Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/pkK9CRGXeviiSBulG7rnlzHmhv8.roa
File: pkK9CRGXeviiSBulG7rnlzHmhv8.roa (raw, json)
Hash identifier: dSqmtpXwWW/HUSLSHJXFYmUv5d/RGCRtvcUD4vRP5IY=
Subject key identifier: A6:42:BD:09:11:97:7A:F8:A2:48:1B:A5:1B:BA:E7:97:31:E6:86:FF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6426
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/pkK9CRGXeviiSBulG7rnlzHmhv8.roa
Signing time: Sun 25 May 2025 03:41:00 +0000
ROA not before: Sun 25 May 2025 03:41:00 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25638 (0x6426)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 25 03:41:00 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=A642BD0911977AF8A2481BA51BBAE79731E686FF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:c0:6d:2f:a7:a9:5c:f6:3a:ea:34:49:d4:5b:
e8:4c:c0:68:ff:42:bf:3e:a9:53:8b:3b:ec:a8:a7:
28:3d:bf:e5:d6:a5:c9:c6:00:77:e9:ac:8e:4c:8d:
6f:16:e6:b9:e7:1c:4a:f1:69:60:b6:33:9d:e4:55:
b0:5d:2e:54:2a:25:92:b0:ab:32:27:b7:ac:9a:05:
80:6b:24:ef:80:61:44:7e:e7:1c:ac:56:0c:a0:1c:
29:3e:12:33:b2:94:f9:b8:17:f6:16:83:bc:a5:f9:
be:8c:0f:86:55:1f:ee:57:30:2f:fa:18:4d:28:ad:
9b:63:99:c5:42:7c:43:dc:05:85:d1:a7:01:64:d4:
de:fb:04:86:ac:9c:c3:5a:c1:79:91:a3:bd:c6:1b:
a5:eb:30:39:67:c2:e9:cc:24:16:22:85:3b:0b:f0:
17:79:e3:b9:78:9c:b3:7f:b8:aa:5f:44:ce:f3:c1:
2b:76:c0:db:be:d3:09:8c:3e:aa:c7:1a:5b:c9:2a:
2b:aa:80:b1:68:b3:1e:65:1c:92:8e:45:bb:66:fe:
b9:3a:41:2b:5c:72:13:1f:1c:f1:78:9d:f5:d4:78:
3a:6a:11:6c:a3:4b:c7:9d:c7:be:4d:0d:6f:48:9a:
fb:e7:bf:93:f6:a8:ac:57:04:27:a4:07:95:f5:f2:
3d:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:42:BD:09:11:97:7A:F8:A2:48:1B:A5:1B:BA:E7:97:31:E6:86:FF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/pkK9CRGXeviiSBulG7rnlzHmhv8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
0a:67:19:e5:77:94:96:a5:d7:e4:14:85:ad:c0:a7:54:ef:cb:
8b:98:33:5f:17:95:d4:e9:7e:a5:ee:d1:e3:49:1f:2b:79:8c:
1b:44:46:46:03:73:15:12:de:23:75:ab:06:07:8f:30:ad:15:
ea:9a:48:21:ae:1a:40:61:98:b8:73:db:3d:7a:ef:b3:9b:bf:
97:ff:75:67:ab:33:65:cc:a8:b6:83:50:d4:85:20:1a:5c:ab:
72:a6:0b:ef:51:70:fc:60:d3:bc:7e:a4:7c:7d:58:66:8f:b4:
dc:c1:2b:98:05:0e:4c:e0:39:8d:9a:e9:9f:0e:3b:36:20:7b:
0f:01:cf:95:11:f7:be:56:a1:5e:f2:49:b0:76:0a:79:4a:07:
69:bb:1e:c3:73:f5:f1:ff:d8:4c:2c:b5:89:6a:e8:04:d3:27:
95:b7:72:78:8d:bd:f9:de:ef:54:70:c9:a0:4a:3a:eb:f5:b9:
58:40:a2:15:9f:f3:c5:41:02:58:92:93:3b:53:fe:6b:d4:29:
1c:ca:58:12:6b:e1:98:e7:83:bc:9b:eb:8a:00:23:7c:80:e6:
63:04:05:e5:bd:f9:fe:01:53:f4:1f:9f:c5:10:8a:5b:a0:5c:
0e:f9:df:7e:c0:60:1d:b1:67:dd:63:fd:92:7a:2f:8a:b5:30:
e9:b7:dc:a9
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZCYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjUw
MzQxMDBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEE2NDJCRDA5MTE5NzdB
RjhBMjQ4MUJBNTFCQkFFNzk3MzFFNjg2RkYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCuwG0vp6lc9jrqNEnUW+hMwGj/Qr8+qVOLO+yopyg9v+XWpcnG
AHfprI5MjW8W5rnnHErxaWC2M53kVbBdLlQqJZKwqzInt6yaBYBrJO+AYUR+5xys
VgygHCk+EjOylPm4F/YWg7yl+b6MD4ZVH+5XMC/6GE0orZtjmcVCfEPcBYXRpwFk
1N77BIasnMNawXmRo73GG6XrMDlnwunMJBYihTsL8Bd547l4nLN/uKpfRM7zwSt2
wNu+0wmMPqrHGlvJKiuqgLFosx5lHJKORbtm/rk6QStcchMfHPF4nfXUeDpqEWyj
S8edx75NDW9Imvvnv5P2qKxXBCekB5X18j2LAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUpkK9CRGXeviiSBulG7rnlzHmhv8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3BrSzlDUkdYZXZpaVNC
dWxHN3JubHpIbWh2OC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAKZxnl
d5SWpdfkFIWtwKdU78uLmDNfF5XU6X6l7tHjSR8reYwbREZGA3MVEt4jdasGB48w
rRXqmkghrhpAYZi4c9s9eu+zm7+X/3VnqzNlzKi2g1DUhSAaXKtypgvvUXD8YNO8
fqR8fVhmj7TcwSuYBQ5M4DmNmumfDjs2IHsPAc+VEfe+VqFe8kmwdgp5Sgdpux7D
c/Xx/9hMLLWJaugE0yeVt3J4jb353u9UcMmgSjrr9blYQKIVn/PFQQJYkpM7U/5r
1CkcylgSa+GY54O8m+uKACN8gOZjBAXlvfn+AVP0H5/FEIpboFwO+d9+wGAdsWfd
Y/2Sei+KtTDpt9yp
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:19:33 2025 by rpki-client