Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/t9rcD5jj2bCBUm8_iBY52jKJ1OQ.roa
File: t9rcD5jj2bCBUm8_iBY52jKJ1OQ.roa (raw, json)
Hash identifier: f3BmdFwNo2vTOhZufR6F7VVPdd3fa4lyWSRIcdYwmDo=
Subject key identifier: B7:DA:DC:0F:98:E3:D9:B0:81:52:6F:3F:88:16:39:DA:32:89:D4:E4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 654E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/t9rcD5jj2bCBUm8_iBY52jKJ1OQ.roa
Signing time: Wed 28 May 2025 05:41:26 +0000
ROA not before: Wed 28 May 2025 05:41:26 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25934 (0x654e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 28 05:41:26 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B7DADC0F98E3D9B081526F3F881639DA3289D4E4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:e8:4a:15:01:e7:a4:5d:5c:07:ff:41:39:63:
34:68:94:a3:05:c3:77:a4:8f:25:41:85:6e:d1:aa:
9f:3a:f1:6e:8f:67:5a:d5:f3:eb:d1:ca:6a:db:98:
29:15:7f:18:ee:e8:ab:59:f6:1f:ba:c8:a8:77:06:
0b:80:c0:ef:63:96:db:89:54:2b:e3:ee:fc:18:32:
a7:a8:12:6e:25:72:e3:cd:bf:22:16:3c:cc:e0:21:
f5:7b:6f:58:3a:26:99:96:a1:4b:fd:e4:62:af:18:
db:6d:9c:b0:c6:f6:a0:6a:c6:7a:14:b7:f8:a9:4e:
63:8c:e4:f6:58:7c:6a:83:04:8d:30:38:0e:23:75:
cb:2a:d0:28:21:09:5a:e8:39:eb:2b:e7:87:5b:41:
f6:9a:a5:73:ae:f4:e1:a0:e2:5d:24:a2:b7:f5:39:
8a:96:f4:7d:18:f9:ab:60:96:04:33:e3:21:28:15:
d3:d0:17:be:9d:27:2b:21:13:93:5d:65:7b:44:80:
e2:a2:a4:44:ad:38:79:f6:d1:f2:94:d9:65:d5:2e:
07:c2:3c:61:15:34:14:ff:e9:ac:95:4e:00:7f:a5:
e5:54:11:4b:76:5d:39:e6:13:54:e6:97:53:52:d8:
0c:fe:29:04:11:de:05:b2:6d:31:3c:14:06:64:ed:
15:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:DA:DC:0F:98:E3:D9:B0:81:52:6F:3F:88:16:39:DA:32:89:D4:E4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/t9rcD5jj2bCBUm8_iBY52jKJ1OQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
40:57:5b:d2:84:6b:85:d5:23:40:3d:4c:6f:25:a1:cf:c8:87:
8b:e5:24:82:cd:53:dc:db:f5:1d:c4:b4:53:7c:d1:52:a3:f6:
8e:22:41:23:ef:0b:4d:54:de:65:ed:c4:16:6d:81:be:bc:b0:
63:05:03:f2:bb:22:da:0b:7d:d6:3f:34:99:e8:57:20:4b:2c:
72:05:8b:81:94:14:1f:c8:b7:8d:07:59:d6:7d:ed:84:cd:f8:
bd:91:a5:48:36:2e:2c:ed:bd:6a:b2:72:f1:d9:be:6b:9b:d3:
7a:4d:7d:c2:1a:a9:0c:e0:36:8d:f5:8e:d9:c1:77:fa:8e:b8:
62:e3:22:0b:dc:1e:c6:12:79:d0:c8:39:b4:f2:0e:df:d4:78:
d2:19:81:36:22:94:b2:38:3c:10:59:08:b3:0b:39:24:6a:43:
c4:f4:b6:8d:e5:5f:49:b6:0d:d3:48:79:09:72:52:9c:b5:a9:
9f:83:eb:76:37:28:4b:c8:3a:23:77:a4:bc:47:4b:de:40:a5:
86:10:22:3f:de:55:c5:6c:a3:32:84:37:88:cd:f8:46:a3:ff:
f3:4c:ba:5c:f0:4c:93:21:1e:51:21:b0:96:7b:7d:fa:6d:86:
15:c8:5d:87:8d:bf:bf:59:60:a5:33:6c:d0:e4:91:79:27:e0:
11:da:74:f9
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZU4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1Mjgw
NTQxMjZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEI3REFEQzBGOThFM0Q5
QjA4MTUyNkYzRjg4MTYzOURBMzI4OUQ0RTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC86EoVAeekXVwH/0E5YzRolKMFw3ekjyVBhW7Rqp868W6PZ1rV
8+vRymrbmCkVfxju6KtZ9h+6yKh3BguAwO9jltuJVCvj7vwYMqeoEm4lcuPNvyIW
PMzgIfV7b1g6JpmWoUv95GKvGNttnLDG9qBqxnoUt/ipTmOM5PZYfGqDBI0wOA4j
dcsq0CghCVroOesr54dbQfaapXOu9OGg4l0korf1OYqW9H0Y+atglgQz4yEoFdPQ
F76dJyshE5NdZXtEgOKipEStOHn20fKU2WXVLgfCPGEVNBT/6ayVTgB/peVUEUt2
XTnmE1Tml1NS2Az+KQQR3gWybTE8FAZk7RXtAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUt9rcD5jj2bCBUm8/iBY52jKJ1OQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3Q5cmNENWpqMmJDQlVt
OF9pQlk1MmpLSjFPUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBAV1vS
hGuF1SNAPUxvJaHPyIeL5SSCzVPc2/UdxLRTfNFSo/aOIkEj7wtNVN5l7cQWbYG+
vLBjBQPyuyLaC33WPzSZ6FcgSyxyBYuBlBQfyLeNB1nWfe2Ezfi9kaVINi4s7b1q
snLx2b5rm9N6TX3CGqkM4DaN9Y7ZwXf6jrhi4yIL3B7GEnnQyDm08g7f1HjSGYE2
IpSyODwQWQizCzkkakPE9LaN5V9Jtg3TSHkJclKctamfg+t2NyhLyDojd6S8R0ve
QKWGECI/3lXFbKMyhDeIzfhGo//zTLpc8EyTIR5RIbCWe336bYYVyF2Hjb+/WWCl
M2zQ5JF5J+AR2nT5
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:28:09 2025 by rpki-client