Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/u9l0s9GZ3K_TbAZTm5XnXM0ftlA.roa
File: u9l0s9GZ3K_TbAZTm5XnXM0ftlA.roa (raw, json)
Hash identifier: 1RphTTl5tGQGZU0pXcXzdoq6rIYYWuSCzrFGz5uMRhA=
Subject key identifier: BB:D9:74:B3:D1:99:DC:AF:D3:6C:06:53:9B:95:E7:5C:CD:1F:B6:50
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 664C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/u9l0s9GZ3K_TbAZTm5XnXM0ftlA.roa
Signing time: Fri 30 May 2025 21:11:29 +0000
ROA not before: Fri 30 May 2025 21:11:29 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26188 (0x664c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 30 21:11:29 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=BBD974B3D199DCAFD36C06539B95E75CCD1FB650
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:03:7f:ea:cf:37:69:85:cf:d3:9c:bc:90:13:
ea:68:9a:f2:c6:63:b3:f2:3e:1f:bb:ed:02:b9:a5:
0b:f2:6d:37:7f:14:fb:1d:59:e4:44:13:3b:c3:3a:
bd:5a:5e:15:a4:07:e7:ad:24:87:94:be:4b:68:02:
14:64:0d:bf:f6:86:5f:b8:4f:59:e2:ad:17:e3:2b:
7f:fe:bf:95:0b:26:11:06:88:1f:69:05:6f:2c:3c:
99:e3:2f:09:13:f3:33:a3:69:b9:8e:87:19:86:2d:
8f:41:3d:42:9e:5b:59:06:73:c0:b0:f2:7d:97:3f:
42:5a:6c:3a:2c:33:0d:35:1c:db:cb:1e:1c:a6:ae:
4e:04:aa:ef:92:08:78:79:de:20:62:db:ea:5a:f3:
0a:bf:a6:f6:dc:0f:e0:45:26:92:e0:94:96:e1:ef:
af:e9:6e:d1:f5:42:5c:4e:71:1c:ef:26:67:a9:f2:
fa:4a:3c:67:59:96:96:5e:94:f3:34:b6:25:ce:b2:
6e:da:9f:db:86:fd:a5:2c:a9:47:1b:14:12:9a:cc:
6d:ee:a5:35:1e:c3:65:f8:d4:a9:ae:73:ab:1a:56:
1c:e3:5d:77:89:d2:db:92:0d:22:3a:a2:86:c1:2c:
32:73:4e:53:61:50:6a:e7:9e:d6:2a:ad:ae:56:1c:
58:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:D9:74:B3:D1:99:DC:AF:D3:6C:06:53:9B:95:E7:5C:CD:1F:B6:50
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/u9l0s9GZ3K_TbAZTm5XnXM0ftlA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
0e:e8:4d:8d:5e:83:1c:29:d8:f9:5a:ec:3b:4d:4c:b9:12:85:
7c:f0:cd:6f:a6:5d:55:24:6c:d5:7b:8d:21:2d:be:02:2f:c7:
25:aa:77:e9:46:dc:d2:c8:7b:ef:e1:dd:f7:3a:85:96:51:35:
24:a4:fd:ed:38:d8:38:b7:f5:aa:dc:aa:b6:00:11:d7:35:8d:
fa:66:5b:ae:65:b0:ef:de:a5:25:88:aa:63:ce:da:3f:71:f6:
31:fc:69:a9:64:c3:ce:cc:a8:61:34:44:fd:ac:bc:16:9b:e4:
a8:54:a9:a6:d9:f0:3b:f8:8c:f5:a3:14:2b:d5:7f:0a:ac:59:
a8:41:a2:d8:41:51:49:c8:ca:d6:1c:dd:11:2d:19:3b:ec:91:
f1:7c:d7:fc:cf:bb:8a:6f:86:93:b6:a5:47:2b:cb:94:5b:e5:
06:84:16:81:3c:eb:43:e2:0b:b5:b3:d0:07:04:6a:06:33:c6:
c6:78:61:b1:92:d3:77:bf:df:69:1a:bc:2f:5d:9f:38:f4:86:
c7:d6:49:45:25:cb:10:ee:c2:eb:97:f9:65:5e:fb:b2:bc:e8:
46:94:e8:74:f6:54:92:84:f2:aa:6d:93:f6:02:27:c6:6b:2f:
6e:22:3d:e3:8c:59:7c:94:90:7a:8c:c8:c2:71:eb:0f:72:95:
96:54:0c:6f
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZkwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MzAy
MTExMjlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEJCRDk3NEIzRDE5OURD
QUZEMzZDMDY1MzlCOTVFNzVDQ0QxRkI2NTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDdA3/qzzdphc/TnLyQE+pomvLGY7PyPh+77QK5pQvybTd/FPsd
WeREEzvDOr1aXhWkB+etJIeUvktoAhRkDb/2hl+4T1nirRfjK3/+v5ULJhEGiB9p
BW8sPJnjLwkT8zOjabmOhxmGLY9BPUKeW1kGc8Cw8n2XP0JabDosMw01HNvLHhym
rk4Equ+SCHh53iBi2+pa8wq/pvbcD+BFJpLglJbh76/pbtH1QlxOcRzvJmep8vpK
PGdZlpZelPM0tiXOsm7an9uG/aUsqUcbFBKazG3upTUew2X41Kmuc6saVhzjXXeJ
0tuSDSI6oobBLDJzTlNhUGrnntYqra5WHFilAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUu9l0s9GZ3K/TbAZTm5XnXM0ftlAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3U5bDBzOUdaM0tfVGJB
WlRtNVhuWE0wZnRsQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAO6E2N
XoMcKdj5Wuw7TUy5EoV88M1vpl1VJGzVe40hLb4CL8clqnfpRtzSyHvv4d33OoWW
UTUkpP3tONg4t/Wq3Kq2ABHXNY36ZluuZbDv3qUliKpjzto/cfYx/GmpZMPOzKhh
NET9rLwWm+SoVKmm2fA7+Iz1oxQr1X8KrFmoQaLYQVFJyMrWHN0RLRk77JHxfNf8
z7uKb4aTtqVHK8uUW+UGhBaBPOtD4gu1s9AHBGoGM8bGeGGxktN3v99pGrwvXZ84
9IbH1klFJcsQ7sLrl/llXvuyvOhGlOh09lSShPKqbZP2AifGay9uIj3jjFl8lJB6
jMjCcesPcpWWVAxv
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:15:26 2025 by rpki-client