Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/w4roUlZl3yeUC9_lkP8Bu4cGNe8.roa
File: w4roUlZl3yeUC9_lkP8Bu4cGNe8.roa (raw, json)
Hash identifier: YcHqB9fOdUCVZ0ioua6wmMXtRKCEwwJFHKRQU3607nc=
Subject key identifier: C3:8A:E8:52:56:65:DF:27:94:0B:DF:E5:90:FF:01:BB:87:06:35:EF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6C28
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/w4roUlZl3yeUC9_lkP8Bu4cGNe8.roa
Signing time: Sun 15 Jun 2025 12:16:11 +0000
ROA not before: Sun 15 Jun 2025 12:16:11 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27688 (0x6c28)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 15 12:16:11 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=C38AE8525665DF27940BDFE590FF01BB870635EF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:70:3b:ad:19:2a:e5:7b:8d:b9:23:46:0e:1d:
60:d6:ea:fb:a0:52:78:c9:e2:4f:65:e0:6c:70:0a:
f5:b8:d2:10:46:18:b0:20:e1:99:86:1d:61:49:4c:
b4:b1:f4:d7:00:6a:b8:7d:53:fe:59:05:f5:e7:ce:
01:8b:d5:f9:46:c4:01:8a:84:dc:1c:00:2b:ad:af:
23:fd:b9:77:64:09:3d:76:f1:dd:f0:de:e7:76:67:
02:aa:f4:93:28:91:60:37:c3:27:cf:bd:6b:2d:c0:
f4:5b:ce:c0:76:4d:27:7d:92:b0:95:61:96:2a:03:
c5:ae:69:89:71:31:a4:68:60:1b:4b:60:cf:eb:3f:
aa:89:7e:99:60:7d:f0:a9:45:5d:f6:9f:e8:b4:e5:
26:31:80:22:a6:cf:bc:4a:b2:1a:02:98:4d:d1:2b:
d4:30:ab:2e:7b:d1:e2:27:e4:45:0a:90:c3:e0:8f:
a3:d4:7a:4a:2b:98:2b:53:ef:8c:9e:6a:e1:e9:30:
a1:99:43:44:cb:8e:8f:c1:d3:3c:7c:cd:b3:68:13:
cd:6b:ea:af:fb:9b:7f:e6:9f:5d:96:4b:b7:21:1f:
52:25:83:17:57:b9:1d:04:b0:98:0e:03:08:0b:ee:
6d:1f:21:36:4f:64:96:01:a5:ae:af:09:32:8c:21:
74:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C3:8A:E8:52:56:65:DF:27:94:0B:DF:E5:90:FF:01:BB:87:06:35:EF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/w4roUlZl3yeUC9_lkP8Bu4cGNe8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
89:d9:9d:2f:50:ef:4e:50:79:ff:bd:02:ba:27:32:7d:dd:07:
2a:e5:53:0c:dc:3a:3a:9b:71:2f:c4:f6:d3:28:5e:1d:48:ff:
19:ac:30:97:bb:3b:2e:93:a3:52:76:3d:38:bd:b3:71:43:1b:
c0:34:16:ce:c8:a3:c5:73:09:c3:e4:c9:14:7a:ac:b3:85:89:
12:c7:80:11:3c:8b:91:02:dc:b1:ce:fb:ab:8f:54:d2:67:73:
50:35:39:91:f7:ea:ec:f9:6a:66:cc:0a:92:99:44:cc:d1:d1:
b8:e2:28:b2:9b:69:71:e6:98:93:fb:39:a4:1e:aa:3d:e9:96:
52:ec:95:68:eb:35:b1:bc:50:06:f4:53:9c:2f:ce:16:e1:c0:
2a:6a:25:d4:df:02:c6:9c:e7:ba:90:68:be:4d:eb:02:68:8d:
00:ed:7f:48:85:63:76:0c:46:a1:7f:2e:4f:9c:fc:45:40:e3:
4e:ab:71:dc:57:bf:ad:42:28:f8:6e:81:99:d7:26:02:41:4c:
cb:b8:20:b8:74:0d:43:ee:d9:46:86:bc:49:37:c1:63:b1:bc:
18:45:89:7c:a1:b6:05:b7:11:f1:73:29:4d:df:f6:46:ec:f1:
18:3c:2c:2b:a9:79:a6:75:d3:b3:35:ca:d8:71:28:4b:76:80:
be:1e:43:b6
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbCgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTUx
MjE2MTFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEMzOEFFODUyNTY2NURG
Mjc5NDBCREZFNTkwRkYwMUJCODcwNjM1RUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDncDutGSrle425I0YOHWDW6vugUnjJ4k9l4GxwCvW40hBGGLAg
4ZmGHWFJTLSx9NcAarh9U/5ZBfXnzgGL1flGxAGKhNwcACutryP9uXdkCT128d3w
3ud2ZwKq9JMokWA3wyfPvWstwPRbzsB2TSd9krCVYZYqA8WuaYlxMaRoYBtLYM/r
P6qJfplgffCpRV32n+i05SYxgCKmz7xKshoCmE3RK9Qwqy570eIn5EUKkMPgj6PU
ekormCtT74yeauHpMKGZQ0TLjo/B0zx8zbNoE81r6q/7m3/mn12WS7chH1IlgxdX
uR0EsJgOAwgL7m0fITZPZJYBpa6vCTKMIXTBAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUw4roUlZl3yeUC9/lkP8Bu4cGNe8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3c0cm9VbFpsM3llVUM5
X2xrUDhCdTRjR05lOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCJ2Z0v
UO9OUHn/vQK6JzJ93Qcq5VMM3Do6m3EvxPbTKF4dSP8ZrDCXuzsuk6NSdj04vbNx
QxvANBbOyKPFcwnD5MkUeqyzhYkSx4ARPIuRAtyxzvurj1TSZ3NQNTmR9+rs+Wpm
zAqSmUTM0dG44iiym2lx5piT+zmkHqo96ZZS7JVo6zWxvFAG9FOcL84W4cAqaiXU
3wLGnOe6kGi+TesCaI0A7X9IhWN2DEahfy5PnPxFQONOq3HcV7+tQij4boGZ1yYC
QUzLuCC4dA1D7tlGhrxJN8FjsbwYRYl8obYFtxHxcylN3/ZG7PEYPCwrqXmmddOz
NcrYcShLdoC+HkO2
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:44:13 2025 by rpki-client