Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/3u4BZBdTdUiQb-_Ps5lL_RV2xug.roa
File: 3u4BZBdTdUiQb-_Ps5lL_RV2xug.roa (raw, json)
Hash identifier: PVbix3fc0K+urpr/vxxvrvh1v0D0kva2BiWCQfbiNcA=
Subject key identifier: DE:EE:01:64:17:53:75:48:90:6F:EF:CF:B3:99:4B:FD:15:76:C6:E8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6118
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3u4BZBdTdUiQb-_Ps5lL_RV2xug.roa
Signing time: Sat 17 May 2025 00:10:36 +0000
ROA not before: Sat 17 May 2025 00:10:36 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24856 (0x6118)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 17 00:10:36 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=DEEE016417537548906FEFCFB3994BFD1576C6E8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:b7:6d:fd:c5:63:de:19:7d:9a:1b:42:a4:98:
b5:3b:4a:7d:9a:e0:df:19:3a:64:28:5d:06:db:46:
bf:3e:55:a3:3f:43:b0:91:74:8d:5f:36:81:1b:c3:
60:9f:ce:bb:67:ae:23:a4:c0:bc:86:9e:da:1c:92:
0d:e6:8e:e7:c4:16:52:58:f5:fc:a6:ef:0e:86:60:
d5:d0:ba:b8:c8:bf:66:78:7d:9b:fb:12:3d:50:97:
9a:80:0c:61:c4:bb:96:ae:a0:f9:75:d1:27:ea:64:
e5:62:d6:01:e5:1f:43:4c:e3:e2:76:04:62:4f:52:
49:61:e9:8a:c7:a3:13:89:0a:6e:17:42:36:22:88:
2e:e9:b3:e4:38:34:b4:0a:c0:98:5e:ed:dd:57:c3:
69:0a:dc:4e:4b:df:1f:38:a5:9d:e5:1c:7b:8a:ae:
7e:c0:bf:bb:90:97:4e:9d:12:93:8c:73:d5:9d:b4:
ca:7f:16:49:c2:77:7f:f0:52:68:46:26:25:18:70:
be:1a:e8:ab:d4:45:85:36:bf:8a:b8:45:51:60:49:
da:ce:cf:78:df:80:eb:c0:c3:55:64:f6:a5:e5:a4:
a4:f8:cd:68:79:31:25:65:7f:c9:7b:b3:c0:a8:b4:
0f:5c:a0:21:c2:a1:21:db:1e:39:04:e5:97:8e:be:
15:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:EE:01:64:17:53:75:48:90:6F:EF:CF:B3:99:4B:FD:15:76:C6:E8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3u4BZBdTdUiQb-_Ps5lL_RV2xug.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
4b:88:18:ef:ce:ff:1b:4f:1e:17:41:ca:b7:b0:d4:ab:c1:40:
19:f4:8e:9a:9b:b3:aa:54:32:36:39:f4:cf:43:a6:f3:c9:57:
f5:95:b6:c1:31:98:f0:bc:a1:9f:9a:71:9c:e2:f3:a1:f3:41:
8d:54:3b:5d:a1:a7:3f:d7:1d:2e:d6:1e:45:b8:6b:e1:ce:b0:
e9:e9:81:72:48:3f:8a:d7:0c:5f:d9:5e:37:9b:c7:db:1a:d3:
25:26:8f:ad:af:f3:0d:c5:be:90:60:a4:b2:b1:67:22:2d:7f:
bc:ec:2d:a3:ed:4b:10:0f:2b:0b:54:f2:3d:71:d0:be:46:e5:
9f:e0:d8:b8:73:9f:1c:30:e2:ea:92:6e:30:f4:f5:b0:0a:ed:
a2:52:49:44:d2:e8:84:85:7f:76:b0:6c:38:57:79:d3:63:f3:
44:b3:24:cc:16:10:aa:0c:85:ac:d6:b9:c9:f1:d1:5b:76:18:
b5:38:ad:fe:1b:80:7b:7d:b3:90:b7:ab:16:67:b7:e2:dc:ff:
58:c8:86:74:8a:de:4a:d9:90:50:ea:bf:f4:c2:6e:ae:71:e0:
cc:e5:33:84:2b:bf:18:04:a3:c5:37:95:4d:47:82:76:e9:4e:
91:71:e1:f1:98:79:07:3b:be:ea:55:8d:89:e5:a5:ea:da:a4:
57:c9:cd:47
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYRgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTcw
MDEwMzZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKERFRUUwMTY0MTc1Mzc1
NDg5MDZGRUZDRkIzOTk0QkZEMTU3NkM2RTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJt239xWPeGX2aG0KkmLU7Sn2a4N8ZOmQoXQbbRr8+VaM/Q7CR
dI1fNoEbw2CfzrtnriOkwLyGntockg3mjufEFlJY9fym7w6GYNXQurjIv2Z4fZv7
Ej1Ql5qADGHEu5auoPl10SfqZOVi1gHlH0NM4+J2BGJPUklh6YrHoxOJCm4XQjYi
iC7ps+Q4NLQKwJhe7d1Xw2kK3E5L3x84pZ3lHHuKrn7Av7uQl06dEpOMc9WdtMp/
FknCd3/wUmhGJiUYcL4a6KvURYU2v4q4RVFgSdrOz3jfgOvAw1Vk9qXlpKT4zWh5
MSVlf8l7s8CotA9coCHCoSHbHjkE5ZeOvhV1AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU3u4BZBdTdUiQb+/Ps5lL/RV2xugwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzN1NEJaQmRUZFVpUWIt
X1BzNWxMX1JWMnh1Zy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBLiBjv
zv8bTx4XQcq3sNSrwUAZ9I6am7OqVDI2OfTPQ6bzyVf1lbbBMZjwvKGfmnGc4vOh
80GNVDtdoac/1x0u1h5FuGvhzrDp6YFySD+K1wxf2V43m8fbGtMlJo+tr/MNxb6Q
YKSysWciLX+87C2j7UsQDysLVPI9cdC+RuWf4Ni4c58cMOLqkm4w9PWwCu2iUklE
0uiEhX92sGw4V3nTY/NEsyTMFhCqDIWs1rnJ8dFbdhi1OK3+G4B7fbOQt6sWZ7fi
3P9YyIZ0it5K2ZBQ6r/0wm6uceDM5TOEK78YBKPFN5VNR4J26U6RceHxmHkHO77q
VY2J5aXq2qRXyc1H
-----END CERTIFICATE-----
Generated at Sun May 18 04:49:44 2025 by rpki-client