Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/k2uitTwwRk8R91CZ-WY-L83B4hY.roa
File: k2uitTwwRk8R91CZ-WY-L83B4hY.roa (raw, json)
Hash identifier: J6NUE92f5rHGSSnxFx9C29zwQ8lOo81ZAuZhJCBFhlA=
Subject key identifier: 93:6B:A2:B5:3C:30:46:4F:11:F7:50:99:F9:66:3E:2F:CD:C1:E2:16
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6D62
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/k2uitTwwRk8R91CZ-WY-L83B4hY.roa
Signing time: Wed 18 Jun 2025 21:01:32 +0000
ROA not before: Wed 18 Jun 2025 21:01:32 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28002 (0x6d62)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 18 21:01:32 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=936BA2B53C30464F11F75099F9663E2FCDC1E216
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:5a:9e:16:fb:94:bd:9b:d0:10:41:36:5c:d8:
0e:2e:a2:8b:38:41:68:4a:fa:2b:76:6e:9c:bc:f6:
39:e6:d1:a2:bf:16:7e:f8:86:7e:3f:d5:4e:70:26:
7f:5c:a1:a3:2d:55:9b:7c:d2:21:96:97:14:21:be:
3f:1e:55:68:bb:49:9f:61:cd:4e:66:3f:39:ff:f9:
52:79:f1:4b:1e:20:da:32:f1:5f:c3:17:3d:d6:a8:
43:f8:c4:07:b5:9f:77:e2:94:60:17:df:d3:8a:cb:
ac:97:aa:5b:60:51:0b:b9:bd:08:f7:97:35:49:a3:
62:4e:08:4f:a5:63:e5:df:82:32:92:8b:ab:2e:e9:
ba:04:03:69:bb:ad:ef:34:b4:b8:ec:d8:b3:87:ad:
00:6a:b6:e2:9a:3b:6a:39:5d:6a:3d:96:dc:7b:ac:
e0:b3:0f:a4:8e:58:e4:33:7a:e4:fc:62:23:c9:22:
68:6d:20:0a:84:a5:4f:e2:e1:18:a1:2c:16:3b:d3:
4f:7f:84:07:f9:3e:75:e3:62:de:b7:98:15:74:89:
72:7d:a6:01:64:5e:f5:7d:84:da:a0:d9:e6:02:63:
cd:9c:11:57:a7:6e:51:ec:5b:12:73:95:4e:e1:c2:
5a:90:9f:8d:de:5d:54:fe:0f:17:83:ac:dc:16:f2:
83:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:6B:A2:B5:3C:30:46:4F:11:F7:50:99:F9:66:3E:2F:CD:C1:E2:16
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/k2uitTwwRk8R91CZ-WY-L83B4hY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
1d:8e:2d:8e:99:14:fa:29:a7:1b:95:0b:1a:8d:dd:c6:38:59:
23:90:ef:90:a6:8b:65:d1:55:d7:5a:d6:25:a7:66:ff:77:52:
90:d9:d4:8f:44:d7:d5:a3:7b:49:a9:61:ae:63:2b:2d:04:1e:
ec:d9:9b:5e:28:26:28:6e:e0:84:5f:07:6b:6f:f7:73:9d:b8:
e6:2f:0f:9d:bf:b4:ef:b0:73:d3:20:48:46:79:d4:8d:5f:33:
b4:bf:14:5d:c5:10:5f:66:70:b3:c2:8b:73:97:45:d0:dc:93:
50:a4:7f:fd:ae:33:3b:35:b3:f2:6b:46:b7:27:1b:e6:b6:51:
01:51:f6:05:0b:55:a0:c8:b9:60:00:ac:b5:44:fd:34:c4:43:
cb:4c:77:7a:18:78:f0:e5:21:3c:08:68:bb:13:8b:86:62:f1:
19:89:ba:2d:9c:7c:3d:45:51:ad:a7:56:15:ec:e9:b8:5f:ea:
65:ce:b0:d2:6d:3e:50:15:ff:c6:85:48:7c:2c:69:d2:3e:96:
ad:64:35:81:77:b5:5e:b5:2c:54:62:21:5c:28:f2:38:1e:7f:
c6:82:fa:19:b7:ab:e7:b0:6c:47:9e:49:b1:49:de:ec:89:cf:
94:5f:c1:d8:cd:ee:0e:e8:72:6d:a8:3d:13:c7:3c:ea:1a:40:
d5:8e:f5:de
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbWIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTgy
MTAxMzJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDkzNkJBMkI1M0MzMDQ2
NEYxMUY3NTA5OUY5NjYzRTJGQ0RDMUUyMTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCiWp4W+5S9m9AQQTZc2A4uoos4QWhK+it2bpy89jnm0aK/Fn74
hn4/1U5wJn9coaMtVZt80iGWlxQhvj8eVWi7SZ9hzU5mPzn/+VJ58UseINoy8V/D
Fz3WqEP4xAe1n3filGAX39OKy6yXqltgUQu5vQj3lzVJo2JOCE+lY+XfgjKSi6su
6boEA2m7re80tLjs2LOHrQBqtuKaO2o5XWo9ltx7rOCzD6SOWOQzeuT8YiPJImht
IAqEpU/i4RihLBY7009/hAf5PnXjYt63mBV0iXJ9pgFkXvV9hNqg2eYCY82cEVen
blHsWxJzlU7hwlqQn43eXVT+DxeDrNwW8oPLAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUk2uitTwwRk8R91CZ+WY+L83B4hYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2sydWl0VHd3Ums4Ujkx
Q1otV1ktTDgzQjRoWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAdji2O
mRT6KacblQsajd3GOFkjkO+Qpotl0VXXWtYlp2b/d1KQ2dSPRNfVo3tJqWGuYyst
BB7s2ZteKCYobuCEXwdrb/dznbjmLw+dv7TvsHPTIEhGedSNXzO0vxRdxRBfZnCz
wotzl0XQ3JNQpH/9rjM7NbPya0a3JxvmtlEBUfYFC1WgyLlgAKy1RP00xEPLTHd6
GHjw5SE8CGi7E4uGYvEZibotnHw9RVGtp1YV7Om4X+plzrDSbT5QFf/GhUh8LGnS
PpatZDWBd7VetSxUYiFcKPI4Hn/GgvoZt6vnsGxHnkmxSd7sic+UX8HYze4O6HJt
qD0TxzzqGkDVjvXe
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:50:29 2025 by rpki-client