Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/pldc1kPODzH8_tJXufnLgxYbaQs.roa
File: pldc1kPODzH8_tJXufnLgxYbaQs.roa (raw, json)
Hash identifier: 8I5p4FxLOMMBwT6nJ2fQu9v7sZrdFYH1H4R4ukY7hys=
Subject key identifier: A6:57:5C:D6:43:CE:0F:31:FC:FE:D2:57:B9:F9:CB:83:16:1B:69:0B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6264
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/pldc1kPODzH8_tJXufnLgxYbaQs.roa
Signing time: Tue 20 May 2025 11:10:47 +0000
ROA not before: Tue 20 May 2025 11:10:47 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25188 (0x6264)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 20 11:10:47 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=A6575CD643CE0F31FCFED257B9F9CB83161B690B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:a9:2a:2e:c2:ae:cf:0f:45:fd:19:76:df:2a:
95:db:5f:98:9b:c6:84:11:e5:14:76:fa:2a:69:49:
a0:28:e8:35:d4:68:cc:eb:90:ba:a8:a5:db:ec:a4:
4a:65:81:d5:78:19:3b:66:64:a4:38:0d:46:4e:e0:
63:7f:55:fb:61:17:60:e9:d1:8a:34:34:90:9a:90:
2d:ee:85:07:f5:f2:cc:c3:9f:35:45:48:0a:22:4c:
53:37:d4:82:f6:bd:06:d7:ed:87:33:b6:ed:56:f7:
e8:7f:f6:ec:b2:f4:35:a3:bd:84:38:a0:15:6d:4a:
ea:ef:db:48:f8:3b:df:bc:f3:c6:60:39:45:5e:d3:
36:da:e0:58:27:1f:c2:99:2d:79:b3:70:ec:fe:37:
d1:90:e2:34:ee:10:49:5a:75:10:2c:6b:34:16:be:
a9:a6:5a:b7:83:b9:50:5e:45:c5:5e:a7:fc:83:41:
d3:da:be:30:9d:aa:ec:16:3e:01:f7:86:c1:d0:db:
b3:ee:cf:d9:12:7e:11:3d:7d:aa:de:04:f2:f3:e9:
02:81:a8:de:e8:cd:8c:9b:ea:61:01:a3:43:fe:02:
df:95:cf:d0:ee:35:0a:d4:79:81:cb:b2:37:ca:89:
c4:00:4f:c2:bb:e6:97:ff:37:bd:7a:ee:12:44:11:
d5:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:57:5C:D6:43:CE:0F:31:FC:FE:D2:57:B9:F9:CB:83:16:1B:69:0B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/pldc1kPODzH8_tJXufnLgxYbaQs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
b1:ec:a8:cf:82:e1:6b:7d:33:31:0b:be:2d:b9:92:bf:c7:53:
04:fd:b9:87:69:f3:b7:90:9b:60:c5:d0:29:39:5b:b7:44:6a:
bb:c6:84:a1:7f:f4:4d:f1:bc:62:73:3f:4b:77:58:ad:9b:97:
cc:9e:45:a7:ff:d7:d9:f8:21:b9:d7:95:c6:de:3c:4f:0c:9b:
45:88:dc:72:b5:c4:3e:00:5c:90:1d:28:56:64:79:6d:22:73:
f2:e2:42:96:33:e2:6f:fb:e0:14:09:af:51:6e:42:e0:36:68:
83:3d:b2:ca:ef:e9:fb:42:0a:22:1e:6f:9c:26:0a:64:ef:10:
a9:6c:d3:2b:1a:e6:60:c5:0b:b0:0c:54:5e:d9:6b:11:ca:08:
31:e8:5b:f5:25:09:0c:1d:69:83:d3:26:3a:51:72:9a:81:b9:
d4:21:f5:f1:8d:bd:10:d1:b1:17:bd:d7:ed:16:4f:bb:8e:41:
87:f0:e8:fd:0d:d9:7f:bd:0f:c6:bc:d1:57:f3:a3:88:d2:22:
20:51:3a:2b:b2:3c:e8:af:74:98:fa:97:2e:71:5b:30:f9:e9:
bc:35:53:5e:31:f7:7f:68:51:9e:d2:17:c0:5a:ee:cf:f4:cf:
cc:2b:03:ff:93:98:0e:e4:0b:d8:44:70:42:29:ff:ef:7c:fd:
85:e5:38:f6
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYmQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjAx
MTEwNDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEE2NTc1Q0Q2NDNDRTBG
MzFGQ0ZFRDI1N0I5RjlDQjgzMTYxQjY5MEIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDHqSouwq7PD0X9GXbfKpXbX5ibxoQR5RR2+ippSaAo6DXUaMzr
kLqopdvspEplgdV4GTtmZKQ4DUZO4GN/VfthF2Dp0Yo0NJCakC3uhQf18szDnzVF
SAoiTFM31IL2vQbX7Ycztu1W9+h/9uyy9DWjvYQ4oBVtSurv20j4O9+888ZgOUVe
0zba4FgnH8KZLXmzcOz+N9GQ4jTuEEladRAsazQWvqmmWreDuVBeRcVep/yDQdPa
vjCdquwWPgH3hsHQ27Puz9kSfhE9fareBPLz6QKBqN7ozYyb6mEBo0P+At+Vz9Du
NQrUeYHLsjfKicQAT8K75pf/N7167hJEEdX7AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUpldc1kPODzH8/tJXufnLgxYbaQswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3BsZGMxa1BPRHpIOF90
Slh1Zm5MZ3hZYmFRcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCx7KjP
guFrfTMxC74tuZK/x1ME/bmHafO3kJtgxdApOVu3RGq7xoShf/RN8bxicz9Ld1it
m5fMnkWn/9fZ+CG515XG3jxPDJtFiNxytcQ+AFyQHShWZHltInPy4kKWM+Jv++AU
Ca9RbkLgNmiDPbLK7+n7QgoiHm+cJgpk7xCpbNMrGuZgxQuwDFRe2WsRyggx6Fv1
JQkMHWmD0yY6UXKagbnUIfXxjb0Q0bEXvdftFk+7jkGH8Oj9Ddl/vQ/GvNFX86OI
0iIgUTorsjzor3SY+pcucVsw+em8NVNeMfd/aFGe0hfAWu7P9M/MKwP/k5gO5AvY
RHBCKf/vfP2F5Tj2
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:48:38 2025 by rpki-client