Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/xyx8eDTICsvEDz9xuO-J5ghUcbM.roa
File: xyx8eDTICsvEDz9xuO-J5ghUcbM.roa (raw, json)
Hash identifier: yUlvZgIcB/GqrD5VkHH2oBQQuwwUNztXibDsqxkHGfg=
Subject key identifier: C7:2C:7C:78:34:C8:0A:CB:C4:0F:3F:71:B8:EF:89:E6:08:54:71:B3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6464
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xyx8eDTICsvEDz9xuO-J5ghUcbM.roa
Signing time: Sun 25 May 2025 19:11:06 +0000
ROA not before: Sun 25 May 2025 19:11:06 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25700 (0x6464)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 25 19:11:06 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=C72C7C7834C80ACBC40F3F71B8EF89E6085471B3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:f4:3d:41:2c:b6:25:bc:e8:12:08:de:f7:45:
d9:68:04:ed:dd:5f:94:85:c8:5d:c4:c4:2c:f8:d2:
7f:e2:ba:ae:e5:0b:5b:9a:38:7b:ca:24:57:c1:a6:
77:66:54:52:de:67:a3:f8:25:84:1e:66:56:b4:5b:
d5:c7:fa:76:b8:5e:9c:7f:fa:9f:14:c5:7e:55:3b:
f4:c9:2a:b2:9b:94:e8:4c:a8:40:ef:73:40:6f:35:
51:27:2b:1d:1a:b1:30:d2:18:82:b0:6d:72:9c:4a:
62:15:3c:db:6b:ef:5a:7d:d6:73:c8:de:9e:72:8d:
f1:92:3f:3f:91:46:d9:05:a7:4f:30:71:9e:5f:ac:
a5:7c:17:19:15:27:61:a7:92:8a:37:13:33:b5:7f:
5d:1c:e5:2c:35:3b:fa:4d:03:a9:e8:20:f5:a4:a1:
e0:37:8b:ed:7e:cd:7c:b6:c4:ff:3b:14:18:52:8e:
68:6d:7f:da:5c:49:e5:e9:f2:45:d4:e2:49:07:bc:
71:00:08:1f:42:76:1c:a3:25:a7:14:1c:1e:d2:36:
eb:fa:81:dd:f0:58:36:84:fc:66:ef:2f:e2:a0:ae:
8a:56:16:53:1c:57:cb:c7:bd:97:a6:00:9d:c1:60:
4d:41:fd:b4:ef:de:10:cf:eb:17:97:8e:9d:77:d9:
1a:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:2C:7C:78:34:C8:0A:CB:C4:0F:3F:71:B8:EF:89:E6:08:54:71:B3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xyx8eDTICsvEDz9xuO-J5ghUcbM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
a2:30:32:05:61:94:29:64:99:99:7c:85:b5:53:8d:40:1d:53:
e8:bb:18:cc:3f:3c:f3:57:6f:91:b3:42:b5:2d:ec:39:b3:9f:
f6:e9:ce:8d:cf:cc:e4:1b:c3:a0:fb:4e:31:c7:db:5e:fd:4b:
f0:64:4a:3a:a1:97:d3:1b:68:38:38:21:2e:b1:7b:b0:dd:98:
44:04:05:b1:ea:83:f6:ec:fe:7c:96:62:32:22:7b:e2:33:03:
ad:da:cf:bf:71:47:b0:4a:46:0a:72:fa:75:02:92:3a:c6:5f:
d8:fc:8a:6f:3d:66:df:16:2e:9d:d5:a3:fc:8d:4d:39:d4:91:
60:3e:a2:b2:89:64:d6:76:01:bd:1e:ee:bd:c1:f1:c4:79:b3:
33:15:20:7e:74:5a:f0:59:be:89:1b:48:3f:16:92:d2:d7:19:
bd:69:e2:3d:19:e3:c7:10:54:3b:f2:a5:70:ba:b4:09:33:11:
41:15:d2:65:80:ea:65:87:54:23:d7:3f:83:6f:ff:32:41:f6:
cf:a1:65:ed:bc:f9:ad:44:3a:51:a7:d5:4c:08:0e:40:25:14:
29:43:4a:65:f3:07:a7:06:01:00:2a:92:81:f9:d4:99:1d:bc:
ab:d0:da:3c:a3:7d:56:7d:3e:66:2e:4e:73:5e:cd:83:05:66:
f0:92:ab:a5
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZGQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjUx
OTExMDZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEM3MkM3Qzc4MzRDODBB
Q0JDNDBGM0Y3MUI4RUY4OUU2MDg1NDcxQjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCe9D1BLLYlvOgSCN73RdloBO3dX5SFyF3ExCz40n/iuq7lC1ua
OHvKJFfBpndmVFLeZ6P4JYQeZla0W9XH+na4Xpx/+p8UxX5VO/TJKrKblOhMqEDv
c0BvNVEnKx0asTDSGIKwbXKcSmIVPNtr71p91nPI3p5yjfGSPz+RRtkFp08wcZ5f
rKV8FxkVJ2Gnkoo3EzO1f10c5Sw1O/pNA6noIPWkoeA3i+1+zXy2xP87FBhSjmht
f9pcSeXp8kXU4kkHvHEACB9CdhyjJacUHB7SNuv6gd3wWDaE/GbvL+KgropWFlMc
V8vHvZemAJ3BYE1B/bTv3hDP6xeXjp132RrPAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUxyx8eDTICsvEDz9xuO+J5ghUcbMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3h5eDhlRFRJQ3N2RUR6
OXh1Ty1KNWdoVWNiTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCiMDIF
YZQpZJmZfIW1U41AHVPouxjMPzzzV2+Rs0K1Lew5s5/26c6Nz8zkG8Og+04xx9te
/UvwZEo6oZfTG2g4OCEusXuw3ZhEBAWx6oP27P58lmIyInviMwOt2s+/cUewSkYK
cvp1ApI6xl/Y/IpvPWbfFi6d1aP8jU051JFgPqKyiWTWdgG9Hu69wfHEebMzFSB+
dFrwWb6JG0g/FpLS1xm9aeI9GePHEFQ78qVwurQJMxFBFdJlgOplh1Qj1z+Db/8y
QfbPoWXtvPmtRDpRp9VMCA5AJRQpQ0pl8wenBgEAKpKB+dSZHbyr0No8o31WfT5m
Lk5zXs2DBWbwkqul
-----END CERTIFICATE-----
Generated at Wed Jun 4 02:07:11 2025 by rpki-client