Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Z25CLYFdKZ13Q1UsWMbN5O1Qyds.roa
File: Z25CLYFdKZ13Q1UsWMbN5O1Qyds.roa (raw, json)
Hash identifier: CZEPlD2kCGMiCWEuv7apUVApZYn9b6llcQdZ607SRPE=
Subject key identifier: 67:6E:42:2D:81:5D:29:9D:77:43:55:2C:58:C6:CD:E4:ED:50:C9:DB
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6106
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Z25CLYFdKZ13Q1UsWMbN5O1Qyds.roa
Signing time: Fri 16 May 2025 19:40:31 +0000
ROA not before: Fri 16 May 2025 19:40:31 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24838 (0x6106)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 16 19:40:31 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=676E422D815D299D7743552C58C6CDE4ED50C9DB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:ea:38:45:39:d3:6c:2e:b4:cb:62:12:43:6d:
ed:cb:fc:9a:01:c0:fc:50:eb:e6:0d:71:de:58:c6:
9b:6b:1f:27:a3:5d:aa:bf:df:29:dd:28:cc:c3:a4:
e2:20:58:c1:ab:a4:ab:9f:18:98:01:92:fa:12:0e:
85:2f:17:7b:1f:cd:3a:86:78:6e:f3:46:a2:0e:99:
f3:9a:f8:4a:0e:bc:e4:df:eb:e6:a6:e0:c2:d3:ec:
4e:7d:68:f3:78:dd:2f:72:f0:c1:6c:f6:b3:e4:06:
98:cb:51:0c:9f:b0:c0:49:71:6b:aa:f1:1a:2e:89:
47:f4:44:da:c4:3f:15:4e:06:8e:b7:c7:60:e2:44:
6d:69:c6:6a:76:e4:ca:73:27:4e:1b:da:51:b0:67:
6b:58:0b:47:20:7f:50:f5:f9:88:79:b4:56:da:bb:
34:7e:df:dc:44:ba:f0:0a:21:43:cf:e6:e1:95:7f:
c3:d2:f7:ff:fb:12:75:83:45:82:c4:55:51:ef:cb:
3f:bb:2b:ed:10:81:e8:d3:4e:53:e9:18:42:fd:99:
b7:77:c6:50:5a:c7:ec:dc:3d:59:66:c8:99:90:b3:
c3:30:de:2a:3c:bc:a5:d1:9d:9a:aa:a8:bb:fa:ab:
92:62:ec:22:73:a5:00:4e:34:0e:82:1a:19:b3:9a:
da:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:6E:42:2D:81:5D:29:9D:77:43:55:2C:58:C6:CD:E4:ED:50:C9:DB
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Z25CLYFdKZ13Q1UsWMbN5O1Qyds.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
ab:a9:c7:06:9a:5d:4a:b8:84:3f:18:5e:8c:e3:42:f6:dd:f6:
6f:fc:f9:a0:73:35:0b:68:44:3f:e4:5c:c3:2b:83:ee:98:4c:
47:3b:07:ac:12:04:d3:69:c7:73:0e:b0:1b:1e:51:5a:42:1b:
9d:a2:e6:30:48:f4:c2:66:f0:ab:ef:54:95:fb:8d:34:9f:b5:
fe:7c:5c:41:11:56:fe:5f:db:4a:af:71:33:8d:88:6c:05:37:
af:df:11:b1:6f:b4:cd:b2:c6:d6:fa:f6:77:3c:b4:13:8d:78:
d5:19:f1:3f:05:6b:fe:09:da:11:30:43:f8:cd:ed:7a:c6:fe:
dd:90:df:01:50:ca:8c:f0:84:ea:47:75:d3:1a:08:1e:5e:77:
83:91:86:68:7b:bd:a2:92:30:0c:85:ef:d5:ba:bb:d6:e6:93:
c1:65:f2:97:c9:6b:66:20:ef:be:7b:fa:ac:84:0c:c0:bd:7c:
1e:94:9d:dc:a0:19:56:66:33:6c:61:4d:8c:cb:e2:ef:38:56:
5d:27:14:6d:a5:c1:0a:2e:05:1d:96:8c:0c:af:c4:0e:c4:e1:
29:d8:2a:8b:1a:eb:9e:a7:8e:17:4e:90:4b:82:4e:a5:83:bf:
25:ab:f1:00:65:38:60:3a:3a:bd:20:3f:e7:ef:3d:c8:a8:d4:
a7:cb:fb:70
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYQYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTYx
OTQwMzFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDY3NkU0MjJEODE1RDI5
OUQ3NzQzNTUyQzU4QzZDREU0RUQ1MEM5REIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDA6jhFOdNsLrTLYhJDbe3L/JoBwPxQ6+YNcd5YxptrHyejXaq/
3yndKMzDpOIgWMGrpKufGJgBkvoSDoUvF3sfzTqGeG7zRqIOmfOa+EoOvOTf6+am
4MLT7E59aPN43S9y8MFs9rPkBpjLUQyfsMBJcWuq8RouiUf0RNrEPxVOBo63x2Di
RG1pxmp25MpzJ04b2lGwZ2tYC0cgf1D1+Yh5tFbauzR+39xEuvAKIUPP5uGVf8PS
9//7EnWDRYLEVVHvyz+7K+0QgejTTlPpGEL9mbd3xlBax+zcPVlmyJmQs8Mw3io8
vKXRnZqqqLv6q5Ji7CJzpQBONA6CGhmzmtqnAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUZ25CLYFdKZ13Q1UsWMbN5O1QydswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1oyNUNMWUZkS1oxM1Ex
VXNXTWJONU8xUXlkcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCrqccG
ml1KuIQ/GF6M40L23fZv/PmgczULaEQ/5FzDK4PumExHOwesEgTTacdzDrAbHlFa
QhudouYwSPTCZvCr71SV+400n7X+fFxBEVb+X9tKr3EzjYhsBTev3xGxb7TNssbW
+vZ3PLQTjXjVGfE/BWv+CdoRMEP4ze16xv7dkN8BUMqM8ITqR3XTGggeXneDkYZo
e72ikjAMhe/VurvW5pPBZfKXyWtmIO++e/qshAzAvXwelJ3coBlWZjNsYU2My+Lv
OFZdJxRtpcEKLgUdlowMr8QOxOEp2CqLGuuep44XTpBLgk6lg78lq/EAZThgOjq9
ID/n7z3IqNSny/tw
-----END CERTIFICATE-----
Generated at Sat May 17 19:41:10 2025 by rpki-client