Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/_28U11wzCnrljL1TSnrAy5EeclY.roa
File: _28U11wzCnrljL1TSnrAy5EeclY.roa (raw, json)
Hash identifier: tM2K4c/9Bpzj2girFiRE1195OVCMvvP02QtWK8lvjpg=
Subject key identifier: FF:6F:14:D7:5C:33:0A:7A:E5:8C:BD:53:4A:7A:C0:CB:91:1E:72:56
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5F72
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_28U11wzCnrljL1TSnrAy5EeclY.roa
Signing time: Mon 12 May 2025 14:40:23 +0000
ROA not before: Mon 12 May 2025 14:40:23 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24434 (0x5f72)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 12 14:40:23 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=FF6F14D75C330A7AE58CBD534A7AC0CB911E7256
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:77:dd:e6:a2:fb:f3:74:7e:09:d7:e6:23:ef:
04:f2:1d:31:70:ae:55:99:6d:4a:5c:14:f4:90:97:
f2:0d:d5:02:ea:75:3f:74:2c:be:9a:f0:a2:48:be:
51:07:52:28:96:f1:a0:34:65:22:f4:3b:e3:d1:df:
3d:ef:af:db:a0:5f:f2:dd:19:4e:1f:70:eb:e8:89:
7a:99:89:61:61:fa:ec:b6:c3:64:c7:4a:1e:7e:50:
27:cf:20:ef:07:f4:92:a9:ba:1e:29:5e:e3:8c:3e:
2c:c0:e1:19:3f:90:24:ec:ff:08:10:fe:ed:19:54:
8a:20:42:a8:66:97:9d:c6:c3:27:2d:9b:03:cd:af:
13:15:7f:5a:b4:fb:d1:70:41:6b:60:97:23:88:d7:
4a:5f:1b:d9:00:09:e7:c0:8b:60:56:67:02:93:ca:
a6:e1:74:5e:2f:82:0c:9c:d1:2f:ca:f9:07:e9:4f:
a7:1e:de:41:83:94:10:47:51:63:f0:17:e2:4d:b2:
28:13:2e:a1:61:6b:35:08:37:e2:97:b5:6d:d7:3d:
8f:9b:91:4a:f5:78:47:61:a1:67:08:e9:17:54:7a:
1a:08:d6:ca:25:24:e2:75:bb:8f:c7:af:67:51:49:
d6:10:35:68:d7:b2:c9:30:f1:97:80:d8:0e:a4:76:
16:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:6F:14:D7:5C:33:0A:7A:E5:8C:BD:53:4A:7A:C0:CB:91:1E:72:56
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_28U11wzCnrljL1TSnrAy5EeclY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
50:fd:4e:8d:0e:9e:ba:82:48:4c:fa:34:d1:77:4c:69:28:1b:
d5:df:d0:1f:80:a9:db:ad:2e:9a:61:59:1f:1b:61:23:8d:6f:
8e:29:19:65:83:39:37:24:a5:40:8a:e4:83:50:c9:f0:f3:0d:
a6:cc:0d:63:be:46:be:bf:e9:44:ca:cf:ce:84:8d:39:36:84:
a6:f5:e8:79:c4:98:20:33:72:99:7d:6d:7c:d8:07:ea:5d:59:
03:fe:07:3e:01:b4:de:1f:a0:81:44:da:f1:e3:00:aa:75:1a:
1e:22:ca:2f:ae:75:02:f3:52:7f:f8:a9:63:8f:b4:ec:93:e4:
dd:60:f9:24:e7:bc:51:34:ee:d4:88:76:43:65:9a:5e:38:ab:
c4:39:58:11:c6:76:46:e7:db:06:1e:91:1e:7e:0d:34:b1:cf:
00:9d:20:f2:d6:eb:71:e9:dd:9c:7f:41:96:b3:e7:f7:a7:2f:
ec:be:17:88:c9:ff:a3:de:9d:82:78:ec:80:99:ad:84:c5:da:
d8:ca:07:08:2c:0f:47:84:6e:ac:a6:f2:64:66:f5:d6:fe:17:
5c:61:e4:e8:34:4a:5c:77:9b:68:50:28:95:d1:e7:16:c0:e0:
72:09:26:d5:0f:dd:0e:5c:5c:9a:e4:09:69:63:9b:05:84:a6:
b7:88:98:73
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICX3IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTIx
NDQwMjNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEZGNkYxNEQ3NUMzMzBB
N0FFNThDQkQ1MzRBN0FDMENCOTExRTcyNTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDHd93movvzdH4J1+Yj7wTyHTFwrlWZbUpcFPSQl/IN1QLqdT90
LL6a8KJIvlEHUiiW8aA0ZSL0O+PR3z3vr9ugX/LdGU4fcOvoiXqZiWFh+uy2w2TH
Sh5+UCfPIO8H9JKpuh4pXuOMPizA4Rk/kCTs/wgQ/u0ZVIogQqhml53GwyctmwPN
rxMVf1q0+9FwQWtglyOI10pfG9kACefAi2BWZwKTyqbhdF4vggyc0S/K+QfpT6ce
3kGDlBBHUWPwF+JNsigTLqFhazUIN+KXtW3XPY+bkUr1eEdhoWcI6RdUehoI1sol
JOJ1u4/Hr2dRSdYQNWjXsskw8ZeA2A6kdhbXAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU/28U11wzCnrljL1TSnrAy5EeclYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L18yOFUxMXd6Q25ybGpM
MVRTbnJBeTVFZWNsWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBQ/U6N
Dp66gkhM+jTRd0xpKBvV39AfgKnbrS6aYVkfG2EjjW+OKRllgzk3JKVAiuSDUMnw
8w2mzA1jvka+v+lEys/OhI05NoSm9eh5xJggM3KZfW182AfqXVkD/gc+AbTeH6CB
RNrx4wCqdRoeIsovrnUC81J/+Kljj7Tsk+TdYPkk57xRNO7UiHZDZZpeOKvEOVgR
xnZG59sGHpEefg00sc8AnSDy1utx6d2cf0GWs+f3py/svheIyf+j3p2CeOyAma2E
xdrYygcILA9HhG6spvJkZvXW/hdcYeToNEpcd5toUCiV0ecWwOByCSbVD90OXFya
5AlpY5sFhKa3iJhz
-----END CERTIFICATE-----
Generated at Sat May 17 19:37:41 2025 by rpki-client