Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/vDQiIN4PWfh6pFqUT0axDRF-Vok.roa
File: vDQiIN4PWfh6pFqUT0axDRF-Vok.roa (raw, json)
Hash identifier: shoGx3kTGeJQtqIFFq/7qxmXVCidtpNq9TU7mAWT86Y=
Subject key identifier: BC:34:22:20:DE:0F:59:F8:7A:A4:5A:94:4F:46:B1:0D:11:7E:56:89
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6156
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vDQiIN4PWfh6pFqUT0axDRF-Vok.roa
Signing time: Sat 17 May 2025 15:40:24 +0000
ROA not before: Sat 17 May 2025 15:40:24 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24918 (0x6156)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 17 15:40:24 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=BC342220DE0F59F87AA45A944F46B10D117E5689
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:94:87:c8:96:76:56:b5:55:a6:08:26:72:cf:
02:4f:35:f2:52:f0:98:3a:73:3a:9b:92:fc:73:5e:
6c:bf:6a:83:7c:17:c7:aa:ca:a0:8e:3c:fa:74:0f:
96:51:5b:32:43:60:5d:10:e4:cc:a0:be:46:6e:d3:
87:40:19:b6:f3:da:e9:e5:60:66:04:cb:0d:20:9f:
33:65:7c:b3:65:da:de:72:b3:1e:36:98:fe:ee:c9:
2f:f6:49:40:4c:93:66:ad:9f:18:cd:31:18:e9:3d:
ef:f5:57:6c:7f:d6:67:78:ba:2f:01:57:2f:b9:c0:
09:b3:51:31:9d:ee:ba:0b:87:80:aa:b5:4f:8c:09:
bc:76:28:db:d7:42:3a:30:15:14:9d:cc:d9:05:4d:
b7:75:a5:8a:0e:c5:d8:0c:b4:6e:65:c9:1a:40:09:
c4:55:ec:de:d7:fb:6b:85:1d:2b:38:36:ea:4c:11:
15:14:83:a8:44:95:8e:5a:77:cd:ad:98:61:d9:99:
95:f6:28:26:22:8e:81:61:16:a4:9d:4c:96:b1:e5:
b4:b7:6a:69:9c:51:cd:93:e4:13:c5:ec:e4:54:cf:
4a:bf:4e:17:c4:8f:87:f2:57:a6:de:05:2d:b8:ab:
66:cf:6d:04:8a:0f:b4:97:9f:6c:8f:ef:35:c3:71:
c1:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BC:34:22:20:DE:0F:59:F8:7A:A4:5A:94:4F:46:B1:0D:11:7E:56:89
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vDQiIN4PWfh6pFqUT0axDRF-Vok.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
64:66:cf:3a:e6:42:5a:43:42:05:82:a6:99:dd:c6:b9:3f:93:
85:03:18:4f:ff:93:7c:88:4d:08:05:75:f9:67:b8:5c:32:e9:
90:ee:dd:69:1e:fa:b2:22:bb:c6:1e:c2:78:b8:8b:62:60:01:
e0:5a:a3:7a:d4:15:5c:47:e2:b8:b4:f8:37:e8:02:0b:66:f9:
bf:0e:2f:2c:7d:b8:cf:d5:5b:1a:5d:64:61:1e:93:3b:a6:6e:
6c:8f:d4:c6:41:8d:7b:c1:6d:6f:d2:77:00:73:65:c6:cc:b4:
cc:17:c1:74:52:d6:ee:92:76:92:10:6a:1f:b9:8d:6f:a0:a3:
42:1f:7d:c7:d3:f6:fe:c7:14:71:64:8c:46:f9:ee:d4:37:fe:
9c:c4:76:62:7e:16:e6:89:d7:4b:e0:e2:72:ee:7d:cb:60:ef:
95:54:7f:48:76:3d:0d:68:83:8a:a6:13:3d:f6:2e:8a:f3:3a:
4e:93:4b:83:b6:5a:46:5b:eb:5c:b3:90:bd:13:5c:0d:f8:d8:
6a:90:0b:4f:04:8c:b8:a4:b3:c7:8c:b6:2c:fc:79:e4:fd:a1:
45:ca:9d:4a:43:f7:2a:a6:fa:bb:36:7b:f2:83:b2:d9:e5:3c:
56:3f:4f:6e:f2:18:78:80:a3:4b:e1:ab:d5:be:6e:dd:4a:03:
8b:3c:d1:71
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYVYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTcx
NTQwMjRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEJDMzQyMjIwREUwRjU5
Rjg3QUE0NUE5NDRGNDZCMTBEMTE3RTU2ODkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDTlIfIlnZWtVWmCCZyzwJPNfJS8Jg6czqbkvxzXmy/aoN8F8eq
yqCOPPp0D5ZRWzJDYF0Q5MygvkZu04dAGbbz2unlYGYEyw0gnzNlfLNl2t5ysx42
mP7uyS/2SUBMk2atnxjNMRjpPe/1V2x/1md4ui8BVy+5wAmzUTGd7roLh4CqtU+M
Cbx2KNvXQjowFRSdzNkFTbd1pYoOxdgMtG5lyRpACcRV7N7X+2uFHSs4NupMERUU
g6hElY5ad82tmGHZmZX2KCYijoFhFqSdTJax5bS3ammcUc2T5BPF7ORUz0q/ThfE
j4fyV6beBS24q2bPbQSKD7SXn2yP7zXDccFLAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUvDQiIN4PWfh6pFqUT0axDRF+VokwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3ZEUWlJTjRQV2ZoNnBG
cVVUMGF4RFJGLVZvay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBkZs86
5kJaQ0IFgqaZ3ca5P5OFAxhP/5N8iE0IBXX5Z7hcMumQ7t1pHvqyIrvGHsJ4uIti
YAHgWqN61BVcR+K4tPg36AILZvm/Di8sfbjP1VsaXWRhHpM7pm5sj9TGQY17wW1v
0ncAc2XGzLTMF8F0UtbuknaSEGofuY1voKNCH33H0/b+xxRxZIxG+e7UN/6cxHZi
fhbmiddL4OJy7n3LYO+VVH9Idj0NaIOKphM99i6K8zpOk0uDtlpGW+tcs5C9E1wN
+NhqkAtPBIy4pLPHjLYs/Hnk/aFFyp1KQ/cqpvq7Nnvyg7LZ5TxWP09u8hh4gKNL
4avVvm7dSgOLPNFx
-----END CERTIFICATE-----
Generated at Sat May 17 19:37:51 2025 by rpki-client