Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/xkl6FUtqopjayJbtgXhpOxcmYd0.roa
File: xkl6FUtqopjayJbtgXhpOxcmYd0.roa (raw, json)
Hash identifier: PrTu1vd98N3srUvI2o4KOoyD5Se1JPHDo19c7IVHg8E=
Subject key identifier: C6:49:7A:15:4B:6A:A2:98:DA:C8:96:ED:81:78:69:3B:17:26:61:DD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7256
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xkl6FUtqopjayJbtgXhpOxcmYd0.roa
Signing time: Wed 02 Jul 2025 05:14:56 +0000
ROA not before: Wed 02 Jul 2025 05:14:56 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29270 (0x7256)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 2 05:14:56 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=C6497A154B6AA298DAC896ED8178693B172661DD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:62:42:6a:5a:3a:91:64:e8:36:1e:ea:8a:9d:
7e:e7:f3:4e:c5:22:c1:38:87:66:af:c7:ec:ca:5b:
7a:8a:42:25:d2:06:65:4a:a9:89:fd:3f:d8:63:4f:
1d:47:5e:6e:fe:6a:4c:f6:36:fb:6e:9b:62:12:aa:
b7:2d:ac:a4:9e:ad:cf:dd:65:ef:30:27:a7:dd:c4:
1a:d7:7a:e2:5e:dd:2a:48:d9:54:20:4e:2e:e5:27:
3c:24:2a:d9:48:63:53:f7:a0:9b:85:c8:af:a5:00:
d2:df:72:4f:d5:f8:9f:92:6a:72:ec:82:62:de:89:
f5:b6:95:c1:2f:e8:8b:d3:66:50:43:b5:82:81:03:
d7:ed:8f:62:c0:24:16:10:a8:7e:9b:8c:9f:73:59:
b8:de:26:6c:f0:58:89:d8:eb:e7:30:02:bd:40:68:
cd:44:e6:26:75:48:df:fa:82:03:f4:82:9d:2a:96:
65:c7:a1:6e:2e:6d:21:18:46:16:e9:5e:9c:3f:ff:
68:54:75:4c:3f:8b:ac:f8:2c:45:ab:ba:d6:f8:0e:
fb:db:54:27:0c:46:5e:1e:52:d2:d0:3c:6c:32:3c:
10:71:18:90:40:15:04:33:07:5c:25:fa:f1:16:c7:
ce:32:95:ce:34:6b:a2:13:42:66:92:17:85:c2:ef:
a4:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:49:7A:15:4B:6A:A2:98:DA:C8:96:ED:81:78:69:3B:17:26:61:DD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xkl6FUtqopjayJbtgXhpOxcmYd0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
0c:b5:0e:7b:66:a9:ee:ce:17:fc:19:c9:06:44:f3:88:ec:ae:
22:8f:59:ec:62:d2:70:53:d1:e4:9f:dc:8d:0e:96:98:f1:4b:
8d:b0:22:a7:f4:04:40:7e:ff:13:e7:36:f9:90:94:43:28:7a:
f3:a4:69:be:40:9c:cc:8b:ef:76:31:b3:cd:96:91:f3:26:71:
8a:34:23:8f:a5:8f:cb:1f:60:45:f0:b2:93:53:5c:6d:93:54:
5f:11:45:13:f3:2d:37:e0:08:5d:08:99:5d:89:76:c1:de:4d:
6a:1d:2f:0c:26:dd:c6:38:72:e3:06:48:a1:14:77:65:11:ee:
4e:b4:7f:9d:e4:ec:e2:26:07:38:0e:ae:f8:a2:34:6d:77:48:
da:da:f1:70:f9:ce:6f:5c:d8:f2:a0:e9:21:31:d3:c2:a0:17:
d9:00:95:18:e1:cd:29:fe:fc:e7:7e:fa:01:42:65:4e:9e:32:
4f:f1:65:f2:0c:3c:ff:39:2f:3e:cc:f9:97:97:ef:e8:ce:cd:
23:76:1e:65:9d:90:78:f9:c2:dd:93:e4:8f:4e:f6:5e:64:3e:
e6:0b:9d:98:0c:81:f0:12:c2:e7:09:87:72:4e:f9:31:5d:21:
fc:1b:f3:ef:22:28:ef:fa:94:1f:17:81:15:20:4c:f2:15:f4:
29:6d:0b:5d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICclYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDIw
NTE0NTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEM2NDk3QTE1NEI2QUEy
OThEQUM4OTZFRDgxNzg2OTNCMTcyNjYxREQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDhYkJqWjqRZOg2HuqKnX7n807FIsE4h2avx+zKW3qKQiXSBmVK
qYn9P9hjTx1HXm7+akz2Nvtum2ISqrctrKSerc/dZe8wJ6fdxBrXeuJe3SpI2VQg
Ti7lJzwkKtlIY1P3oJuFyK+lANLfck/V+J+SanLsgmLeifW2lcEv6IvTZlBDtYKB
A9ftj2LAJBYQqH6bjJ9zWbjeJmzwWInY6+cwAr1AaM1E5iZ1SN/6ggP0gp0qlmXH
oW4ubSEYRhbpXpw//2hUdUw/i6z4LEWrutb4DvvbVCcMRl4eUtLQPGwyPBBxGJBA
FQQzB1wl+vEWx84ylc40a6ITQmaSF4XC76RJAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUxkl6FUtqopjayJbtgXhpOxcmYd0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3hrbDZGVXRxb3BqYXlK
YnRnWGhwT3hjbVlkMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAMtQ57
Zqnuzhf8GckGRPOI7K4ij1nsYtJwU9Hkn9yNDpaY8UuNsCKn9ARAfv8T5zb5kJRD
KHrzpGm+QJzMi+92MbPNlpHzJnGKNCOPpY/LH2BF8LKTU1xtk1RfEUUT8y034Ahd
CJldiXbB3k1qHS8MJt3GOHLjBkihFHdlEe5OtH+d5OziJgc4Dq74ojRtd0ja2vFw
+c5vXNjyoOkhMdPCoBfZAJUY4c0p/vznfvoBQmVOnjJP8WXyDDz/OS8+zPmXl+/o
zs0jdh5lnZB4+cLdk+SPTvZeZD7mC52YDIHwEsLnCYdyTvkxXSH8G/PvIijv+pQf
F4EVIEzyFfQpbQtd
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:35:56 2025 by rpki-client