Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/srulF8oo9-AY8LxVNJX8ers8z38.roa
File: srulF8oo9-AY8LxVNJX8ers8z38.roa (raw, json)
Hash identifier: yQnCqRvsP9Ee5FnZQggjiq6ddvhDPCj1+4JLfppWdy4=
Subject key identifier: B2:BB:A5:17:CA:28:F7:E0:18:F0:BC:55:34:95:FC:7A:BB:3C:CF:7F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 645C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/srulF8oo9-AY8LxVNJX8ers8z38.roa
Signing time: Sun 25 May 2025 17:11:06 +0000
ROA not before: Sun 25 May 2025 17:11:06 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25692 (0x645c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 25 17:11:06 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B2BBA517CA28F7E018F0BC553495FC7ABB3CCF7F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:66:a5:51:d5:8d:73:2d:65:96:89:18:bc:dd:
ea:3a:09:37:dd:b2:b0:ac:e1:aa:98:d7:b1:51:62:
6a:8c:6f:76:5c:9f:8f:a7:46:85:82:1c:60:8d:3b:
79:c8:52:e2:9c:67:22:d5:8f:cd:b9:09:f6:01:5a:
01:20:a3:ce:e4:c7:b6:3a:71:ae:f1:3f:a0:75:ce:
3f:19:7d:a2:e8:5d:82:3e:83:01:86:de:01:c5:c2:
95:79:be:6d:1c:71:f5:8c:56:9d:a1:f8:38:07:93:
dd:ab:58:7a:89:8d:f3:35:ce:5d:16:3e:da:18:7b:
f4:81:db:71:ba:ac:92:1b:d9:c0:0b:b4:96:ad:ff:
8c:76:b7:1e:a5:f6:30:94:74:b9:af:e5:f7:8d:8c:
c0:d8:29:3e:4c:4b:bb:ff:40:7e:7a:3c:39:0e:2f:
c4:af:ba:3f:2f:30:bb:bb:d0:ef:5c:01:77:ed:e6:
be:65:46:e6:44:c7:5d:1e:55:4f:85:09:e3:50:f7:
1d:59:69:f3:f2:6d:33:77:f4:18:82:b8:e7:d7:90:
14:4c:eb:21:55:00:fe:60:d2:e2:5a:2c:8a:c5:1c:
47:f3:e5:01:f0:13:54:e7:cb:5d:78:a3:1a:ed:ec:
84:b0:e2:1f:03:8b:26:e0:c7:e9:c7:ee:ca:2e:bc:
79:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:BB:A5:17:CA:28:F7:E0:18:F0:BC:55:34:95:FC:7A:BB:3C:CF:7F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/srulF8oo9-AY8LxVNJX8ers8z38.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
b5:19:fa:b6:5a:d5:3e:ca:ea:60:f9:ad:64:23:8b:a3:3e:93:
ac:24:a3:9d:a1:a5:1a:c4:5d:6b:3f:e5:2b:3d:c2:1f:cb:51:
42:4a:66:1d:1d:3e:13:c7:4e:c7:d8:45:b7:fd:22:27:b1:c9:
31:a3:b1:53:71:10:26:df:83:34:ce:5f:87:a5:e7:9e:98:2f:
22:68:e6:87:1b:f3:52:42:c2:ab:d5:f6:84:c9:02:97:0d:25:
98:43:aa:61:d7:6e:30:17:e6:96:ad:db:67:b1:77:d8:fe:9e:
dd:0d:8b:3f:fc:72:3f:0b:c4:03:61:88:95:c4:99:75:6e:c2:
61:02:54:d9:fa:2e:de:5e:2e:25:53:58:7c:14:45:0c:c9:dc:
31:99:5e:ba:ce:29:5e:ac:f9:7d:44:78:7f:ea:b9:a7:83:f2:
8b:d1:2f:bc:bd:d9:fb:b5:49:75:05:d5:6c:d1:42:73:2f:97:
bf:48:4c:a5:53:c3:79:5e:e3:fc:15:7c:1d:7e:e0:2a:92:3e:
d3:0a:83:63:b4:16:d8:9a:27:7c:b1:31:a7:5a:e5:74:1b:8e:
e6:d5:0f:c4:04:05:93:60:f0:97:78:8b:25:1c:07:cd:12:3b:
b6:04:76:57:f6:ed:60:8b:6a:85:57:cd:b7:da:d2:26:40:e0:
b6:2d:9a:79
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZFwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjUx
NzExMDZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEIyQkJBNTE3Q0EyOEY3
RTAxOEYwQkM1NTM0OTVGQzdBQkIzQ0NGN0YwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDVZqVR1Y1zLWWWiRi83eo6CTfdsrCs4aqY17FRYmqMb3Zcn4+n
RoWCHGCNO3nIUuKcZyLVj825CfYBWgEgo87kx7Y6ca7xP6B1zj8ZfaLoXYI+gwGG
3gHFwpV5vm0ccfWMVp2h+DgHk92rWHqJjfM1zl0WPtoYe/SB23G6rJIb2cALtJat
/4x2tx6l9jCUdLmv5feNjMDYKT5MS7v/QH56PDkOL8Svuj8vMLu70O9cAXft5r5l
RuZEx10eVU+FCeNQ9x1ZafPybTN39BiCuOfXkBRM6yFVAP5g0uJaLIrFHEfz5QHw
E1Tny114oxrt7ISw4h8Diybgx+nH7souvHlFAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUsrulF8oo9+AY8LxVNJX8ers8z38wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3NydWxGOG9vOS1BWThM
eFZOSlg4ZXJzOHozOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQC1Gfq2
WtU+yupg+a1kI4ujPpOsJKOdoaUaxF1rP+UrPcIfy1FCSmYdHT4Tx07H2EW3/SIn
sckxo7FTcRAm34M0zl+HpeeemC8iaOaHG/NSQsKr1faEyQKXDSWYQ6ph124wF+aW
rdtnsXfY/p7dDYs//HI/C8QDYYiVxJl1bsJhAlTZ+i7eXi4lU1h8FEUMydwxmV66
zilerPl9RHh/6rmng/KL0S+8vdn7tUl1BdVs0UJzL5e/SEylU8N5XuP8FXwdfuAq
kj7TCoNjtBbYmid8sTGnWuV0G47m1Q/EBAWTYPCXeIslHAfNEju2BHZX9u1gi2qF
V8232tImQOC2LZp5
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:10:18 2025 by rpki-client