Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/xGKomSzcvIAjt_2m7I5zINR-sNQ.roa
File: xGKomSzcvIAjt_2m7I5zINR-sNQ.roa (raw, json)
Hash identifier: 8lPw4zTcNJf402g8gTuanmFEZjHUcvpplwkLy48uJ+g=
Subject key identifier: C4:62:A8:99:2C:DC:BC:80:23:B7:FD:A6:EC:8E:73:20:D4:7E:B0:D4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 60A2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xGKomSzcvIAjt_2m7I5zINR-sNQ.roa
Signing time: Thu 15 May 2025 18:40:24 +0000
ROA not before: Thu 15 May 2025 18:40:24 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24738 (0x60a2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 15 18:40:24 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=C462A8992CDCBC8023B7FDA6EC8E7320D47EB0D4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:5c:b3:5d:65:0a:da:20:f5:88:98:33:ae:12:
1a:b8:8f:46:c1:e9:49:75:e0:6f:47:cc:6e:a1:9e:
eb:07:6f:eb:1b:55:1d:b8:8d:fa:5d:f5:b1:d6:db:
4d:fa:63:2d:13:bb:78:8f:a5:69:c0:82:48:13:d4:
7c:7c:e6:98:c5:97:e3:38:c6:a5:79:43:3a:48:3e:
8e:84:08:7c:10:d4:42:9a:7c:d4:bc:e2:ff:78:3a:
a4:ad:ed:46:cc:0d:e6:91:a7:f2:a3:92:c0:ec:cd:
29:b6:9e:ec:22:3d:2a:e7:f6:d8:d9:76:71:54:00:
b0:3a:7d:23:4b:09:53:6c:34:39:45:94:1f:91:3c:
b6:6d:ae:4e:89:a7:b6:37:73:28:79:27:10:f3:11:
e8:40:31:70:70:bb:ad:ae:6d:b3:d1:aa:4d:37:c7:
0b:05:16:66:69:3c:ba:44:2a:5b:91:bc:44:47:ed:
9c:66:22:27:04:49:45:53:d3:a4:40:7e:a4:05:ff:
3e:70:5f:87:2e:db:ba:7e:60:fc:02:38:80:c8:7a:
a7:68:3d:ca:59:c8:3c:d3:8d:a0:a4:d9:92:69:82:
2a:8a:12:6c:c1:06:35:97:c2:a9:10:cd:9a:70:ca:
01:84:ba:cc:c2:2f:9a:3e:39:6f:8b:81:c5:af:b4:
06:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:62:A8:99:2C:DC:BC:80:23:B7:FD:A6:EC:8E:73:20:D4:7E:B0:D4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xGKomSzcvIAjt_2m7I5zINR-sNQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
01:bc:2b:74:4e:98:7c:94:15:d1:75:30:be:e5:10:8c:f2:6f:
03:dc:05:8b:1a:15:56:b6:e0:8b:8c:b9:60:6c:2e:fc:4a:1d:
4b:bb:36:a5:f0:d9:90:39:2f:07:03:20:d6:96:84:73:11:ed:
e8:c8:8a:cc:95:89:20:dd:35:0b:16:42:1e:91:21:e1:99:d4:
da:98:9a:b7:5d:81:6f:43:13:e4:23:72:67:0f:a7:84:e5:c5:
d9:0c:47:3a:51:f1:37:c2:46:51:53:80:aa:6d:e1:51:f9:de:
7c:43:2d:a2:5e:d5:7f:45:a8:52:f5:94:ba:b6:67:bd:6b:b1:
40:86:37:10:2d:8b:94:de:2b:07:79:71:fb:c1:44:aa:58:6c:
9c:8a:c1:0e:81:62:65:d6:6c:8e:fb:7b:c8:90:33:b1:b5:c5:
e2:cd:3e:61:ff:37:d8:34:7b:b4:6e:97:93:32:03:4d:9e:1a:
3a:01:c1:6e:18:18:13:1d:af:f5:9f:03:ad:20:bf:52:c3:34:
40:88:68:b5:a6:63:66:69:ac:21:66:bb:12:bf:f6:ca:05:74:
fd:10:4f:37:e8:1d:5d:8a:20:0d:19:2c:49:d7:70:a2:1a:ae:
d8:95:bb:d6:50:f6:2c:f8:5d:55:d2:ce:a1:df:56:2c:3e:eb:
32:04:06:3b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYKIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTUx
ODQwMjRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEM0NjJBODk5MkNEQ0JD
ODAyM0I3RkRBNkVDOEU3MzIwRDQ3RUIwRDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCkXLNdZQraIPWImDOuEhq4j0bB6Ul14G9HzG6hnusHb+sbVR24
jfpd9bHW2036Yy0Tu3iPpWnAgkgT1Hx85pjFl+M4xqV5QzpIPo6ECHwQ1EKafNS8
4v94OqSt7UbMDeaRp/KjksDszSm2nuwiPSrn9tjZdnFUALA6fSNLCVNsNDlFlB+R
PLZtrk6Jp7Y3cyh5JxDzEehAMXBwu62ubbPRqk03xwsFFmZpPLpEKluRvERH7Zxm
IicESUVT06RAfqQF/z5wX4cu27p+YPwCOIDIeqdoPcpZyDzTjaCk2ZJpgiqKEmzB
BjWXwqkQzZpwygGEuszCL5o+OW+LgcWvtAYXAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUxGKomSzcvIAjt/2m7I5zINR+sNQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3hHS29tU3pjdklBanRf
Mm03STV6SU5SLXNOUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQABvCt0
Tph8lBXRdTC+5RCM8m8D3AWLGhVWtuCLjLlgbC78Sh1Luzal8NmQOS8HAyDWloRz
Ee3oyIrMlYkg3TULFkIekSHhmdTamJq3XYFvQxPkI3JnD6eE5cXZDEc6UfE3wkZR
U4CqbeFR+d58Qy2iXtV/RahS9ZS6tme9a7FAhjcQLYuU3isHeXH7wUSqWGycisEO
gWJl1myO+3vIkDOxtcXizT5h/zfYNHu0bpeTMgNNnho6AcFuGBgTHa/1nwOtIL9S
wzRAiGi1pmNmaawhZrsSv/bKBXT9EE836B1diiANGSxJ13CiGq7YlbvWUPYs+F1V
0s6h31YsPusyBAY7
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:45:46 2025 by rpki-client