Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/o-Z1qVoreTeeN0t26HuRHq_U4m8.roa
File: o-Z1qVoreTeeN0t26HuRHq_U4m8.roa (raw, json)
Hash identifier: zRDbIT9Gypv1VWM+r1Vjholj4BQJBQhsAM7zxZKyj8g=
Subject key identifier: A3:E6:75:A9:5A:2B:79:37:9E:37:4B:76:E8:7B:91:1E:AF:D4:E2:6F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5F7C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/o-Z1qVoreTeeN0t26HuRHq_U4m8.roa
Signing time: Mon 12 May 2025 17:10:16 +0000
ROA not before: Mon 12 May 2025 17:10:16 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24444 (0x5f7c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 12 17:10:16 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=A3E675A95A2B79379E374B76E87B911EAFD4E26F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:e7:32:35:ea:5c:b6:ea:53:75:d1:ae:ec:22:
02:1f:7f:05:98:43:42:2e:c7:78:6f:c5:c5:b7:96:
b1:ef:72:fb:0f:f2:29:4c:f7:98:68:d9:00:3e:56:
09:02:97:d0:0e:79:52:3b:48:5d:65:a7:11:7c:43:
d8:7b:a3:df:2d:ec:cd:4e:be:30:94:86:31:0a:4c:
11:e4:df:b4:96:c4:5d:0d:7d:2d:0a:ef:a5:32:1b:
e7:0c:13:78:f0:7f:eb:62:53:28:bf:ee:ed:39:d0:
50:32:ae:29:29:9d:76:86:0b:10:83:fd:32:aa:af:
0d:03:fe:ad:f6:f7:f5:e0:ae:aa:e9:66:79:00:61:
e8:ac:fb:fc:60:36:42:c8:96:98:27:69:c0:81:d0:
78:cb:65:fc:4a:b1:34:b7:e8:e0:5c:e7:9b:06:76:
29:0e:66:fe:de:d5:62:c3:1c:2f:a2:5d:16:0c:46:
04:fc:29:31:ea:9c:4c:93:17:61:0f:ce:07:57:8e:
35:58:3b:9b:38:ed:65:a2:73:0e:db:f0:a0:c6:e4:
89:a2:c0:e3:12:b1:ac:87:aa:63:e1:89:1d:93:95:
f0:59:af:ec:81:87:30:7a:cc:9f:c7:70:fa:35:b7:
9b:94:28:0f:3c:a5:bf:b6:4b:62:72:e5:77:84:35:
73:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:E6:75:A9:5A:2B:79:37:9E:37:4B:76:E8:7B:91:1E:AF:D4:E2:6F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/o-Z1qVoreTeeN0t26HuRHq_U4m8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
7b:2e:6d:e3:18:18:f1:ba:40:39:d7:af:1f:3f:3c:b6:93:7f:
75:a3:d2:63:d8:77:7b:ba:4c:7b:a0:74:1d:4a:ff:e3:58:6d:
4b:15:e3:d4:1c:80:26:09:fd:0d:09:6f:4c:64:89:96:32:9b:
80:fe:91:2f:91:6f:3f:75:5d:10:02:0d:7f:3a:b5:e1:e3:50:
d3:f7:e6:af:4a:08:6a:cd:27:ff:e7:3b:fe:7a:9b:44:bd:10:
20:2f:d4:9d:eb:60:42:bb:4a:64:f5:71:ee:75:ed:39:9d:25:
ca:1b:79:a9:1f:12:35:af:54:0e:f3:5a:e0:63:51:be:18:00:
e3:cb:3a:0c:aa:c7:91:d3:ac:33:c8:f4:a0:f0:16:b5:02:92:
26:2d:e1:46:f0:73:e0:14:04:fb:fe:85:38:4c:4e:c9:b5:45:
d9:b2:8e:1b:86:c6:73:72:77:e7:20:0a:1c:fa:ab:8f:d9:01:
9c:03:9a:6e:50:7c:a8:10:18:45:12:03:91:c1:39:bc:ea:62:
b3:9f:cf:55:64:93:da:9b:de:e6:e9:f1:8c:d5:da:60:dd:a8:
34:ad:91:ed:d6:53:e6:89:d5:03:97:3a:40:12:2c:ba:39:c9:
eb:41:e5:88:45:ca:b2:2b:2f:2f:3e:71:e3:39:e2:d0:46:da:
e3:39:a1:19
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICX3wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTIx
NzEwMTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEEzRTY3NUE5NUEyQjc5
Mzc5RTM3NEI3NkU4N0I5MTFFQUZENEUyNkYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCz5zI16ly26lN10a7sIgIffwWYQ0Iux3hvxcW3lrHvcvsP8ilM
95ho2QA+VgkCl9AOeVI7SF1lpxF8Q9h7o98t7M1OvjCUhjEKTBHk37SWxF0NfS0K
76UyG+cME3jwf+tiUyi/7u050FAyrikpnXaGCxCD/TKqrw0D/q329/XgrqrpZnkA
Yeis+/xgNkLIlpgnacCB0HjLZfxKsTS36OBc55sGdikOZv7e1WLDHC+iXRYMRgT8
KTHqnEyTF2EPzgdXjjVYO5s47WWicw7b8KDG5ImiwOMSsayHqmPhiR2TlfBZr+yB
hzB6zJ/HcPo1t5uUKA88pb+2S2Jy5XeENXOjAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUo+Z1qVoreTeeN0t26HuRHq/U4m8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L28tWjFxVm9yZVRlZU4w
dDI2SHVSSHFfVTRtOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB7Lm3j
GBjxukA5168fPzy2k391o9Jj2Hd7ukx7oHQdSv/jWG1LFePUHIAmCf0NCW9MZImW
MpuA/pEvkW8/dV0QAg1/OrXh41DT9+avSghqzSf/5zv+eptEvRAgL9Sd62BCu0pk
9XHude05nSXKG3mpHxI1r1QO81rgY1G+GADjyzoMqseR06wzyPSg8Ba1ApImLeFG
8HPgFAT7/oU4TE7JtUXZso4bhsZzcnfnIAoc+quP2QGcA5puUHyoEBhFEgORwTm8
6mKzn89VZJPam97m6fGM1dpg3ag0rZHt1lPmidUDlzpAEiy6OcnrQeWIRcqyKy8v
PnHjOeLQRtrjOaEZ
-----END CERTIFICATE-----
Generated at Sat May 17 22:49:04 2025 by rpki-client