Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/AR24zR5hRVlr9gyr2aDThRN9x7Y.roa
File: AR24zR5hRVlr9gyr2aDThRN9x7Y.roa (raw, json)
Hash identifier: Z664IcvuDvZEQvZOklp+71MMj2ziVH7NQFMMhiSpnQo=
Subject key identifier: 01:1D:B8:CD:1E:61:45:59:6B:F6:0C:AB:D9:A0:D3:85:13:7D:C7:B6
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5F82
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/AR24zR5hRVlr9gyr2aDThRN9x7Y.roa
Signing time: Mon 12 May 2025 18:40:27 +0000
ROA not before: Mon 12 May 2025 18:40:27 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24450 (0x5f82)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 12 18:40:27 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=011DB8CD1E6145596BF60CABD9A0D385137DC7B6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:4a:61:88:a1:44:19:61:32:be:4a:bf:22:99:
cc:ee:79:8d:57:56:b1:c1:04:a0:34:73:66:1a:46:
43:57:d9:19:be:50:43:ac:d6:e9:f7:43:6e:e6:74:
3d:ff:ff:7f:d6:b3:1e:8f:d8:80:64:3b:8b:4a:a1:
73:05:68:2d:f2:4f:9f:34:1a:77:9e:6e:92:58:df:
3d:da:c3:1d:ec:b4:53:bc:09:32:0a:7f:9c:fe:58:
d2:60:3a:12:84:5a:be:bb:59:82:51:06:eb:3e:23:
11:1b:1a:4a:bc:5c:84:ea:5d:10:ae:0c:7e:a2:d9:
0b:03:51:8f:9b:47:59:7b:4d:4a:6f:99:fc:8f:06:
6d:56:fe:ae:10:1f:e2:75:40:dd:c1:ac:03:d4:4a:
f1:ea:2a:a0:d7:c7:ce:4b:31:eb:ca:09:77:2b:ac:
03:fc:94:62:02:5d:8e:d3:69:e6:2b:e7:91:a0:99:
84:68:d1:6b:6b:2b:68:f3:22:d2:1f:eb:f5:44:4a:
0a:26:22:20:bc:d3:66:be:79:06:f9:9f:b1:56:0b:
51:80:05:23:e8:e8:13:03:99:10:8b:13:18:ef:e5:
5f:d1:63:4e:aa:3e:db:42:a4:89:53:02:cb:4c:f6:
d5:f4:65:32:62:57:e7:07:42:f3:bf:32:32:d0:c0:
a7:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:1D:B8:CD:1E:61:45:59:6B:F6:0C:AB:D9:A0:D3:85:13:7D:C7:B6
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/AR24zR5hRVlr9gyr2aDThRN9x7Y.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
41:06:74:75:b6:67:ce:39:87:3b:ed:b3:e6:ae:18:a8:2c:7c:
74:11:44:08:e4:94:0c:ce:ab:d0:ab:12:19:43:05:02:ce:b6:
ca:e6:11:69:e3:63:82:73:b1:1a:06:59:dd:3b:04:18:ec:0c:
4d:99:e4:1e:43:5a:e2:76:28:61:e0:20:9a:b9:80:71:ae:53:
d7:f7:8e:ff:f4:bf:25:69:87:f4:aa:eb:20:6c:eb:9f:4e:7d:
74:67:e0:97:73:06:63:36:10:66:36:47:16:a9:79:c9:d1:00:
f8:67:2a:81:5c:ef:f8:1a:9c:27:fd:5e:85:30:af:2f:a7:ce:
4a:1e:b1:30:f6:f6:fc:42:26:15:0e:a6:4a:8d:a2:27:1d:1d:
41:c7:a1:b8:0c:6c:bc:7c:70:38:2b:e3:66:99:13:be:4d:c4:
74:cf:92:aa:74:66:6d:e7:80:55:50:df:bc:2e:42:8f:cf:c9:
5e:0a:b9:1f:c3:df:63:f3:72:2a:44:01:7f:7f:bd:4b:b1:d8:
8a:71:da:dc:1c:ff:f6:26:d9:f6:7e:02:02:94:01:25:ea:1a:
9d:42:d8:78:07:1c:8d:54:ba:ce:97:ff:c7:96:51:57:b2:3f:
b4:34:36:e7:e1:e1:7c:f8:bd:80:d8:75:5a:f5:0f:38:c8:34:
84:fd:25:fb
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICX4IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTIx
ODQwMjdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDAxMURCOENEMUU2MTQ1
NTk2QkY2MENBQkQ5QTBEMzg1MTM3REM3QjYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDMSmGIoUQZYTK+Sr8imczueY1XVrHBBKA0c2YaRkNX2Rm+UEOs
1un3Q27mdD3//3/Wsx6P2IBkO4tKoXMFaC3yT580GneebpJY3z3awx3stFO8CTIK
f5z+WNJgOhKEWr67WYJRBus+IxEbGkq8XITqXRCuDH6i2QsDUY+bR1l7TUpvmfyP
Bm1W/q4QH+J1QN3BrAPUSvHqKqDXx85LMevKCXcrrAP8lGICXY7TaeYr55GgmYRo
0WtrK2jzItIf6/VESgomIiC802a+eQb5n7FWC1GABSPo6BMDmRCLExjv5V/RY06q
PttCpIlTAstM9tX0ZTJiV+cHQvO/MjLQwKdVAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUAR24zR5hRVlr9gyr2aDThRN9x7YwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0FSMjR6UjVoUlZscjln
eXIyYURUaFJOOXg3WS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBBBnR1
tmfOOYc77bPmrhioLHx0EUQI5JQMzqvQqxIZQwUCzrbK5hFp42OCc7EaBlndOwQY
7AxNmeQeQ1ridihh4CCauYBxrlPX947/9L8laYf0qusgbOufTn10Z+CXcwZjNhBm
NkcWqXnJ0QD4ZyqBXO/4Gpwn/V6FMK8vp85KHrEw9vb8QiYVDqZKjaInHR1Bx6G4
DGy8fHA4K+NmmRO+TcR0z5KqdGZt54BVUN+8LkKPz8leCrkfw99j83IqRAF/f71L
sdiKcdrcHP/2Jtn2fgIClAEl6hqdQth4BxyNVLrOl//HllFXsj+0NDbn4eF8+L2A
2HVa9Q84yDSE/SX7
-----END CERTIFICATE-----
Generated at Sat May 17 23:51:44 2025 by rpki-client