Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/PMBsU2_1f6Y1OgHAh8zblfLEsAE.roa
File: PMBsU2_1f6Y1OgHAh8zblfLEsAE.roa (raw, json)
Hash identifier: 7TaLDS+3ZRlj0Ey2/9GhFjtDFvo6QgfRrNnZehHeZ5w=
Subject key identifier: 3C:C0:6C:53:6F:F5:7F:A6:35:3A:01:C0:87:CC:DB:95:F2:C4:B0:01
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 606A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PMBsU2_1f6Y1OgHAh8zblfLEsAE.roa
Signing time: Thu 15 May 2025 04:40:30 +0000
ROA not before: Thu 15 May 2025 04:40:30 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24682 (0x606a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 15 04:40:30 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=3CC06C536FF57FA6353A01C087CCDB95F2C4B001
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f3:03:8b:38:51:ca:64:81:94:45:40:83:ae:71:
3b:5c:19:bb:a7:e5:ec:64:9d:21:ac:ea:ce:b3:92:
fb:07:04:a6:f2:50:f8:81:09:29:b3:f6:4d:3a:d2:
3d:d4:62:3d:d5:bb:9a:c9:d1:1b:9f:97:c2:ee:43:
80:68:b4:36:16:aa:a3:92:9e:9e:0e:51:58:ee:e3:
f6:fe:eb:9f:7a:7a:64:cf:4f:ff:48:0e:7c:ea:ad:
19:72:91:56:f7:fa:51:ae:ad:fa:e4:e7:26:5d:6f:
09:67:29:2c:c5:87:a1:82:f1:0d:11:26:b2:58:16:
81:1b:a4:06:e2:40:80:ce:ac:e0:bd:0f:96:b7:07:
6a:61:7c:a3:e0:f2:14:30:11:e3:d0:69:9a:6a:94:
fe:b8:81:d3:b4:bd:2f:92:25:1a:6c:46:f5:db:d5:
77:4c:7c:dc:bc:fb:b1:37:2f:2a:74:c9:a9:99:4f:
39:7b:ed:29:9d:a7:c3:46:4a:1f:6f:a6:51:3d:bc:
76:c1:15:99:aa:d9:f7:d7:8a:8b:9d:a1:95:60:23:
5d:15:70:a7:0b:e0:fd:53:8f:98:45:fa:e2:50:a3:
01:b3:ca:30:64:39:63:33:ff:32:dd:d9:8f:bb:70:
91:77:f4:d1:99:dd:9a:e3:ba:58:93:41:9c:e4:e9:
e6:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:C0:6C:53:6F:F5:7F:A6:35:3A:01:C0:87:CC:DB:95:F2:C4:B0:01
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/PMBsU2_1f6Y1OgHAh8zblfLEsAE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
73:c2:15:54:28:b6:f2:71:69:8e:04:77:c7:bb:6e:90:6f:7a:
49:d1:88:ab:17:e4:04:a0:e4:91:b0:62:f1:a6:93:ac:c0:65:
7e:e5:c9:12:cd:8f:b8:46:b6:1f:e2:35:45:d0:35:de:1e:2f:
94:e4:2c:f8:cf:fa:42:64:a2:e5:7b:f2:54:a7:94:00:60:96:
7a:70:47:8f:d3:6a:a0:09:dd:57:5c:46:cf:bf:4b:9e:98:09:
7e:a9:48:7f:4c:64:63:99:34:44:31:8b:99:16:87:a1:f7:11:
e4:7d:8a:63:e0:66:f0:a5:c3:3b:5f:8b:25:a7:9b:d5:e6:80:
e2:d1:fa:8e:16:cb:fd:41:3a:54:c9:67:13:2b:f7:ef:25:c6:
e9:76:7b:5c:da:66:f6:48:27:96:33:fb:ba:7d:b6:5e:a2:58:
9a:18:ff:e4:c6:18:e8:91:18:d4:d5:f4:ce:e7:c4:14:0d:90:
32:e4:f0:3f:9b:60:a2:79:e7:64:a7:f6:19:44:43:d1:99:a8:
60:4f:fb:59:37:05:6b:94:2f:36:ae:71:73:d5:f8:67:05:8c:
17:1d:ab:b8:42:b3:9e:f2:26:38:74:9f:7c:b1:48:48:a6:75:
60:84:f6:0e:37:79:be:99:b0:ed:c2:1c:d3:88:1a:a7:d6:e7:
68:dd:8c:ae
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYGowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTUw
NDQwMzBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDNDQzA2QzUzNkZGNTdG
QTYzNTNBMDFDMDg3Q0NEQjk1RjJDNEIwMDEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDzA4s4UcpkgZRFQIOucTtcGbun5exknSGs6s6zkvsHBKbyUPiB
CSmz9k060j3UYj3Vu5rJ0Rufl8LuQ4BotDYWqqOSnp4OUVju4/b+6596emTPT/9I
DnzqrRlykVb3+lGurfrk5yZdbwlnKSzFh6GC8Q0RJrJYFoEbpAbiQIDOrOC9D5a3
B2phfKPg8hQwEePQaZpqlP64gdO0vS+SJRpsRvXb1XdMfNy8+7E3Lyp0yamZTzl7
7Smdp8NGSh9vplE9vHbBFZmq2ffXioudoZVgI10VcKcL4P1Tj5hF+uJQowGzyjBk
OWMz/zLd2Y+7cJF39NGZ3ZrjuliTQZzk6eaZAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUPMBsU2/1f6Y1OgHAh8zblfLEsAEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1BNQnNVMl8xZjZZMU9n
SEFoOHpibGZMRXNBRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBzwhVU
KLbycWmOBHfHu26Qb3pJ0YirF+QEoOSRsGLxppOswGV+5ckSzY+4RrYf4jVF0DXe
Hi+U5Cz4z/pCZKLle/JUp5QAYJZ6cEeP02qgCd1XXEbPv0uemAl+qUh/TGRjmTRE
MYuZFoeh9xHkfYpj4GbwpcM7X4slp5vV5oDi0fqOFsv9QTpUyWcTK/fvJcbpdntc
2mb2SCeWM/u6fbZeoliaGP/kxhjokRjU1fTO58QUDZAy5PA/m2Cieedkp/YZREPR
mahgT/tZNwVrlC82rnFz1fhnBYwXHau4QrOe8iY4dJ98sUhIpnVghPYON3m+mbDt
whzTiBqn1udo3Yyu
-----END CERTIFICATE-----
Generated at Sat May 17 23:45:08 2025 by rpki-client