Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/iupGlF1Y2L3mJ7tk4bSMC1lVYc0.roa
File: iupGlF1Y2L3mJ7tk4bSMC1lVYc0.roa (raw, json)
Hash identifier: py6PkMXF5t/bnR49TDIZhYuIqZid1dD4k3qhhiQcIt0=
Subject key identifier: 8A:EA:46:94:5D:58:D8:BD:E6:27:BB:64:E1:B4:8C:0B:59:55:61:CD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 636A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/iupGlF1Y2L3mJ7tk4bSMC1lVYc0.roa
Signing time: Fri 23 May 2025 04:40:47 +0000
ROA not before: Fri 23 May 2025 04:40:47 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25450 (0x636a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 23 04:40:47 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=8AEA46945D58D8BDE627BB64E1B48C0B595561CD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:11:49:86:15:93:00:00:ba:7e:d9:8f:ca:20:
2c:54:1a:1f:32:8a:31:35:af:6e:02:89:62:d8:56:
9a:be:fc:bf:aa:55:52:78:3d:16:64:93:cf:e5:17:
79:bc:24:0e:e5:ee:c6:1d:58:81:d3:c1:43:12:1c:
4d:6e:84:b9:01:86:66:3e:7c:5d:11:0c:e5:74:fd:
64:ad:0e:fd:22:ba:a8:63:db:3c:7e:2f:b6:14:f0:
97:80:af:f5:85:8c:1f:5e:03:3c:12:f5:d1:ef:7d:
00:62:bc:aa:d1:6b:d6:b3:aa:f7:2c:c1:ec:35:9c:
a4:11:28:4c:11:67:8b:00:82:34:b1:e0:d8:fe:22:
5c:85:51:c6:a2:0a:3f:7c:42:2e:24:4e:33:08:44:
c8:fd:37:5a:79:a5:68:4c:59:00:d3:74:37:1b:86:
4f:56:1d:65:ef:a3:f6:4b:a8:e4:48:67:74:73:cd:
b7:1f:51:a0:55:67:d5:4a:cc:6c:3f:c7:5c:21:56:
5c:04:4b:ab:8e:6a:e9:e9:65:a5:ba:0b:df:a1:64:
78:07:fd:94:fd:ca:f3:28:77:03:ba:a5:44:23:62:
22:de:37:c7:39:ea:ac:47:31:46:31:ea:7a:bf:ea:
94:58:df:93:4a:a9:c9:9f:d3:77:d0:0d:0a:66:b6:
0e:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:EA:46:94:5D:58:D8:BD:E6:27:BB:64:E1:B4:8C:0B:59:55:61:CD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/iupGlF1Y2L3mJ7tk4bSMC1lVYc0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
1e:b4:b0:b9:a3:b3:a6:34:33:00:c0:bf:49:57:b1:4f:2b:4b:
01:8b:48:cb:54:51:29:c1:09:32:d0:15:dd:79:57:0d:9b:ff:
19:00:88:42:e4:36:fa:6f:04:f4:47:c4:b5:f3:0c:4c:a1:30:
b7:f5:94:f6:49:76:68:96:0d:6d:e5:f9:24:c7:29:ed:74:58:
1d:40:82:ae:c5:fc:41:ac:44:85:16:bc:9a:81:7b:03:2e:b5:
0c:ef:c2:24:46:ae:c3:ee:7e:82:fb:15:e8:45:4d:c3:d8:46:
5c:d3:f6:1a:04:70:2e:0a:1b:5e:61:c0:a7:f7:bf:a7:4c:4d:
65:be:fe:7a:57:2a:cd:cf:a9:0b:f2:9b:61:f0:b6:78:d6:f7:
81:4d:6d:ef:97:9b:ca:76:c4:0b:45:23:a7:25:80:51:37:ce:
12:18:f4:71:f1:7b:47:81:00:8c:3e:b4:64:fc:6d:aa:17:8c:
1f:95:d7:ae:16:d4:66:1c:29:ee:5c:1e:23:0c:dc:58:0a:8c:
04:51:82:5a:7c:84:d2:8c:c1:12:5d:90:3f:d8:b2:3b:54:8b:
97:ce:b0:75:f3:f5:a3:b7:f7:06:16:33:9d:76:42:eb:48:7a:
aa:8b:fd:a6:5e:0f:24:a2:07:da:4d:57:7a:67:a7:e9:15:f1:
b3:ba:ac:05
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICY2owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjMw
NDQwNDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDhBRUE0Njk0NUQ1OEQ4
QkRFNjI3QkI2NEUxQjQ4QzBCNTk1NTYxQ0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCbEUmGFZMAALp+2Y/KICxUGh8yijE1r24CiWLYVpq+/L+qVVJ4
PRZkk8/lF3m8JA7l7sYdWIHTwUMSHE1uhLkBhmY+fF0RDOV0/WStDv0iuqhj2zx+
L7YU8JeAr/WFjB9eAzwS9dHvfQBivKrRa9azqvcswew1nKQRKEwRZ4sAgjSx4Nj+
IlyFUcaiCj98Qi4kTjMIRMj9N1p5pWhMWQDTdDcbhk9WHWXvo/ZLqORIZ3Rzzbcf
UaBVZ9VKzGw/x1whVlwES6uOaunpZaW6C9+hZHgH/ZT9yvModwO6pUQjYiLeN8c5
6qxHMUYx6nq/6pRY35NKqcmf03fQDQpmtg5PAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUiupGlF1Y2L3mJ7tk4bSMC1lVYc0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2l1cEdsRjFZMkwzbUo3
dGs0YlNNQzFsVlljMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAetLC5
o7OmNDMAwL9JV7FPK0sBi0jLVFEpwQky0BXdeVcNm/8ZAIhC5Db6bwT0R8S18wxM
oTC39ZT2SXZolg1t5fkkxyntdFgdQIKuxfxBrESFFryagXsDLrUM78IkRq7D7n6C
+xXoRU3D2EZc0/YaBHAuChteYcCn97+nTE1lvv56VyrNz6kL8pth8LZ41veBTW3v
l5vKdsQLRSOnJYBRN84SGPRx8XtHgQCMPrRk/G2qF4wfldeuFtRmHCnuXB4jDNxY
CowEUYJafITSjMESXZA/2LI7VIuXzrB18/Wjt/cGFjOddkLrSHqqi/2mXg8kogfa
TVd6Z6fpFfGzuqwF
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:40:00 2025 by rpki-client