Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/kCAZuLiS5fc9ov1rMRDSXaHCT4Y.roa
File: kCAZuLiS5fc9ov1rMRDSXaHCT4Y.roa (raw, json)
Hash identifier: zCUuZu9Js0DhQ7kzNc43zwqFY6sRafD3xF94EjgBqUs=
Subject key identifier: 90:20:19:B8:B8:92:E5:F7:3D:A2:FD:6B:31:10:D2:5D:A1:C2:4F:86
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 603E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/kCAZuLiS5fc9ov1rMRDSXaHCT4Y.roa
Signing time: Wed 14 May 2025 17:40:22 +0000
ROA not before: Wed 14 May 2025 17:40:22 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24638 (0x603e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 14 17:40:22 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=902019B8B892E5F73DA2FD6B3110D25DA1C24F86
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:4d:ea:5c:22:79:92:48:38:2b:8b:2d:fa:52:
1a:06:92:c2:95:c8:91:14:62:93:47:56:16:fe:bf:
04:fe:c2:9c:49:14:ac:bf:6f:84:f0:ae:92:9e:d0:
41:73:37:c3:53:52:e8:24:61:8d:79:8e:61:8c:34:
cc:df:69:3f:88:e6:03:20:56:7f:f8:5b:1a:cd:f5:
7f:fe:07:cd:4a:23:66:d6:b5:34:6c:2e:4a:6f:32:
f5:2d:99:f2:19:d5:27:62:c7:56:91:5d:a5:2d:ee:
91:8b:40:b2:cc:70:9a:21:74:bd:96:72:5e:85:ee:
1a:82:06:2a:4f:41:21:9c:54:f9:a6:eb:4a:cb:3f:
dc:fa:f0:52:ab:60:3a:e5:2d:e2:00:c1:03:3f:ea:
5d:0b:0a:7d:29:33:b9:94:4c:52:db:86:c5:db:77:
7b:d9:55:be:00:31:b4:3f:8a:99:cb:a8:41:58:04:
45:9d:ee:61:a7:a2:b9:d3:83:df:c6:6b:05:04:14:
f2:cf:71:bd:5e:08:ec:bd:a3:77:bc:05:aa:77:d7:
eb:ff:88:f8:fa:bc:9d:4f:f4:72:f3:e9:21:71:2c:
11:54:a8:e7:ab:05:30:10:12:8b:05:44:78:68:ad:
c8:39:71:8c:d1:da:9a:45:dd:71:ec:63:ff:e5:03:
64:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:20:19:B8:B8:92:E5:F7:3D:A2:FD:6B:31:10:D2:5D:A1:C2:4F:86
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/kCAZuLiS5fc9ov1rMRDSXaHCT4Y.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
8b:e5:0c:78:11:ff:76:03:a3:4d:b5:30:c1:2d:aa:e0:1e:77:
63:1f:99:ab:9c:74:39:ae:2d:0d:f2:20:ef:72:0d:ee:75:83:
06:09:87:02:49:30:28:99:0f:53:47:96:0f:89:29:cb:38:4b:
59:e5:00:7f:b4:58:47:e4:76:5f:68:c5:d6:f0:4e:53:35:9f:
14:78:da:2c:6c:10:05:70:ab:bf:09:71:86:8e:4b:ab:5a:14:
5d:91:17:79:f1:56:82:af:21:b7:b9:46:dd:ec:60:8a:b5:44:
4e:73:55:0e:e7:fa:f8:07:e6:68:eb:a8:c5:73:ac:97:5c:35:
c5:3a:9f:c7:f4:03:dc:49:ab:ec:52:b2:6f:51:93:7b:01:a8:
3d:ab:ab:79:6e:aa:d4:8f:5a:f0:b1:81:ba:45:f5:1b:de:c9:
c7:96:e1:0e:a3:6b:38:d3:1f:62:2e:6d:8c:ff:1a:a4:bc:20:
43:36:17:f5:4a:6d:dc:b7:0d:39:77:f6:7c:77:93:bd:4f:6d:
25:e7:47:b2:15:a0:e2:11:b1:fe:c0:ed:95:d7:07:59:13:9f:
11:76:fb:2d:f5:af:af:09:a4:a8:00:e3:c5:52:85:95:e5:84:
97:f3:69:6b:bd:f5:7d:cf:23:2f:23:77:73:c3:d6:54:cc:56:
0d:fc:fc:70
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYD4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTQx
NzQwMjJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDkwMjAxOUI4Qjg5MkU1
RjczREEyRkQ2QjMxMTBEMjVEQTFDMjRGODYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDSTepcInmSSDgriy36UhoGksKVyJEUYpNHVhb+vwT+wpxJFKy/
b4TwrpKe0EFzN8NTUugkYY15jmGMNMzfaT+I5gMgVn/4WxrN9X/+B81KI2bWtTRs
LkpvMvUtmfIZ1Sdix1aRXaUt7pGLQLLMcJohdL2Wcl6F7hqCBipPQSGcVPmm60rL
P9z68FKrYDrlLeIAwQM/6l0LCn0pM7mUTFLbhsXbd3vZVb4AMbQ/ipnLqEFYBEWd
7mGnornTg9/GawUEFPLPcb1eCOy9o3e8Bap31+v/iPj6vJ1P9HLz6SFxLBFUqOer
BTAQEosFRHhorcg5cYzR2ppF3XHsY//lA2SNAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUkCAZuLiS5fc9ov1rMRDSXaHCT4YwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2tDQVp1TGlTNWZjOW92
MXJNUkRTWGFIQ1Q0WS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCL5Qx4
Ef92A6NNtTDBLargHndjH5mrnHQ5ri0N8iDvcg3udYMGCYcCSTAomQ9TR5YPiSnL
OEtZ5QB/tFhH5HZfaMXW8E5TNZ8UeNosbBAFcKu/CXGGjkurWhRdkRd58VaCryG3
uUbd7GCKtUROc1UO5/r4B+Zo66jFc6yXXDXFOp/H9APcSavsUrJvUZN7Aag9q6t5
bqrUj1rwsYG6RfUb3snHluEOo2s40x9iLm2M/xqkvCBDNhf1Sm3ctw05d/Z8d5O9
T20l50eyFaDiEbH+wO2V1wdZE58Rdvst9a+vCaSoAOPFUoWV5YSX82lrvfV9zyMv
I3dzw9ZUzFYN/Pxw
-----END CERTIFICATE-----
Generated at Sat May 17 21:28:19 2025 by rpki-client