Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/z6iINa7_wetuQNWNA85rLtrcXOQ.roa
File: z6iINa7_wetuQNWNA85rLtrcXOQ.roa (raw, json)
Hash identifier: jwaLFNqF8tpjXr04wb0v/7p8Nm6Uv6ZKDZwhIXdI5FU=
Subject key identifier: CF:A8:88:35:AE:FF:C1:EB:6E:40:D5:8D:03:CE:6B:2E:DA:DC:5C:E4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 60A0
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/z6iINa7_wetuQNWNA85rLtrcXOQ.roa
Signing time: Thu 15 May 2025 18:10:24 +0000
ROA not before: Thu 15 May 2025 18:10:24 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24736 (0x60a0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 15 18:10:24 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=CFA88835AEFFC1EB6E40D58D03CE6B2EDADC5CE4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:64:64:64:f5:c7:4a:f2:3a:f8:55:81:57:85:
17:f6:70:62:25:4f:d9:90:13:8d:ba:15:fd:4c:f0:
f8:fa:2e:4e:64:29:21:77:5d:a8:65:80:92:44:e6:
40:95:1d:0a:58:e8:a2:0b:93:67:98:6e:ee:03:87:
ce:c9:2c:96:24:bd:e4:03:67:0b:51:d9:f4:f3:8e:
b9:0d:66:d6:25:2f:a9:bf:41:07:38:44:02:44:3d:
83:df:02:fa:41:80:73:64:15:42:a7:3c:a2:02:32:
1b:6f:30:8d:ad:ef:16:a0:93:dc:44:9c:4f:f4:c7:
69:c2:90:86:c3:01:29:63:45:17:e7:4f:10:f9:44:
4a:90:b6:32:c1:67:e5:36:fa:59:e2:f1:e4:79:a1:
cc:a2:03:83:e7:49:ac:82:36:09:6f:d3:3b:38:48:
53:44:83:4b:2c:70:45:39:a1:19:32:d5:9a:1c:e8:
64:fb:44:de:65:ff:f1:03:a1:a9:ea:bf:db:04:ab:
6a:31:c1:fa:11:c6:f7:62:76:77:93:fc:58:a8:69:
fa:2c:1c:8a:d3:5b:ed:52:59:c4:ff:db:b7:fb:96:
96:1e:bc:30:4f:09:08:94:f5:5f:6f:82:de:ce:61:
4a:b3:9b:50:a3:f7:78:55:22:90:b5:00:81:26:82:
6e:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:A8:88:35:AE:FF:C1:EB:6E:40:D5:8D:03:CE:6B:2E:DA:DC:5C:E4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/z6iINa7_wetuQNWNA85rLtrcXOQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
84:af:d7:38:59:dd:60:3e:0b:06:91:c2:2d:b1:ac:2a:a1:a5:
7d:52:bd:5a:97:b6:42:dd:94:f9:67:73:46:75:27:46:3c:31:
f4:21:72:d0:49:fc:41:e0:27:c4:3e:91:2d:76:20:54:05:49:
ed:54:d1:66:2c:33:16:1a:58:6d:3f:bc:d8:87:1e:b3:e4:d6:
d1:3e:3f:a2:7e:4a:42:ef:4d:60:47:47:8b:20:3d:e1:ae:09:
dc:d3:60:dc:2f:f5:6a:38:d0:6d:b1:72:37:75:70:d8:8e:53:
71:21:02:d4:33:5b:0c:4e:be:75:58:22:43:ae:3c:f9:8e:c1:
3d:1d:69:b6:5a:ed:cd:e2:06:24:e4:2f:aa:b2:c3:4c:9e:d9:
46:cc:28:b4:31:04:f3:77:ee:38:53:e3:28:96:4d:dd:60:2b:
37:a2:25:5b:5c:b2:a9:0d:d9:34:a6:8b:60:53:a1:b9:23:73:
61:31:ff:86:70:ef:48:96:a1:8e:e4:29:c3:bd:6c:01:78:9b:
0b:ef:f4:5f:a1:6d:c3:f2:46:1b:62:18:2a:c3:29:c2:52:f1:
35:99:d7:48:78:22:ed:b0:53:df:cf:d6:6f:25:3c:4e:97:25:
9f:b0:d8:0a:08:4b:f1:e2:78:18:3f:0d:18:d1:b4:12:8a:bc:
e8:70:62:b5
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYKAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTUx
ODEwMjRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKENGQTg4ODM1QUVGRkMx
RUI2RTQwRDU4RDAzQ0U2QjJFREFEQzVDRTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCxZGRk9cdK8jr4VYFXhRf2cGIlT9mQE426Ff1M8Pj6Lk5kKSF3
XahlgJJE5kCVHQpY6KILk2eYbu4Dh87JLJYkveQDZwtR2fTzjrkNZtYlL6m/QQc4
RAJEPYPfAvpBgHNkFUKnPKICMhtvMI2t7xagk9xEnE/0x2nCkIbDASljRRfnTxD5
REqQtjLBZ+U2+lni8eR5ocyiA4PnSayCNglv0zs4SFNEg0sscEU5oRky1Zoc6GT7
RN5l//EDoanqv9sEq2oxwfoRxvdidneT/FioafosHIrTW+1SWcT/27f7lpYevDBP
CQiU9V9vgt7OYUqzm1Cj93hVIpC1AIEmgm6/AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUz6iINa7/wetuQNWNA85rLtrcXOQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3o2aUlOYTdfd2V0dVFO
V05BODVyTHRyY1hPUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCEr9c4
Wd1gPgsGkcItsawqoaV9Ur1al7ZC3ZT5Z3NGdSdGPDH0IXLQSfxB4CfEPpEtdiBU
BUntVNFmLDMWGlhtP7zYhx6z5NbRPj+ifkpC701gR0eLID3hrgnc02DcL/VqONBt
sXI3dXDYjlNxIQLUM1sMTr51WCJDrjz5jsE9HWm2Wu3N4gYk5C+qssNMntlGzCi0
MQTzd+44U+Molk3dYCs3oiVbXLKpDdk0potgU6G5I3NhMf+GcO9IlqGO5CnDvWwB
eJsL7/RfoW3D8kYbYhgqwynCUvE1mddIeCLtsFPfz9ZvJTxOlyWfsNgKCEvx4ngY
Pw0Y0bQSirzocGK1
-----END CERTIFICATE-----
Generated at Sun May 18 02:14:03 2025 by rpki-client