Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/vCxnSApW8xleY7zdoEw4904tcDs.roa
File: vCxnSApW8xleY7zdoEw4904tcDs.roa (raw, json)
Hash identifier: jFBroe6nREKG/iTdTqRiCMxNhit61X84xOF/yqRR4wI=
Subject key identifier: BC:2C:67:48:0A:56:F3:19:5E:63:BC:DD:A0:4C:38:F7:4E:2D:70:3B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6B64
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vCxnSApW8xleY7zdoEw4904tcDs.roa
Signing time: Fri 13 Jun 2025 11:12:16 +0000
ROA not before: Fri 13 Jun 2025 11:12:16 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27492 (0x6b64)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 13 11:12:16 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=BC2C67480A56F3195E63BCDDA04C38F74E2D703B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:3f:46:85:ac:30:15:38:44:6f:9e:5e:72:77:
38:07:ff:8a:b7:36:db:8b:d7:f4:12:4b:19:46:c7:
e3:74:2a:26:12:c4:f0:17:67:88:02:7d:e6:46:86:
46:30:44:41:cb:14:97:21:27:0c:93:de:1a:72:ae:
32:db:79:e5:b3:44:0a:c7:ee:85:21:b3:9f:f6:a1:
1f:28:3f:9c:ff:82:58:8d:d2:22:94:cd:6f:ee:1d:
01:3b:36:e6:6f:57:d6:02:1c:4e:21:f5:7b:6c:9b:
99:27:07:95:04:f7:ab:55:67:e9:ee:3d:38:92:f8:
18:2f:81:9a:48:8a:85:8f:de:26:a4:07:7a:3a:db:
f3:0b:27:ec:5c:2d:4b:e9:1d:aa:bf:16:49:9b:cd:
08:ef:01:96:14:2d:16:f2:14:99:d6:63:ec:82:5c:
51:ae:08:50:dc:4d:70:99:43:41:3e:f1:a4:2c:8d:
44:80:12:e3:d5:fd:9c:5b:63:58:b8:55:4b:cb:d6:
43:5d:ef:fc:df:ce:c7:82:95:c8:39:22:ec:bb:76:
2e:4c:3c:43:48:86:aa:a4:24:9c:37:64:fe:0c:1c:
66:8c:12:ab:1e:b9:9b:a3:ab:8f:b5:7f:29:10:83:
37:2e:6a:ad:25:f6:fe:fe:2e:31:e2:6b:f4:f7:8f:
e6:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BC:2C:67:48:0A:56:F3:19:5E:63:BC:DD:A0:4C:38:F7:4E:2D:70:3B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vCxnSApW8xleY7zdoEw4904tcDs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
7e:82:b9:c6:7f:33:ec:03:f9:b4:60:8c:6d:12:69:98:9d:fe:
7f:72:cc:64:6c:c9:0c:78:eb:41:b3:a7:72:04:76:63:8c:6a:
f6:3c:df:77:c8:1a:42:7f:93:d7:a5:37:36:55:14:52:d4:48:
a3:8b:f2:e9:bb:fa:81:d7:a8:d9:9a:81:73:22:96:21:8f:a5:
92:4e:92:24:ff:a0:af:40:be:85:98:89:47:a8:93:db:a3:33:
56:c2:1a:a6:c0:14:91:73:72:5a:a6:6a:eb:fa:d1:32:bf:5b:
90:57:52:fa:9f:29:56:2b:b7:ab:bd:eb:a6:6b:5d:c3:e1:8d:
a6:1d:07:19:fe:89:4f:43:55:24:9e:8a:98:55:3e:1b:c8:1b:
92:8c:c1:f5:ba:d0:b3:8e:98:de:22:3c:ca:54:e3:70:b8:76:
2c:2c:3a:95:cd:96:de:57:53:67:1d:a9:cb:bc:ad:fc:59:66:
06:5d:bc:bb:09:f9:d3:78:0f:27:43:f2:33:27:4c:31:9e:46:
61:e8:9d:65:72:57:1b:63:1d:49:76:23:e9:c9:75:9d:85:f9:
99:a9:57:4f:1b:b9:cc:f1:e0:0f:5d:62:53:b1:bc:0a:e3:d1:
50:43:c4:54:f1:f7:52:dc:80:95:fd:2a:e8:6c:a0:4a:d1:a3:
8d:96:fa:15
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICa2QwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTMx
MTEyMTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEJDMkM2NzQ4MEE1NkYz
MTk1RTYzQkNEREEwNEMzOEY3NEUyRDcwM0IwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDBP0aFrDAVOERvnl5ydzgH/4q3NtuL1/QSSxlGx+N0KiYSxPAX
Z4gCfeZGhkYwREHLFJchJwyT3hpyrjLbeeWzRArH7oUhs5/2oR8oP5z/gliN0iKU
zW/uHQE7NuZvV9YCHE4h9Xtsm5knB5UE96tVZ+nuPTiS+BgvgZpIioWP3iakB3o6
2/MLJ+xcLUvpHaq/FkmbzQjvAZYULRbyFJnWY+yCXFGuCFDcTXCZQ0E+8aQsjUSA
EuPV/ZxbY1i4VUvL1kNd7/zfzseClcg5Iuy7di5MPENIhqqkJJw3ZP4MHGaMEqse
uZujq4+1fykQgzcuaq0l9v7+LjHia/T3j+Y/AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUvCxnSApW8xleY7zdoEw4904tcDswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3ZDeG5TQXBXOHhsZVk3
emRvRXc0OTA0dGNEcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB+grnG
fzPsA/m0YIxtEmmYnf5/csxkbMkMeOtBs6dyBHZjjGr2PN93yBpCf5PXpTc2VRRS
1Eiji/Lpu/qB16jZmoFzIpYhj6WSTpIk/6CvQL6FmIlHqJPbozNWwhqmwBSRc3Ja
pmrr+tEyv1uQV1L6nylWK7erveuma13D4Y2mHQcZ/olPQ1UknoqYVT4byBuSjMH1
utCzjpjeIjzKVONwuHYsLDqVzZbeV1NnHanLvK38WWYGXby7CfnTeA8nQ/IzJ0wx
nkZh6J1lclcbYx1JdiPpyXWdhfmZqVdPG7nM8eAPXWJTsbwK49FQQ8RU8fdS3ICV
/SrobKBK0aONlvoV
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:43:25 2025 by rpki-client