Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/zmwHGBh5x_fxF3eBa68ryNPoiB8.roa
File: zmwHGBh5x_fxF3eBa68ryNPoiB8.roa (raw, json)
Hash identifier: fFNcMoAT5/GHymv9OZoR62x9ZihTt2/18PoiarX0aIU=
Subject key identifier: CE:6C:07:18:18:79:C7:F7:F1:17:77:81:6B:AF:2B:C8:D3:E8:88:1F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 672C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zmwHGBh5x_fxF3eBa68ryNPoiB8.roa
Signing time: Mon 02 Jun 2025 05:14:03 +0000
ROA not before: Mon 02 Jun 2025 05:14:03 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26412 (0x672c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 2 05:14:03 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=CE6C07181879C7F7F11777816BAF2BC8D3E8881F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:83:c8:b8:08:0b:0d:1d:82:e1:52:97:4e:a7:
3d:ec:80:c5:aa:96:69:a6:96:0e:d5:c6:91:05:ec:
91:ec:49:ad:15:5b:ba:e8:a3:1c:1d:15:75:d1:e5:
ec:b4:39:e5:9c:4d:30:e3:3b:47:f3:db:a4:d3:cb:
fa:78:d6:68:67:88:1e:32:19:ce:4d:d1:ba:d7:5a:
f1:fa:af:5d:d5:d7:f8:24:9e:b7:96:f7:d9:0d:27:
a7:4e:cf:f7:42:6e:f7:dc:7d:61:cc:73:f8:7c:9c:
59:e3:5c:23:ce:65:a2:8f:4e:92:f6:17:d9:82:19:
60:8f:fa:22:b8:34:69:31:0f:a3:be:0c:cb:12:e0:
b0:3a:70:f1:7f:39:64:7d:76:b2:b2:77:23:e5:60:
d4:63:8d:8e:fa:95:8b:3f:b5:c2:99:4c:7c:65:02:
f0:41:d0:f8:06:b2:73:98:aa:a9:50:9b:37:a5:05:
41:8b:78:80:23:bc:78:0a:6e:53:44:5a:f4:a7:b9:
c7:36:6f:cd:4f:7b:2b:4d:20:0a:3d:d4:c4:19:ae:
a4:3c:c2:20:0a:c6:78:17:d7:ab:6f:bc:7e:36:ae:
fa:99:87:f5:7d:1f:46:3c:ea:90:a7:e8:43:a5:0e:
71:cd:58:e5:cd:65:01:ef:e2:96:98:0f:81:d2:8e:
f3:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:6C:07:18:18:79:C7:F7:F1:17:77:81:6B:AF:2B:C8:D3:E8:88:1F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zmwHGBh5x_fxF3eBa68ryNPoiB8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
aa:b5:f7:cc:0b:e5:f9:23:b9:02:74:c5:c3:9a:01:15:92:36:
ee:2d:1a:d3:08:46:25:16:dd:1f:fa:25:1b:6d:2a:57:c8:1b:
fb:37:c8:ff:2a:dc:a3:8b:e8:f7:ea:ac:78:37:45:56:69:6b:
bd:13:4f:ff:25:3e:2c:d7:a6:d1:c8:7a:dd:53:0b:78:e0:1f:
6a:b3:64:58:5b:86:3e:66:ab:20:8d:f5:21:f5:e1:e1:b8:59:
15:85:36:a5:eb:94:d0:a7:5b:e6:c0:e7:34:fb:98:6d:cc:f6:
0e:86:b2:0c:50:5d:13:86:81:62:fc:89:a6:c4:5b:1f:4c:c4:
0b:59:0b:94:18:50:f4:c5:a2:73:7c:b0:71:23:a9:f9:03:57:
26:c4:ee:ee:27:7d:c5:76:f0:7f:11:70:fe:57:71:0b:e9:ef:
06:92:97:7e:5d:50:ae:48:bf:86:56:87:94:86:c3:35:bf:cc:
24:eb:10:23:46:38:1c:07:8a:42:59:7f:e2:97:ea:10:95:38:
8e:a3:73:52:94:6b:2e:81:26:1a:a2:b0:5d:65:fb:f8:ff:a2:
96:4f:f4:23:65:7e:52:d6:b6:b3:f3:3a:24:3f:f7:ea:c8:a6:
c2:c5:f8:a6:27:a1:6a:bf:72:35:f2:02:90:4a:a0:39:3f:91:
d1:05:4d:9b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZywwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDIw
NTE0MDNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKENFNkMwNzE4MTg3OUM3
RjdGMTE3Nzc4MTZCQUYyQkM4RDNFODg4MUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDFg8i4CAsNHYLhUpdOpz3sgMWqlmmmlg7VxpEF7JHsSa0VW7ro
oxwdFXXR5ey0OeWcTTDjO0fz26TTy/p41mhniB4yGc5N0brXWvH6r13V1/gknreW
99kNJ6dOz/dCbvfcfWHMc/h8nFnjXCPOZaKPTpL2F9mCGWCP+iK4NGkxD6O+DMsS
4LA6cPF/OWR9drKydyPlYNRjjY76lYs/tcKZTHxlAvBB0PgGsnOYqqlQmzelBUGL
eIAjvHgKblNEWvSnucc2b81PeytNIAo91MQZrqQ8wiAKxngX16tvvH42rvqZh/V9
H0Y86pCn6EOlDnHNWOXNZQHv4paYD4HSjvMjAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUzmwHGBh5x/fxF3eBa68ryNPoiB8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3ptd0hHQmg1eF9meEYz
ZUJhNjhyeU5Qb2lCOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCqtffM
C+X5I7kCdMXDmgEVkjbuLRrTCEYlFt0f+iUbbSpXyBv7N8j/Ktyji+j36qx4N0VW
aWu9E0//JT4s16bRyHrdUwt44B9qs2RYW4Y+ZqsgjfUh9eHhuFkVhTal65TQp1vm
wOc0+5htzPYOhrIMUF0ThoFi/ImmxFsfTMQLWQuUGFD0xaJzfLBxI6n5A1cmxO7u
J33FdvB/EXD+V3EL6e8Gkpd+XVCuSL+GVoeUhsM1v8wk6xAjRjgcB4pCWX/il+oQ
lTiOo3NSlGsugSYaorBdZfv4/6KWT/QjZX5S1raz8zokP/fqyKbCxfimJ6Fqv3I1
8gKQSqA5P5HRBU2b
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:18:03 2025 by rpki-client