Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/kQ8Eq6bCvGpyBts4fvGsPWZuy3o.roa
File: kQ8Eq6bCvGpyBts4fvGsPWZuy3o.roa (raw, json)
Hash identifier: buQdg28ISkI8speXipfuYIcVhOscSMrnlFjtKMf/VAI=
Subject key identifier: 91:0F:04:AB:A6:C2:BC:6A:72:06:DB:38:7E:F1:AC:3D:66:6E:CB:7A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 638C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/kQ8Eq6bCvGpyBts4fvGsPWZuy3o.roa
Signing time: Fri 23 May 2025 13:10:44 +0000
ROA not before: Fri 23 May 2025 13:10:44 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25484 (0x638c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 23 13:10:44 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=910F04ABA6C2BC6A7206DB387EF1AC3D666ECB7A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:f1:f5:e8:38:8b:63:27:cf:76:83:25:0f:3e:
3e:9f:74:f1:4f:c2:9d:32:a3:b0:7a:b8:c4:ff:ba:
48:88:d3:9f:4e:8d:c1:a4:ac:73:ed:b8:36:45:b3:
c8:62:17:f6:4a:2d:89:d4:4f:dd:f1:6b:1f:dd:15:
75:d7:83:3d:ee:8c:6d:cd:d2:81:30:1e:9d:30:27:
70:8f:8a:ec:8c:b1:55:69:65:ee:74:6f:8d:f6:c1:
ac:00:f3:ca:ef:b9:61:31:5b:68:60:2b:a6:ca:9c:
41:e8:44:b4:1f:33:03:f4:01:01:9a:27:33:77:8f:
39:2b:59:5f:b7:16:53:3f:5a:0b:a2:a9:56:b4:22:
a5:3b:0f:30:dd:6d:cc:65:18:92:d7:ed:63:e2:e6:
36:39:be:f0:03:62:14:5f:09:27:68:2c:18:e1:90:
3d:30:4b:24:47:36:d0:f5:0e:4e:c8:db:2e:86:fc:
80:92:f2:72:50:63:3f:6e:28:e5:63:37:c9:58:b2:
28:79:e4:65:8f:a1:a2:e8:f5:4e:90:55:7e:00:a6:
70:82:db:38:24:93:fd:94:47:2c:24:1b:23:75:56:
48:04:bd:e6:f1:2b:2b:25:c7:6e:63:55:09:5c:d1:
86:42:16:ab:3c:43:b7:19:d0:40:40:d7:e3:3d:fd:
8d:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:0F:04:AB:A6:C2:BC:6A:72:06:DB:38:7E:F1:AC:3D:66:6E:CB:7A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/kQ8Eq6bCvGpyBts4fvGsPWZuy3o.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
48:7d:5e:13:65:32:de:66:8d:7f:48:ae:8c:ad:76:07:77:f8:
01:57:68:58:45:60:9a:31:eb:48:95:0a:84:cb:69:c8:da:fa:
4f:3a:0c:51:80:a9:aa:fb:8b:f0:01:99:b4:79:37:4f:33:f8:
c7:de:cf:47:34:f1:54:41:53:e6:79:7f:d8:04:74:55:69:fe:
4a:26:6d:76:59:fa:1c:ae:6f:41:a6:b3:f9:13:2d:6f:6d:d5:
45:3b:dc:b3:d3:18:db:5f:d0:ad:af:14:f4:b2:44:5c:2d:5a:
f6:31:10:cb:12:b1:68:b2:5a:b2:09:74:69:51:f1:de:35:e1:
a7:55:75:33:1e:9e:f3:40:bb:51:ca:da:c1:df:fa:15:69:7e:
fc:48:eb:17:f7:56:4b:31:7a:c0:3e:8c:6c:24:4d:eb:20:cb:
bb:e0:c9:a2:87:19:18:fd:14:f3:4a:03:da:7c:0f:7f:f0:ca:
65:9a:f4:61:92:6c:43:94:31:67:72:20:df:60:4e:e1:77:4f:
73:02:3a:bb:78:0d:12:78:51:0a:92:4e:d1:3e:6d:ad:15:34:
3f:be:f0:45:bf:5e:99:d5:2d:fe:06:58:c9:cc:4d:54:5c:e4:
94:66:c3:44:0a:96:9e:0b:37:9e:5b:ac:dc:c1:90:4e:ff:6d:
ab:30:a4:12
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICY4wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjMx
MzEwNDRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDkxMEYwNEFCQTZDMkJD
NkE3MjA2REIzODdFRjFBQzNENjY2RUNCN0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDq8fXoOItjJ892gyUPPj6fdPFPwp0yo7B6uMT/ukiI059OjcGk
rHPtuDZFs8hiF/ZKLYnUT93xax/dFXXXgz3ujG3N0oEwHp0wJ3CPiuyMsVVpZe50
b432wawA88rvuWExW2hgK6bKnEHoRLQfMwP0AQGaJzN3jzkrWV+3FlM/WguiqVa0
IqU7DzDdbcxlGJLX7WPi5jY5vvADYhRfCSdoLBjhkD0wSyRHNtD1Dk7I2y6G/ICS
8nJQYz9uKOVjN8lYsih55GWPoaLo9U6QVX4ApnCC2zgkk/2URywkGyN1VkgEvebx
Kyslx25jVQlc0YZCFqs8Q7cZ0EBA1+M9/Y0/AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUkQ8Eq6bCvGpyBts4fvGsPWZuy3owHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2tROEVxNmJDdkdweUJ0
czRmdkdzUFdadXkzby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBIfV4T
ZTLeZo1/SK6MrXYHd/gBV2hYRWCaMetIlQqEy2nI2vpPOgxRgKmq+4vwAZm0eTdP
M/jH3s9HNPFUQVPmeX/YBHRVaf5KJm12Wfocrm9BprP5Ey1vbdVFO9yz0xjbX9Ct
rxT0skRcLVr2MRDLErFoslqyCXRpUfHeNeGnVXUzHp7zQLtRytrB3/oVaX78SOsX
91ZLMXrAPoxsJE3rIMu74MmihxkY/RTzSgPafA9/8MplmvRhkmxDlDFnciDfYE7h
d09zAjq7eA0SeFEKkk7RPm2tFTQ/vvBFv16Z1S3+BljJzE1UXOSUZsNECpaeCzee
W6zcwZBO/22rMKQS
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:29:31 2025 by rpki-client