Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/xPVbQXLS2Nt1iaaKtnQ54779tB8.roa
File: xPVbQXLS2Nt1iaaKtnQ54779tB8.roa (raw, json)
Hash identifier: O8F3053PuKHWbNfukIGcTTD7fputJxRO5zEaUDQpMNk=
Subject key identifier: C4:F5:5B:41:72:D2:D8:DB:75:89:A6:8A:B6:74:39:E3:BE:FD:B4:1F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6018
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xPVbQXLS2Nt1iaaKtnQ54779tB8.roa
Signing time: Wed 14 May 2025 08:10:28 +0000
ROA not before: Wed 14 May 2025 08:10:28 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24600 (0x6018)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 14 08:10:28 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=C4F55B4172D2D8DB7589A68AB67439E3BEFDB41F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:1a:89:17:39:d5:68:8c:9e:bf:f9:1e:ce:6c:
7b:a5:6f:a6:ee:34:43:ab:b2:a0:bd:4a:3b:a4:8e:
ef:49:e6:4d:00:5a:d2:d8:12:ef:23:c5:aa:aa:5d:
35:c5:2d:b2:1f:56:6c:86:a1:af:55:6f:9a:69:b6:
d0:c9:b2:dc:d4:aa:d3:e9:23:74:50:c7:36:50:04:
6c:f1:60:8d:bf:75:8b:32:57:70:88:37:27:03:61:
ae:e2:8a:fe:cb:6d:56:9c:69:e4:cf:b0:f0:b3:3c:
bf:6f:eb:3d:49:a8:35:ac:26:43:d2:c0:74:13:f8:
cb:93:a0:9f:22:f9:71:fa:79:28:2a:4e:b3:0a:bd:
58:44:74:9e:5b:5f:77:3e:b3:6c:db:88:7c:0c:63:
0a:58:2a:2e:1b:4c:b0:a2:fa:46:4d:61:c5:0e:9e:
89:15:ea:f9:01:8e:f0:d1:b3:56:87:7d:ef:b3:ec:
91:3b:38:3c:05:18:f5:ad:92:af:54:fe:e3:8d:11:
a7:12:33:cb:5d:ce:fb:fd:d6:a9:0f:10:70:a8:58:
ea:1c:4d:79:f5:9f:bc:01:66:e3:25:bf:b6:93:23:
dc:6b:0c:c3:cc:24:64:07:a9:b5:ad:26:00:d6:09:
c5:a6:b2:66:7a:e8:22:a6:9e:ab:7b:17:03:bb:af:
fe:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:F5:5B:41:72:D2:D8:DB:75:89:A6:8A:B6:74:39:E3:BE:FD:B4:1F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xPVbQXLS2Nt1iaaKtnQ54779tB8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
23:1a:43:ae:cf:57:a0:cc:13:60:aa:45:36:f7:70:6b:f8:f9:
d0:c1:6b:c8:5a:01:a5:6c:ad:75:a8:3d:cd:11:33:c2:bd:64:
e0:44:41:7f:15:ad:1f:ab:da:de:57:ce:32:75:b9:96:96:0d:
74:d4:5c:f3:19:e3:3a:13:40:bf:e2:47:35:04:be:64:0c:87:
89:0b:bf:14:78:09:a2:d3:0c:03:a5:12:be:da:da:da:a0:ee:
9a:c9:14:31:76:1a:b4:e2:94:15:cb:07:bc:e0:ff:62:f1:d3:
34:01:9f:ec:ae:b7:30:c8:f2:21:ac:23:6c:53:06:03:f5:7b:
78:55:33:ff:91:66:a4:94:d3:40:98:b9:79:91:26:bc:70:cb:
7d:16:2a:0c:f8:07:5b:b1:4c:fd:b1:69:df:ff:32:02:d9:c8:
e9:15:14:47:50:1e:83:db:eb:6f:59:0f:a9:0e:db:46:7b:cd:
dc:1c:32:1c:09:96:d6:64:68:60:9e:23:2d:d1:6e:eb:0b:92:
92:de:0d:b7:3e:29:50:3f:20:65:f8:f3:41:b8:af:f0:41:5e:
83:e4:24:49:df:1c:10:b3:ea:fb:2b:8f:76:11:89:36:26:0d:
49:0a:62:de:a3:3a:d1:41:76:0d:43:3c:dc:a8:8b:83:a9:28:
87:28:c3:dd
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYBgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTQw
ODEwMjhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEM0RjU1QjQxNzJEMkQ4
REI3NTg5QTY4QUI2NzQzOUUzQkVGREI0MUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDPGokXOdVojJ6/+R7ObHulb6buNEOrsqC9Sjukju9J5k0AWtLY
Eu8jxaqqXTXFLbIfVmyGoa9Vb5ppttDJstzUqtPpI3RQxzZQBGzxYI2/dYsyV3CI
NycDYa7iiv7LbVacaeTPsPCzPL9v6z1JqDWsJkPSwHQT+MuToJ8i+XH6eSgqTrMK
vVhEdJ5bX3c+s2zbiHwMYwpYKi4bTLCi+kZNYcUOnokV6vkBjvDRs1aHfe+z7JE7
ODwFGPWtkq9U/uONEacSM8tdzvv91qkPEHCoWOocTXn1n7wBZuMlv7aTI9xrDMPM
JGQHqbWtJgDWCcWmsmZ66CKmnqt7FwO7r/4NAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUxPVbQXLS2Nt1iaaKtnQ54779tB8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3hQVmJRWExTMk50MWlh
YUt0blE1NDc3OXRCOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAjGkOu
z1egzBNgqkU293Br+PnQwWvIWgGlbK11qD3NETPCvWTgREF/Fa0fq9reV84ydbmW
lg101FzzGeM6E0C/4kc1BL5kDIeJC78UeAmi0wwDpRK+2traoO6ayRQxdhq04pQV
ywe84P9i8dM0AZ/srrcwyPIhrCNsUwYD9Xt4VTP/kWaklNNAmLl5kSa8cMt9FioM
+AdbsUz9sWnf/zIC2cjpFRRHUB6D2+tvWQ+pDttGe83cHDIcCZbWZGhgniMt0W7r
C5KS3g23PilQPyBl+PNBuK/wQV6D5CRJ3xwQs+r7K492EYk2Jg1JCmLeozrRQXYN
QzzcqIuDqSiHKMPd
-----END CERTIFICATE-----
Generated at Sat May 17 19:41:22 2025 by rpki-client