Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/dxSECB-XmGOao0OG7quRI3xnD4c.roa
File: dxSECB-XmGOao0OG7quRI3xnD4c.roa (raw, json)
Hash identifier: i9RSn0He+EmF0z5MoFujVuz3l2NpYpv4Ihyow8I8+HI=
Subject key identifier: 77:14:84:08:1F:97:98:63:9A:A3:43:86:EE:AB:91:23:7C:67:0F:87
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5FF8
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dxSECB-XmGOao0OG7quRI3xnD4c.roa
Signing time: Wed 14 May 2025 00:10:28 +0000
ROA not before: Wed 14 May 2025 00:10:28 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24568 (0x5ff8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 14 00:10:28 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=771484081F9798639AA34386EEAB91237C670F87
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:91:33:9e:42:70:8e:b2:bf:67:74:63:8f:d5:
96:cf:b4:ca:97:88:c1:f8:42:f8:86:26:92:dc:27:
74:65:92:b1:39:14:af:58:30:90:83:43:6b:79:68:
5a:6c:a1:b3:8f:ca:fd:66:c6:e9:04:af:d8:9a:1a:
99:7e:f3:7a:ae:f9:08:6e:ff:e9:a7:15:05:42:ec:
26:4a:99:72:fe:79:5d:b0:01:6b:e3:aa:6a:59:51:
72:37:ff:7f:6e:9d:6a:03:46:48:38:29:38:c9:c1:
ef:8d:85:00:dc:04:29:df:8b:56:85:92:21:5f:09:
33:60:46:48:b1:8a:59:c8:97:ae:9e:5f:f3:b2:05:
d8:bd:00:e4:ac:09:d3:e0:e0:d1:38:3c:d4:f6:c0:
e4:fd:1d:98:b3:ed:08:74:bb:84:2d:9c:8c:00:cd:
bc:03:f1:b6:e4:91:2c:0e:d9:23:00:30:7d:11:ad:
30:bd:58:b7:2d:39:8b:c1:fb:04:3a:70:02:55:a5:
72:1c:5c:1c:10:9c:20:3b:82:9a:e8:51:83:60:f8:
cc:f9:e1:13:c0:b3:5c:49:25:ff:7d:eb:37:45:df:
de:f3:b8:f9:eb:36:02:d1:8f:de:8b:43:ae:c5:b8:
9b:3f:68:73:65:12:b6:e6:70:ae:d8:51:2f:75:4b:
2e:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:14:84:08:1F:97:98:63:9A:A3:43:86:EE:AB:91:23:7C:67:0F:87
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/dxSECB-XmGOao0OG7quRI3xnD4c.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
04:1d:f9:85:7a:7f:7b:45:5f:3b:ea:d4:e3:9b:18:47:05:b3:
9c:1c:12:0d:e5:8a:76:62:e9:0b:4c:4f:12:f3:c4:fb:57:6a:
1b:42:29:50:08:d7:83:01:5b:f2:ef:f8:89:c8:27:ac:6c:d0:
ee:1b:9d:0f:e6:d3:c6:76:07:65:bf:c7:05:ba:76:89:2c:e0:
8b:89:8a:ed:bf:09:71:2e:b3:df:4c:ce:bd:f7:67:44:a6:77:
fa:b0:4f:a9:da:a5:2b:33:3c:15:68:5e:28:a6:8f:15:0f:fc:
5e:0a:ac:b6:1f:75:f6:41:c7:4f:01:64:83:e6:b5:d9:5e:5c:
2d:3c:93:c4:5e:b9:67:8b:fe:08:0a:68:9d:7f:05:7e:3d:6b:
1a:25:01:40:84:e8:8b:d0:6f:11:5a:fc:5e:ca:a4:82:c1:8f:
9d:82:bd:1f:e2:f4:cb:c3:54:6d:88:ad:93:fc:e9:13:e1:99:
3a:95:e8:23:27:eb:cc:0d:89:1d:5e:42:5e:bd:e7:fb:e7:13:
31:8e:11:ec:1b:bf:91:3d:57:a5:fc:ca:b7:fa:96:ff:f1:bd:
63:b6:3d:1e:f8:8f:20:e4:5e:ba:2e:04:e6:9d:87:78:b8:3e:
2d:f2:77:9b:65:8f:9d:8c:c6:2f:9e:76:a9:b2:ab:1c:0a:fd:
46:a6:2e:9d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICX/gwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTQw
MDEwMjhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDc3MTQ4NDA4MUY5Nzk4
NjM5QUEzNDM4NkVFQUI5MTIzN0M2NzBGODcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCkkTOeQnCOsr9ndGOP1ZbPtMqXiMH4QviGJpLcJ3RlkrE5FK9Y
MJCDQ2t5aFpsobOPyv1mxukEr9iaGpl+83qu+Qhu/+mnFQVC7CZKmXL+eV2wAWvj
qmpZUXI3/39unWoDRkg4KTjJwe+NhQDcBCnfi1aFkiFfCTNgRkixilnIl66eX/Oy
Bdi9AOSsCdPg4NE4PNT2wOT9HZiz7Qh0u4QtnIwAzbwD8bbkkSwO2SMAMH0RrTC9
WLctOYvB+wQ6cAJVpXIcXBwQnCA7gproUYNg+Mz54RPAs1xJJf996zdF397zuPnr
NgLRj96LQ67FuJs/aHNlErbmcK7YUS91Sy5JAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUdxSECB+XmGOao0OG7quRI3xnD4cwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2R4U0VDQi1YbUdPYW8w
T0c3cXVSSTN4bkQ0Yy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAEHfmF
en97RV876tTjmxhHBbOcHBIN5Yp2YukLTE8S88T7V2obQilQCNeDAVvy7/iJyCes
bNDuG50P5tPGdgdlv8cFunaJLOCLiYrtvwlxLrPfTM6992dEpnf6sE+p2qUrMzwV
aF4opo8VD/xeCqy2H3X2QcdPAWSD5rXZXlwtPJPEXrlni/4ICmidfwV+PWsaJQFA
hOiL0G8RWvxeyqSCwY+dgr0f4vTLw1RtiK2T/OkT4Zk6legjJ+vMDYkdXkJevef7
5xMxjhHsG7+RPVel/Mq3+pb/8b1jtj0e+I8g5F66LgTmnYd4uD4t8nebZY+djMYv
nnapsqscCv1Gpi6d
-----END CERTIFICATE-----
Generated at Sat May 17 22:39:14 2025 by rpki-client