Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/C75E0OOd_yiuIvQ2ttxWNQhv7KE.roa
File: C75E0OOd_yiuIvQ2ttxWNQhv7KE.roa (raw, json)
Hash identifier: 9juSODhZGo8pcKK++BAunNbIagTcy51DNS5GlrGk5vU=
Subject key identifier: 0B:BE:44:D0:E3:9D:FF:28:AE:22:F4:36:B6:DC:56:35:08:6F:EC:A1
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5F94
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/C75E0OOd_yiuIvQ2ttxWNQhv7KE.roa
Signing time: Mon 12 May 2025 23:10:22 +0000
ROA not before: Mon 12 May 2025 23:10:22 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24468 (0x5f94)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 12 23:10:22 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=0BBE44D0E39DFF28AE22F436B6DC5635086FECA1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:dc:f9:d8:ee:99:90:c2:a4:7b:26:e1:9f:90:
7f:18:16:49:32:2d:0b:d1:7d:31:89:f7:c3:c5:0f:
53:18:af:29:70:11:ed:35:13:17:ee:70:02:25:7d:
51:04:06:a6:a1:0c:97:ac:4b:78:03:ec:98:19:28:
86:ca:1a:6f:db:e4:f7:6f:af:81:be:be:d0:7c:7c:
fb:1c:0c:2f:3d:ad:71:de:50:e5:f8:ea:05:e2:e2:
56:83:7d:f2:a5:b2:bb:fb:a4:39:23:10:54:4e:13:
6b:89:48:cb:5f:23:70:c7:2d:a8:63:a4:0a:c7:bc:
3d:ad:c8:84:31:73:f4:e4:df:77:a9:81:d9:c0:9d:
f8:7a:9f:e5:14:aa:9f:11:e6:3e:3c:5b:93:91:a3:
c0:24:c2:ae:37:ef:96:15:33:ab:6c:b2:df:12:70:
55:e9:10:3d:e4:14:7c:85:93:ca:72:3e:f1:e5:ca:
7a:c5:12:95:34:17:89:8c:59:e3:6f:51:9b:1a:17:
2c:fc:71:d3:ae:bb:3c:d5:07:f8:2d:a5:8e:69:6b:
62:40:89:6a:6b:ae:d2:ad:7d:38:bc:92:2e:51:c4:
7c:d5:27:80:92:06:03:df:d4:e9:fa:03:0b:19:3f:
d0:4e:0c:92:99:22:b0:c0:cc:fc:57:2d:80:35:11:
0f:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0B:BE:44:D0:E3:9D:FF:28:AE:22:F4:36:B6:DC:56:35:08:6F:EC:A1
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/C75E0OOd_yiuIvQ2ttxWNQhv7KE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
4f:09:50:2c:b9:7e:ce:2c:15:d1:f6:ea:40:e8:4d:83:4f:8d:
5f:91:8a:bd:ce:1f:50:ec:29:31:f2:f3:e0:25:48:35:08:04:
4a:f9:a1:af:77:ca:06:06:ee:01:65:34:32:05:8a:f7:89:a2:
bf:a9:4e:5e:d2:cc:4e:34:eb:d0:bf:7c:b3:84:2d:e0:73:84:
30:d0:af:88:86:6a:70:3a:94:c0:b3:7a:03:ab:15:7d:00:af:
16:ab:0b:a9:c1:16:bb:b8:76:4d:cc:5e:fa:42:d3:2c:2e:e0:
3e:46:f4:64:29:6e:5f:82:a3:12:49:ab:96:81:06:e0:35:25:
56:1e:bc:60:2f:65:93:2e:b4:67:de:0c:15:32:31:fa:08:ec:
7c:81:47:96:a9:b7:a4:eb:f0:2b:35:a7:83:8c:10:3e:59:8e:
f6:f9:0e:c6:57:0e:ec:29:ef:c7:62:11:19:97:d4:5f:47:95:
94:86:4e:82:51:59:24:71:58:78:03:d5:63:46:8f:0c:77:63:
43:6c:76:a7:1e:c8:e2:d1:eb:32:0b:29:a6:40:47:65:2f:07:
52:80:89:5a:4b:1e:15:b9:5e:ec:b9:0a:0b:c5:68:89:d2:ad:
e8:ac:47:15:c0:53:cb:b5:14:2a:92:a3:35:2b:6e:bd:a5:af:
70:4f:d8:77
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICX5QwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTIy
MzEwMjJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDBCQkU0NEQwRTM5REZG
MjhBRTIyRjQzNkI2REM1NjM1MDg2RkVDQTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDV3PnY7pmQwqR7JuGfkH8YFkkyLQvRfTGJ98PFD1MYrylwEe01
ExfucAIlfVEEBqahDJesS3gD7JgZKIbKGm/b5Pdvr4G+vtB8fPscDC89rXHeUOX4
6gXi4laDffKlsrv7pDkjEFROE2uJSMtfI3DHLahjpArHvD2tyIQxc/Tk33epgdnA
nfh6n+UUqp8R5j48W5ORo8Akwq4375YVM6tsst8ScFXpED3kFHyFk8pyPvHlynrF
EpU0F4mMWeNvUZsaFyz8cdOuuzzVB/gtpY5pa2JAiWprrtKtfTi8ki5RxHzVJ4CS
BgPf1On6AwsZP9BODJKZIrDAzPxXLYA1EQ/7AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUC75E0OOd/yiuIvQ2ttxWNQhv7KEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0M3NUUwT09kX3lpdUl2
UTJ0dHhXTlFodjdLRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBPCVAs
uX7OLBXR9upA6E2DT41fkYq9zh9Q7Ckx8vPgJUg1CARK+aGvd8oGBu4BZTQyBYr3
iaK/qU5e0sxONOvQv3yzhC3gc4Qw0K+IhmpwOpTAs3oDqxV9AK8WqwupwRa7uHZN
zF76QtMsLuA+RvRkKW5fgqMSSauWgQbgNSVWHrxgL2WTLrRn3gwVMjH6COx8gUeW
qbek6/ArNaeDjBA+WY72+Q7GVw7sKe/HYhEZl9RfR5WUhk6CUVkkcVh4A9VjRo8M
d2NDbHanHsji0esyCymmQEdlLwdSgIlaSx4VuV7suQoLxWiJ0q3orEcVwFPLtRQq
kqM1K269pa9wT9h3
-----END CERTIFICATE-----
Generated at Sat May 17 22:41:13 2025 by rpki-client