Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/zG-Yh0tSJG5Ni0NCwwDc5GeG_Do.roa
File: zG-Yh0tSJG5Ni0NCwwDc5GeG_Do.roa (raw, json)
Hash identifier: yLevrOagBP9d9SDQ5LkHxoMpcN11/X2OnwbhSl/KAHA=
Subject key identifier: CC:6F:98:87:4B:52:24:6E:4D:8B:43:42:C3:00:DC:E4:67:86:FC:3A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6C2E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zG-Yh0tSJG5Ni0NCwwDc5GeG_Do.roa
Signing time: Sun 15 Jun 2025 13:42:24 +0000
ROA not before: Sun 15 Jun 2025 13:42:24 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27694 (0x6c2e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 15 13:42:24 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=CC6F98874B52246E4D8B4342C300DCE46786FC3A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:ef:0d:04:14:49:10:80:8a:89:06:da:33:7b:
7c:f5:7b:2c:2a:3c:19:46:9a:33:fc:a9:f9:61:a2:
65:d7:64:c1:17:10:95:62:24:e7:2a:9e:1d:24:73:
76:24:40:7a:00:07:7e:40:f1:57:a1:35:42:54:86:
e2:49:16:c4:e4:7d:a1:ae:db:c5:fb:54:ec:87:4c:
1e:1e:42:bf:1f:ee:9d:c5:f1:0c:06:42:17:4b:75:
d1:cd:a1:d6:fb:53:24:c6:76:66:ff:1c:f4:ae:fe:
ec:60:70:55:ae:66:02:30:4d:bc:84:cb:4b:d7:2b:
99:3d:cb:aa:8a:46:60:31:4a:d0:d2:b3:5c:86:00:
28:ea:38:51:c1:68:00:51:84:73:ee:55:b7:de:6d:
f0:b7:56:56:fb:ce:e9:33:d2:a9:af:a6:54:93:dc:
ff:73:54:fe:e1:ce:22:1e:ef:bb:8d:04:e4:f7:6f:
bb:d8:67:ad:36:4a:76:ea:6c:d9:a3:5f:ee:34:9e:
10:55:e3:01:0f:e7:39:81:aa:06:1f:7a:68:0a:d5:
49:4a:7b:1d:93:62:dc:96:a9:76:53:0a:e2:b3:0b:
50:e8:2b:1f:35:f0:78:65:05:91:b4:d2:e9:f7:cb:
2a:ab:ce:10:63:0b:ae:6e:3c:0f:ba:ea:d3:19:61:
98:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:6F:98:87:4B:52:24:6E:4D:8B:43:42:C3:00:DC:E4:67:86:FC:3A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zG-Yh0tSJG5Ni0NCwwDc5GeG_Do.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
4e:b7:05:f0:3b:8b:45:0c:23:dc:37:c0:28:42:97:2f:4c:5b:
9e:e5:c1:b6:c2:3e:49:fc:67:9d:e7:d0:bf:1b:54:61:6f:14:
41:24:53:6b:4f:f1:c2:17:a2:3a:f5:58:04:e9:d0:d4:18:1e:
de:08:84:e6:19:c5:cd:ce:d5:31:a6:0a:46:9f:e6:39:38:21:
b1:93:2f:c5:f2:51:3d:4f:ad:b5:7f:a9:5f:3e:0b:45:c4:02:
90:66:6c:9d:10:1e:53:d8:0c:c4:75:74:41:c1:8b:c0:43:88:
15:6c:8a:74:65:96:35:59:c5:76:c7:0f:c6:9a:a0:a2:d5:9c:
7b:0e:77:ad:d9:c4:9c:96:09:c2:d5:57:6e:48:45:ff:df:9e:
ba:a9:57:fc:e8:a6:8f:b9:c3:f8:c9:f2:91:40:d1:29:63:85:
bf:21:ab:fb:75:1c:d2:4e:b0:10:c6:89:e8:5f:96:c3:fd:c0:
c0:6b:c5:e9:53:d0:87:bb:2a:cd:29:e6:fc:50:37:2b:c4:c9:
89:8d:78:9b:91:5f:ef:b6:05:48:ff:d9:96:0d:90:6f:73:40:
12:f0:3e:29:68:8f:14:41:b0:64:33:eb:31:32:bf:0d:2d:ab:
d1:d5:f3:6d:78:f3:7e:35:15:2a:c3:89:e3:d6:0b:a0:16:73:
b8:09:65:8d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbC4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTUx
MzQyMjRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKENDNkY5ODg3NEI1MjI0
NkU0RDhCNDM0MkMzMDBEQ0U0Njc4NkZDM0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCt7w0EFEkQgIqJBtoze3z1eywqPBlGmjP8qflhomXXZMEXEJVi
JOcqnh0kc3YkQHoAB35A8VehNUJUhuJJFsTkfaGu28X7VOyHTB4eQr8f7p3F8QwG
QhdLddHNodb7UyTGdmb/HPSu/uxgcFWuZgIwTbyEy0vXK5k9y6qKRmAxStDSs1yG
ACjqOFHBaABRhHPuVbfebfC3Vlb7zukz0qmvplST3P9zVP7hziIe77uNBOT3b7vY
Z602SnbqbNmjX+40nhBV4wEP5zmBqgYfemgK1UlKex2TYtyWqXZTCuKzC1DoKx81
8HhlBZG00un3yyqrzhBjC65uPA+66tMZYZgVAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUzG+Yh0tSJG5Ni0NCwwDc5GeG/DowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3pHLVloMHRTSkc1Tmkw
TkN3d0RjNUdlR19Eby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBOtwXw
O4tFDCPcN8AoQpcvTFue5cG2wj5J/Ged59C/G1RhbxRBJFNrT/HCF6I69VgE6dDU
GB7eCITmGcXNztUxpgpGn+Y5OCGxky/F8lE9T621f6lfPgtFxAKQZmydEB5T2AzE
dXRBwYvAQ4gVbIp0ZZY1WcV2xw/GmqCi1Zx7Dnet2cSclgnC1VduSEX/3566qVf8
6KaPucP4yfKRQNEpY4W/Iav7dRzSTrAQxonoX5bD/cDAa8XpU9CHuyrNKeb8UDcr
xMmJjXibkV/vtgVI/9mWDZBvc0AS8D4paI8UQbBkM+sxMr8NLavR1fNtePN+NRUq
w4nj1gugFnO4CWWN
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:57:55 2025 by rpki-client