Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/zVXY_hVIk77RKveGRLFSeLFZWvc.roa
File: zVXY_hVIk77RKveGRLFSeLFZWvc.roa (raw, json)
Hash identifier: RnHq0JZx8jTWem3AFc0V8uFaPMtBUKO+Nh9OqL7ayvU=
Subject key identifier: CD:55:D8:FE:15:48:93:BE:D1:2A:F7:86:44:B1:52:78:B1:59:5A:F7
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6134
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zVXY_hVIk77RKveGRLFSeLFZWvc.roa
Signing time: Sat 17 May 2025 07:10:37 +0000
ROA not before: Sat 17 May 2025 07:10:37 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24884 (0x6134)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 17 07:10:37 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=CD55D8FE154893BED12AF78644B15278B1595AF7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:d9:ac:8a:ab:d8:a5:0b:32:ea:c4:c4:4c:42:
9f:07:94:58:d0:1b:0f:80:73:07:a5:dc:20:dc:99:
15:b7:c1:17:6b:a5:b3:b5:bc:47:d7:8c:ee:2f:33:
6e:de:6e:1b:74:07:2c:38:9e:f5:13:67:e7:2e:ae:
d9:27:79:9b:55:87:52:0e:46:2d:a4:b0:4f:54:37:
5e:7b:64:fe:a6:12:fb:30:58:80:37:c4:f6:39:b8:
4a:18:11:9f:24:97:75:18:80:78:9b:b7:67:5e:55:
cb:5f:0b:5b:57:a2:d4:79:45:22:6a:66:e0:69:df:
45:e7:2a:71:9d:52:e3:3a:d9:b2:bc:e6:51:fa:12:
ba:4a:06:f1:54:22:be:8f:4c:21:17:3b:69:c3:d3:
0c:21:21:60:67:b4:dd:49:a3:f9:0d:19:ec:99:f7:
1d:1b:57:8e:ad:57:c8:aa:f0:38:38:59:57:f2:6b:
e0:98:fd:75:87:fd:62:0c:37:79:5f:cb:8f:f6:fc:
69:fd:5b:e0:2d:52:ee:cd:f5:4f:66:32:86:4b:88:
f9:d9:0e:a7:f7:fb:15:1c:2c:ee:9e:76:02:4d:46:
9e:26:dc:5e:e4:57:3f:39:54:d1:06:ff:f6:5b:c2:
b7:59:37:dc:f3:f0:a7:4c:9c:0d:50:6e:f7:70:01:
e2:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:55:D8:FE:15:48:93:BE:D1:2A:F7:86:44:B1:52:78:B1:59:5A:F7
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zVXY_hVIk77RKveGRLFSeLFZWvc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
0f:6e:54:ad:a4:76:42:75:5a:5f:1c:ba:f5:ad:8a:8b:80:0c:
c3:da:34:cc:25:3f:b3:65:01:69:21:41:5b:a9:f8:59:af:9a:
b6:86:21:eb:60:62:cb:8c:4e:fb:82:d4:c3:4f:86:0d:62:99:
22:6c:ac:c4:30:41:b6:d6:ac:64:87:65:4d:91:13:8f:1c:76:
34:3b:e6:84:e6:ab:d3:cf:8d:06:ee:2c:5c:6b:53:99:7a:9a:
20:81:57:f4:f9:eb:18:05:4e:e4:4c:93:5e:f7:50:31:47:dc:
a0:f7:c8:c2:b7:e9:ff:11:6f:3b:08:79:9b:b9:d3:3e:b3:6c:
b3:f4:52:6d:ee:a8:b9:99:15:85:7f:b0:42:f5:0c:03:09:38:
53:f0:7e:d5:d3:38:be:b3:1a:4b:12:f5:d7:67:d4:86:fe:0f:
33:64:10:83:83:f0:c2:2d:44:5e:e5:ba:1f:a3:76:23:b5:13:
46:80:e8:ab:54:0f:fc:cf:7c:a1:c3:9e:74:5d:41:35:f7:0b:
54:a3:3d:b7:e0:4f:eb:18:95:5b:98:82:4b:97:9d:7e:f8:7c:
83:3c:ed:89:f1:c1:13:e5:fc:72:55:d0:5e:84:ed:34:bd:ec:
f1:17:02:e3:34:0a:5d:34:a9:99:74:ea:27:5a:9e:9a:b9:ba:
75:a3:65:84
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYTQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTcw
NzEwMzdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKENENTVEOEZFMTU0ODkz
QkVEMTJBRjc4NjQ0QjE1Mjc4QjE1OTVBRjcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/2ayKq9ilCzLqxMRMQp8HlFjQGw+Acwel3CDcmRW3wRdrpbO1
vEfXjO4vM27ebht0Byw4nvUTZ+curtkneZtVh1IORi2ksE9UN157ZP6mEvswWIA3
xPY5uEoYEZ8kl3UYgHibt2deVctfC1tXotR5RSJqZuBp30XnKnGdUuM62bK85lH6
ErpKBvFUIr6PTCEXO2nD0wwhIWBntN1Jo/kNGeyZ9x0bV46tV8iq8Dg4WVfya+CY
/XWH/WIMN3lfy4/2/Gn9W+AtUu7N9U9mMoZLiPnZDqf3+xUcLO6edgJNRp4m3F7k
Vz85VNEG//ZbwrdZN9zz8KdMnA1QbvdwAeITAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUzVXY/hVIk77RKveGRLFSeLFZWvcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3pWWFlfaFZJazc3Ukt2
ZUdSTEZTZUxGWld2Yy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAPblSt
pHZCdVpfHLr1rYqLgAzD2jTMJT+zZQFpIUFbqfhZr5q2hiHrYGLLjE77gtTDT4YN
YpkibKzEMEG21qxkh2VNkROPHHY0O+aE5qvTz40G7ixca1OZepoggVf0+esYBU7k
TJNe91AxR9yg98jCt+n/EW87CHmbudM+s2yz9FJt7qi5mRWFf7BC9QwDCThT8H7V
0zi+sxpLEvXXZ9SG/g8zZBCDg/DCLURe5bofo3YjtRNGgOirVA/8z3yhw550XUE1
9wtUoz234E/rGJVbmIJLl51++HyDPO2J8cET5fxyVdBehO00vezxFwLjNApdNKmZ
dOonWp6aubp1o2WE
-----END CERTIFICATE-----
Generated at Sat May 17 19:38:50 2025 by rpki-client