Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/u3dFw9Ws7EBQOdYeTgHgSLqUe3I.roa
File: u3dFw9Ws7EBQOdYeTgHgSLqUe3I.roa (raw, json)
Hash identifier: 4QpOAf+CtdHojkNLIuM3HOQUTCNwbjDjexrGKJbKjCY=
Subject key identifier: BB:77:45:C3:D5:AC:EC:40:50:39:D6:1E:4E:01:E0:48:BA:94:7B:72
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5F78
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/u3dFw9Ws7EBQOdYeTgHgSLqUe3I.roa
Signing time: Mon 12 May 2025 16:10:18 +0000
ROA not before: Mon 12 May 2025 16:10:18 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24440 (0x5f78)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 12 16:10:18 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=BB7745C3D5ACEC405039D61E4E01E048BA947B72
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:b9:0c:a6:ce:42:0b:a2:98:0c:68:54:87:be:
48:f2:1e:b4:c2:f0:79:09:21:a9:4a:a6:c1:b9:5c:
ed:51:83:b8:ed:ed:10:a7:1f:77:94:63:b0:7d:3a:
49:7e:06:fa:e9:ee:fd:3c:92:36:a3:60:bc:7e:97:
e6:1b:21:37:9e:a8:3a:a7:42:23:19:50:ae:d6:d3:
a8:8c:8e:14:ab:7a:74:2c:1a:07:b5:46:06:c2:42:
d3:e5:f8:6b:75:8a:db:32:4f:41:2a:b4:20:14:5b:
b3:b5:38:44:cd:b6:b2:5c:17:d4:b0:c8:6a:85:a2:
87:33:14:81:ac:d3:17:fa:a3:e1:60:82:91:a5:0d:
19:b5:26:a2:1c:ab:07:d7:b4:3b:fb:56:f2:5d:de:
1d:19:79:29:98:43:15:a5:d7:10:9c:1b:45:ed:0c:
73:dd:7b:ca:2d:7e:9f:6f:e5:53:a2:9b:95:7d:56:
b5:c1:d6:60:58:55:df:c9:65:56:95:d5:5f:ff:5f:
fb:46:66:87:aa:f7:2c:8b:7e:6a:63:38:e8:7c:8d:
12:1f:16:fc:20:a6:dd:e4:8e:eb:7a:44:d8:de:95:
fa:be:10:07:be:e9:37:28:e7:aa:a8:08:b3:34:f8:
c9:11:5e:51:62:2d:c3:50:68:fa:24:9a:ef:01:6a:
7f:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:77:45:C3:D5:AC:EC:40:50:39:D6:1E:4E:01:E0:48:BA:94:7B:72
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/u3dFw9Ws7EBQOdYeTgHgSLqUe3I.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
10:db:79:55:74:81:c8:e5:64:7c:ff:7b:96:06:d8:4a:97:8a:
16:01:3f:f8:d3:14:31:bb:74:4d:af:34:9a:3f:c8:4e:75:64:
0b:10:ca:8c:e1:c1:7d:dd:7f:8b:33:3d:5e:0a:f2:68:8f:6e:
99:76:c9:d5:4e:27:14:a6:89:10:29:d7:3f:b6:c7:8c:44:ba:
aa:b3:84:1a:e7:e5:2e:81:6b:1a:12:e4:50:6e:ee:3b:80:09:
19:68:ce:c6:c7:60:1f:72:fd:c5:5e:06:c3:f7:23:bb:52:43:
5b:52:d5:65:b3:c0:cc:96:69:36:ef:0f:82:12:17:ec:f9:83:
f3:88:79:68:6a:4a:2d:dd:a1:4f:08:f3:59:57:e5:b2:06:4c:
d8:86:6e:de:c6:c2:ef:6f:17:82:7f:65:db:0c:b3:0d:48:60:
12:c1:a7:53:c0:42:1b:8f:f2:e3:ae:dc:1e:d8:05:ed:54:cf:
9d:ea:5b:40:e6:8b:7d:1e:54:15:71:1d:6a:6d:d5:37:6b:e9:
9b:9f:2e:a4:e7:f4:8b:04:51:1e:e1:e4:6d:20:ca:2b:74:37:
6a:f6:66:55:8e:e6:5f:24:da:a4:bb:a3:af:81:06:e3:c2:a6:
6a:3f:e8:ee:8d:7b:fd:75:07:d4:70:8b:8a:56:fd:f1:32:71:
27:24:90:8d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICX3gwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTIx
NjEwMThaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEJCNzc0NUMzRDVBQ0VD
NDA1MDM5RDYxRTRFMDFFMDQ4QkE5NDdCNzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCquQymzkILopgMaFSHvkjyHrTC8HkJIalKpsG5XO1Rg7jt7RCn
H3eUY7B9Okl+Bvrp7v08kjajYLx+l+YbITeeqDqnQiMZUK7W06iMjhSrenQsGge1
RgbCQtPl+Gt1itsyT0EqtCAUW7O1OETNtrJcF9SwyGqFooczFIGs0xf6o+FggpGl
DRm1JqIcqwfXtDv7VvJd3h0ZeSmYQxWl1xCcG0XtDHPde8otfp9v5VOim5V9VrXB
1mBYVd/JZVaV1V//X/tGZoeq9yyLfmpjOOh8jRIfFvwgpt3kjut6RNjelfq+EAe+
6Tco56qoCLM0+MkRXlFiLcNQaPokmu8Ban+hAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUu3dFw9Ws7EBQOdYeTgHgSLqUe3IwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3UzZEZ3OVdzN0VCUU9k
WWVUZ0hnU0xxVWUzSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAQ23lV
dIHI5WR8/3uWBthKl4oWAT/40xQxu3RNrzSaP8hOdWQLEMqM4cF93X+LMz1eCvJo
j26ZdsnVTicUpokQKdc/tseMRLqqs4Qa5+UugWsaEuRQbu47gAkZaM7Gx2Afcv3F
XgbD9yO7UkNbUtVls8DMlmk27w+CEhfs+YPziHloakot3aFPCPNZV+WyBkzYhm7e
xsLvbxeCf2XbDLMNSGASwadTwEIbj/Ljrtwe2AXtVM+d6ltA5ot9HlQVcR1qbdU3
a+mbny6k5/SLBFEe4eRtIMordDdq9mZVjuZfJNqku6OvgQbjwqZqP+jujXv9dQfU
cIuKVv3xMnEnJJCN
-----END CERTIFICATE-----
Generated at Sat May 17 19:42:17 2025 by rpki-client