:2a:
a4:93:3d:db:a0:fd:6c:fa:bb:11:9b:4e:d6:7a:e1:68:9c:50:
50:71:b1:55:5a:3e:9e:79:c3:76:a0:6b:3f:5c:2a:5c:37:1f:
74:ae:5b:86:ff:c3:3c:99:f0:af:87:cf:00:46:0f:14:83:35:
2c:46:77:99:e8:5a:92:e6:41:9f:02:f5:0e:b7:49:82:99:1e:
33:0b:5e:cc:d7:1a:5b:6d:36:8d:7e:99:72:75:07:35:44:b8:
b7:76:a4:62:67:5d:f1:86:ea:6e:75:3e:89:ef:b9:f6:a4:92:
23:b3:3c:79:de:07:55:1e:a2:29:d7:48:aa:3c:dd:37:19:41:
11:f4:09:8a:8b:7f:33:8e:b1:2c:ac:8c:ab:88:c2:e8:c7:19:
6e:4c:0b:8f:ef:69:ff:dc:ad:52:6d:99:b2:db:61:ad:25:80:
f1:97:b1:cb:58:2e:25:b3:68:c0:86:f2:07:07:8a:e6:f5:5c:
55:dd:26:5d:9a:9b:49:0d:e8:6e:07:c0:b5:62:51:79:fa:a5:
3c:bd:30:2c:6d:5f:3a:a6:c3:c7:cf:3a:73:a2:24:09:bd:48:
36:11:38:c1
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICY6owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjMy
MDQxMDFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDg5MUU3OEEzMzU1NTA4
Njc3NDFBMDgxMjA2QkE3NTIwMzk1OUFBREQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCacBicSMeigETqA4Qd5NsQEYg1DYJms0Wz239Hn534/aew/h8p
u5Rp/yWl1xRzNv+g+kkVsU7cVvdbkDDZdnbyR64P9O8XEXfqfRi5Vq7MUoLSjQoO
uJE1AyvgX8cAC+VyVESlwlNZ93Qin36Zhv/C5feG5eSH4Zellk8TfVweF78jseSi
3wo+aoymbZckTVMKbGpOo9lFAu0Ov15mOaIE4dnQ+C8e7Fz9cOayFRzeNWM86w4J
ctwWnWPWyygrsTZzJmFssXWSkDeU5D/F7szpYbrSoieDKwj8qn6LeIAvrvDtDGoe
j4xff3MIo3ykITxBsK9H3GqsXxm6uCjMbVijAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUiR54ozVVCGd0GggSBrp1IDlZqt0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2lSNTRvelZWQ0dkMEdn
Z1NCcnAxSURsWnF0MC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAhrcq6
BPBUoEOB2EvhXjbNSGSM6ko1d+CFhOkkPmTxLDkytiqkkz3boP1s+rsRm07WeuFo
nFBQcbFVWj6eecN2oGs/XCpcNx90rluG/8M8mfCvh88ARg8UgzUsRneZ6FqS5kGf
AvUOt0mCmR4zC17M1xpbbTaNfplydQc1RLi3dqRiZ13xhupudT6J77n2pJIjszx5
3gdVHqIp10iqPN03GUER9AmKi38zjrEsrIyriMLoxxluTAuP72n/3K1SbZmy22Gt
JYDxl7HLWC4ls2jAhvIHB4rm9VxV3SZdmptJDehuB8C1YlF5+qU8vTAsbV86psPH
zzpzoiQJvUg2ETjB
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:59:04 2025 by rpki-client