Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/xJk7pW00iVvOUEcg-7HS3qJHQm4.roa
File: xJk7pW00iVvOUEcg-7HS3qJHQm4.roa (raw, json)
Hash identifier: W+57UdtxUrjSmRY5zSUjM1qcukXNwUbxmLKKrtN5S40=
Subject key identifier: C4:99:3B:A5:6D:34:89:5B:CE:50:47:20:FB:B1:D2:DE:A2:47:42:6E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5F6E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xJk7pW00iVvOUEcg-7HS3qJHQm4.roa
Signing time: Mon 12 May 2025 13:40:22 +0000
ROA not before: Mon 12 May 2025 13:40:22 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24430 (0x5f6e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 12 13:40:22 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=C4993BA56D34895BCE504720FBB1D2DEA247426E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:f8:8f:67:ef:a9:63:15:98:d0:62:58:da:9d:
10:62:38:7f:93:20:f4:98:4a:58:87:a5:11:60:55:
85:a0:05:62:8b:d9:cf:a2:46:bb:2f:22:8d:f9:f0:
3b:4d:74:20:2e:a3:ea:00:dd:0b:27:1a:22:52:da:
4d:de:d4:0f:62:ae:75:3f:ee:ba:12:9c:5c:9e:e3:
78:d8:6f:22:b5:be:c7:14:19:80:94:6f:92:d2:72:
4f:3c:e5:b9:f8:d2:4d:e7:df:e0:ef:d1:a8:b4:87:
a6:47:50:4a:f4:10:a4:30:7a:e3:b5:11:64:f3:57:
a6:8e:4c:da:03:0a:c0:b7:f7:ba:f2:91:5e:01:03:
dd:8e:0c:59:4f:86:a8:48:80:f5:ac:19:e4:9a:00:
a3:94:e7:41:20:77:78:37:28:e2:3c:d5:f9:7d:1d:
e7:b6:b0:0c:8d:c3:52:57:95:b5:6b:3e:da:74:43:
e6:ed:1d:33:71:57:ae:fe:aa:8b:6c:db:16:e0:76:
90:7e:c5:e6:56:40:34:b1:06:dd:e4:68:42:61:26:
7f:83:0a:d8:3f:33:b9:73:c5:35:5f:05:c3:0a:93:
42:92:55:a1:25:86:75:0a:9c:89:ab:9a:7a:c5:4e:
48:24:eb:18:df:92:ff:8b:e3:c5:44:b1:33:fe:3d:
fe:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:99:3B:A5:6D:34:89:5B:CE:50:47:20:FB:B1:D2:DE:A2:47:42:6E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xJk7pW00iVvOUEcg-7HS3qJHQm4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
a4:29:d7:24:8b:e1:e6:4a:0b:d4:de:33:83:0f:a2:ee:63:88:
43:46:6f:9d:65:cf:3d:d8:4a:eb:ef:4f:de:e5:c2:91:54:39:
2b:80:46:97:55:14:7d:f5:d6:fc:9f:20:70:40:e7:3f:02:48:
1e:51:30:31:7b:b2:e2:d3:fd:5c:14:fb:07:7f:7a:11:7d:5d:
32:c7:3a:28:e4:95:7f:d7:3c:77:f1:dd:b5:4b:0a:a0:e4:5f:
3b:9e:5d:b5:f1:fb:50:01:f4:a1:e0:a6:83:34:21:fc:61:cc:
37:97:0c:ef:4c:d5:39:83:44:e9:68:15:6c:6b:ec:e1:e0:ac:
cd:98:53:c2:73:0a:a0:0b:75:62:5e:b4:e1:79:bf:83:f1:b0:
54:04:19:3e:69:32:a3:d2:c3:f2:6c:86:86:9c:44:6b:05:6a:
9a:03:9c:77:4b:48:a6:df:ae:84:25:16:c2:8b:8e:33:3a:e7:
7f:ad:0d:af:f5:c1:6f:7f:a0:bc:c9:79:5d:4f:03:a6:dd:47:
7d:79:a5:f3:81:fc:ed:a7:a1:88:10:30:5f:cd:5a:f7:42:be:
8e:98:65:cb:f1:0c:d0:e0:e0:14:c3:45:a1:e2:15:cf:52:b6:
20:f5:17:28:1e:b1:73:88:0f:d6:d7:9b:7d:d3:9c:99:56:92:
d3:ed:bb:0f
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICX24wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTIx
MzQwMjJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEM0OTkzQkE1NkQzNDg5
NUJDRTUwNDcyMEZCQjFEMkRFQTI0NzQyNkUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDM+I9n76ljFZjQYljanRBiOH+TIPSYSliHpRFgVYWgBWKL2c+i
RrsvIo358DtNdCAuo+oA3QsnGiJS2k3e1A9irnU/7roSnFye43jYbyK1vscUGYCU
b5LSck885bn40k3n3+Dv0ai0h6ZHUEr0EKQweuO1EWTzV6aOTNoDCsC397rykV4B
A92ODFlPhqhIgPWsGeSaAKOU50Egd3g3KOI81fl9Hee2sAyNw1JXlbVrPtp0Q+bt
HTNxV67+qots2xbgdpB+xeZWQDSxBt3kaEJhJn+DCtg/M7lzxTVfBcMKk0KSVaEl
hnUKnImrmnrFTkgk6xjfkv+L48VEsTP+Pf6tAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUxJk7pW00iVvOUEcg+7HS3qJHQm4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3hKazdwVzAwaVZ2T1VF
Y2ctN0hTM3FKSFFtNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCkKdck
i+HmSgvU3jODD6LuY4hDRm+dZc892Err70/e5cKRVDkrgEaXVRR99db8nyBwQOc/
AkgeUTAxe7Li0/1cFPsHf3oRfV0yxzoo5JV/1zx38d21Swqg5F87nl218ftQAfSh
4KaDNCH8Ycw3lwzvTNU5g0TpaBVsa+zh4KzNmFPCcwqgC3ViXrTheb+D8bBUBBk+
aTKj0sPybIaGnERrBWqaA5x3S0im366EJRbCi44zOud/rQ2v9cFvf6C8yXldTwOm
3Ud9eaXzgfztp6GIEDBfzVr3Qr6OmGXL8QzQ4OAUw0Wh4hXPUrYg9RcoHrFziA/W
15t905yZVpLT7bsP
-----END CERTIFICATE-----
Generated at Sat May 17 21:29:26 2025 by rpki-client