Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/zYnmvlK5d9d5HxD8uuVfXT0kQaw.roa
File: zYnmvlK5d9d5HxD8uuVfXT0kQaw.roa (raw, json)
Hash identifier: 7uJm9bYEclmZQolPud3NNI1nrOq/gveaPpZd+gxC9Vw=
Subject key identifier: CD:89:E6:BE:52:B9:77:D7:79:1F:10:FC:BA:E5:5F:5D:3D:24:41:AC
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5FAC
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zYnmvlK5d9d5HxD8uuVfXT0kQaw.roa
Signing time: Tue 13 May 2025 05:11:20 +0000
ROA not before: Tue 13 May 2025 05:11:20 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24492 (0x5fac)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 13 05:11:20 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=CD89E6BE52B977D7791F10FCBAE55F5D3D2441AC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:5d:de:0c:2b:4d:4a:f1:0c:d4:7c:b6:8f:78:
b5:86:bc:33:91:ed:71:0d:7a:f0:f9:5d:56:e5:a1:
a8:66:ec:5b:cc:dc:94:5e:96:cf:28:43:cb:1c:72:
e9:2e:87:d8:86:ee:06:6a:3f:0d:6b:23:f0:de:bb:
27:e4:20:c2:eb:b1:4d:8b:54:b6:e2:7d:1f:18:a9:
ce:f7:04:22:82:3c:1d:03:4c:31:a7:f6:27:55:8a:
a2:43:b4:b4:06:bb:76:66:54:af:06:b6:8c:cb:bd:
d2:da:fe:8c:91:ed:f6:f9:75:41:24:3c:f4:3e:23:
40:c1:8f:32:32:81:27:0e:56:b2:54:dc:c5:4c:ce:
d1:61:05:59:f6:47:01:e2:b6:d9:0b:7f:4e:98:49:
9e:cd:c1:08:02:b5:26:00:d1:69:29:d5:75:8f:6a:
c2:19:0a:d1:6d:9a:13:5f:e0:23:d3:c7:aa:4e:c2:
b8:63:54:55:43:f5:9c:a2:36:03:a7:32:4d:de:0b:
8e:bb:c8:11:aa:20:31:83:c7:d9:5b:46:67:71:da:
66:36:e3:ca:eb:e5:eb:23:31:06:d0:c5:3f:c4:c5:
36:ec:dd:d2:ef:e3:8d:58:8d:8d:62:c0:94:e3:8a:
fc:d4:26:0b:11:9f:6a:67:c9:20:63:84:32:e0:f3:
65:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:89:E6:BE:52:B9:77:D7:79:1F:10:FC:BA:E5:5F:5D:3D:24:41:AC
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/zYnmvlK5d9d5HxD8uuVfXT0kQaw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
6b:81:b3:cb:f5:e4:c8:7b:b9:6a:24:1e:c1:0d:5e:42:b0:e9:
57:b3:6a:47:f3:dc:7d:3c:a6:85:6b:e9:70:79:a1:98:fa:3a:
1e:2b:4c:5e:b0:28:4d:f8:be:e3:15:41:6a:65:2e:c8:6d:18:
52:9d:fa:cf:03:4d:54:bf:75:84:b5:af:c4:65:c1:11:5e:ac:
26:81:2a:d4:f8:cd:69:26:ce:41:f9:d8:0b:06:94:0b:d0:92:
49:5d:14:df:02:82:de:ea:14:60:8a:80:07:d7:59:d0:34:33:
60:30:03:0a:80:9f:8f:4b:1b:78:d4:a6:aa:5d:ac:ec:a3:a9:
2b:9f:c4:87:34:83:ab:52:dd:db:ce:cb:26:2d:48:48:31:40:
85:65:e8:b4:72:04:42:cb:9f:1a:76:7c:10:98:36:8a:88:20:
b7:3f:4f:d8:98:a5:c6:7f:0b:9c:ca:16:f3:c7:3a:63:c8:27:
6e:06:f6:1f:02:7a:a9:c0:42:d7:09:94:8e:37:0b:be:48:48:
5e:35:61:33:db:48:80:20:7b:e4:34:1e:f1:c1:c4:7b:64:32:
8c:e1:64:05:ac:45:25:c4:62:df:91:d7:73:d4:88:1e:16:8b:
21:46:11:8a:5f:e9:67:5e:48:a3:4c:dd:3d:1b:42:92:7e:cc:
04:8f:92:d7
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICX6wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTMw
NTExMjBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKENEODlFNkJFNTJCOTc3
RDc3OTFGMTBGQ0JBRTU1RjVEM0QyNDQxQUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCqXd4MK01K8QzUfLaPeLWGvDOR7XENevD5XVbloahm7FvM3JRe
ls8oQ8sccukuh9iG7gZqPw1rI/DeuyfkIMLrsU2LVLbifR8Yqc73BCKCPB0DTDGn
9idViqJDtLQGu3ZmVK8GtozLvdLa/oyR7fb5dUEkPPQ+I0DBjzIygScOVrJU3MVM
ztFhBVn2RwHittkLf06YSZ7NwQgCtSYA0Wkp1XWPasIZCtFtmhNf4CPTx6pOwrhj
VFVD9ZyiNgOnMk3eC467yBGqIDGDx9lbRmdx2mY248rr5esjMQbQxT/ExTbs3dLv
441YjY1iwJTjivzUJgsRn2pnySBjhDLg82W1AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUzYnmvlK5d9d5HxD8uuVfXT0kQawwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3pZbm12bEs1ZDlkNUh4
RDh1dVZmWFQwa1Fhdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBrgbPL
9eTIe7lqJB7BDV5CsOlXs2pH89x9PKaFa+lweaGY+joeK0xesChN+L7jFUFqZS7I
bRhSnfrPA01Uv3WEta/EZcERXqwmgSrU+M1pJs5B+dgLBpQL0JJJXRTfAoLe6hRg
ioAH11nQNDNgMAMKgJ+PSxt41KaqXazso6krn8SHNIOrUt3bzssmLUhIMUCFZei0
cgRCy58adnwQmDaKiCC3P0/YmKXGfwucyhbzxzpjyCduBvYfAnqpwELXCZSONwu+
SEheNWEz20iAIHvkNB7xwcR7ZDKM4WQFrEUlxGLfkddz1IgeFoshRhGKX+lnXkij
TN09G0KSfswEj5LX
-----END CERTIFICATE-----
Generated at Sat May 17 23:54:14 2025 by rpki-client