Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/kcv34eZYiFqZL7E7DHkShnUeEpw.roa
File: kcv34eZYiFqZL7E7DHkShnUeEpw.roa (raw, json)
Hash identifier: 4gonz09MKgbHvLFZjj6tRu9evG8Ixp8SiOVYsSrehnA=
Subject key identifier: 91:CB:F7:E1:E6:58:88:5A:99:2F:B1:3B:0C:79:12:86:75:1E:12:9C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6DB4
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/kcv34eZYiFqZL7E7DHkShnUeEpw.roa
Signing time: Fri 20 Jun 2025 00:22:22 +0000
ROA not before: Fri 20 Jun 2025 00:22:22 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28084 (0x6db4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 20 00:22:22 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=91CBF7E1E658885A992FB13B0C791286751E129C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:cc:05:ca:ee:58:ab:60:d0:56:46:d1:9f:41:
9a:fb:75:f7:77:de:57:98:3b:e1:3f:d8:db:6e:8f:
7b:64:36:11:f1:9c:24:5b:98:0a:61:03:de:5d:90:
ce:e1:11:78:d2:c7:92:24:ac:7b:5a:70:80:74:9d:
ea:7c:13:b8:63:99:81:2e:3e:9d:c5:39:99:59:7f:
6b:05:2c:84:41:22:22:de:15:f8:6c:94:1d:b4:b9:
9d:25:a7:1d:f2:32:1a:76:dc:72:33:79:71:fa:f5:
18:12:2d:3d:25:f8:09:ba:63:f7:4b:94:87:b0:91:
36:77:eb:6e:49:09:15:79:fc:ab:55:50:ec:a5:ee:
c1:00:df:b2:c9:17:9c:eb:d7:3b:c2:99:5d:1f:1c:
ad:1f:c1:91:ea:44:a7:69:dd:7f:dc:db:81:3f:c8:
ca:84:27:a0:0c:dd:36:c5:5b:07:b3:8d:22:90:7f:
83:f9:fb:1f:24:14:c5:24:33:6e:3d:80:1b:f3:80:
16:13:90:f8:da:f2:ed:37:07:00:13:c2:16:3a:66:
c9:8b:3f:eb:a7:48:1e:7c:67:00:93:34:d3:48:e9:
f1:90:67:4b:85:f4:70:7b:2e:89:08:4d:08:e5:8b:
e1:d5:66:21:ab:41:9c:a8:ea:17:9e:3c:81:1d:a7:
f3:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:CB:F7:E1:E6:58:88:5A:99:2F:B1:3B:0C:79:12:86:75:1E:12:9C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/kcv34eZYiFqZL7E7DHkShnUeEpw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
aa:ae:4e:79:e6:b6:7f:82:7f:e0:36:32:df:23:8c:a9:3e:c8:
66:21:fd:32:1c:cd:e9:6d:3d:46:3b:3d:7f:3d:62:7b:7e:6f:
06:93:59:f9:e1:b3:42:41:93:b8:c1:f1:a5:e0:ab:48:11:e7:
82:8b:f9:6a:15:a4:13:ee:6a:4e:e0:65:7c:54:08:65:d1:e7:
25:6f:97:a2:6b:11:35:b5:c9:b7:33:24:13:4f:58:8c:9e:7c:
6d:d2:7d:7b:bb:e7:3f:ec:9f:1c:b3:02:15:e5:a3:8c:20:c3:
d7:93:5a:a1:57:89:65:57:12:a9:9e:68:06:cc:e1:de:95:8a:
ed:4e:a6:e7:6c:83:99:0b:78:39:1b:34:82:08:1a:21:6d:4e:
49:fd:c9:7f:27:c6:93:10:87:df:55:de:85:80:42:c3:47:4e:
4e:a2:ff:e4:f6:f0:f3:7c:48:0b:ae:fb:32:f1:73:d0:f3:84:
40:08:bb:68:1e:62:1d:28:e0:e1:0a:cd:29:d8:36:ba:8c:53:
af:de:96:d9:bd:c5:e0:9c:0b:26:0b:2b:b8:60:2a:76:85:fe:
e3:fe:0f:44:1e:72:c0:3c:e8:bc:5d:1e:90:a7:2a:61:ec:ef:
58:03:13:82:a9:db:a9:3b:c0:24:4b:dc:08:56:5c:45:ba:8e:
ea:4d:46:e5
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbbQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjAw
MDIyMjJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDkxQ0JGN0UxRTY1ODg4
NUE5OTJGQjEzQjBDNzkxMjg2NzUxRTEyOUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDozAXK7lirYNBWRtGfQZr7dfd33leYO+E/2Ntuj3tkNhHxnCRb
mAphA95dkM7hEXjSx5IkrHtacIB0nep8E7hjmYEuPp3FOZlZf2sFLIRBIiLeFfhs
lB20uZ0lpx3yMhp23HIzeXH69RgSLT0l+Am6Y/dLlIewkTZ3625JCRV5/KtVUOyl
7sEA37LJF5zr1zvCmV0fHK0fwZHqRKdp3X/c24E/yMqEJ6AM3TbFWwezjSKQf4P5
+x8kFMUkM249gBvzgBYTkPja8u03BwATwhY6ZsmLP+unSB58ZwCTNNNI6fGQZ0uF
9HB7LokITQjli+HVZiGrQZyo6heePIEdp/N3AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUkcv34eZYiFqZL7E7DHkShnUeEpwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2tjdjM0ZVpZaUZxWkw3
RTdESGtTaG5VZUVwdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCqrk55
5rZ/gn/gNjLfI4ypPshmIf0yHM3pbT1GOz1/PWJ7fm8Gk1n54bNCQZO4wfGl4KtI
EeeCi/lqFaQT7mpO4GV8VAhl0eclb5eiaxE1tcm3MyQTT1iMnnxt0n17u+c/7J8c
swIV5aOMIMPXk1qhV4llVxKpnmgGzOHelYrtTqbnbIOZC3g5GzSCCBohbU5J/cl/
J8aTEIffVd6FgELDR05Oov/k9vDzfEgLrvsy8XPQ84RACLtoHmIdKODhCs0p2Da6
jFOv3pbZvcXgnAsmCyu4YCp2hf7j/g9EHnLAPOi8XR6Qpyph7O9YAxOCqdupO8Ak
S9wIVlxFuo7qTUbl
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:35:16 2025 by rpki-client