Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/NiI4LtawVfU1a-Gz5KHG25eBS34.roa
File: NiI4LtawVfU1a-Gz5KHG25eBS34.roa (raw, json)
Hash identifier: JCPHE03DJLN8/5xui0ZhDyCABmksxSIofcbm2QwqTJQ=
Subject key identifier: 36:22:38:2E:D6:B0:55:F5:35:6B:E1:B3:E4:A1:C6:DB:97:81:4B:7E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 67D0
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NiI4LtawVfU1a-Gz5KHG25eBS34.roa
Signing time: Tue 03 Jun 2025 22:11:40 +0000
ROA not before: Tue 03 Jun 2025 22:11:40 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26576 (0x67d0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 3 22:11:40 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=3622382ED6B055F5356BE1B3E4A1C6DB97814B7E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:d2:80:f3:84:e4:2f:58:df:5c:22:1a:36:40:
b5:ca:fe:75:24:fa:88:96:1a:84:11:f9:e4:df:71:
3f:78:4d:ca:9d:57:7f:aa:94:d4:7c:42:c4:ce:05:
cd:66:76:82:d1:8e:7b:a0:1c:73:a9:1d:d1:0f:97:
34:c8:d7:de:74:58:6c:0d:57:2d:ed:0f:be:6a:65:
59:0c:6c:32:04:a5:a6:c3:98:1d:d2:e1:54:c1:ab:
c3:b6:d6:9c:e4:f4:6b:59:d8:47:7c:4c:b0:4e:d1:
d2:8c:d2:60:d8:fc:8a:35:19:be:26:cf:4d:11:c7:
ee:57:72:ce:f7:d0:46:1e:e5:88:b5:b9:42:ee:38:
6f:21:b5:9e:b3:da:b7:42:6a:82:25:61:06:b1:43:
b4:b7:aa:55:0c:01:7b:05:f2:63:62:87:17:58:73:
78:65:5e:37:fa:9a:76:6e:37:73:c8:4d:c7:25:a3:
dc:20:4e:3e:3a:0c:af:25:47:9a:fa:95:71:5f:63:
0a:39:18:95:72:b5:b8:a8:bf:e6:12:65:9e:f4:48:
e4:70:00:b7:a0:74:34:09:e0:1a:05:71:ed:e7:11:
7a:d8:80:29:6b:5c:31:2e:0d:b1:fa:ac:b6:3c:24:
69:a4:5e:b5:26:66:3c:56:bb:34:7f:a6:61:2a:b4:
5e:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:22:38:2E:D6:B0:55:F5:35:6B:E1:B3:E4:A1:C6:DB:97:81:4B:7E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NiI4LtawVfU1a-Gz5KHG25eBS34.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
29:e4:f7:6e:6b:a4:88:09:d7:d5:df:34:72:41:7f:14:56:6f:
0d:45:04:12:7e:38:e6:80:a8:c1:ae:f1:2f:42:d1:9e:ef:f2:
20:f8:49:63:9c:f3:32:aa:d0:6f:f8:03:25:4d:dc:08:af:c2:
16:55:ed:4e:5c:a2:ee:43:de:45:a3:80:29:95:4c:de:8e:96:
3b:82:3f:12:41:3e:b5:3e:17:05:e2:e6:b8:1c:09:16:e9:d1:
c4:b9:7a:bb:0c:ca:31:85:75:70:84:e0:d0:c8:46:25:29:dc:
61:ad:e2:15:e3:0d:30:4b:d9:24:42:0a:af:f0:5f:7f:3f:a5:
3e:5e:e5:ba:f8:a2:56:d0:3b:4f:df:c0:7d:e4:a4:b3:ea:97:
97:46:3d:df:54:1b:71:6a:1e:d1:3d:34:6f:13:f2:75:a5:0d:
00:21:97:36:46:83:a4:67:ae:b4:9f:59:89:eb:0a:9d:68:ea:
f8:0f:43:a5:33:ad:16:2a:03:78:62:95:85:0c:f1:b3:06:ef:
75:5d:74:f4:56:4e:3a:b7:3c:9e:20:5b:3d:9e:64:66:03:a7:
41:ab:86:20:c3:3c:7c:72:4b:8a:35:37:88:03:12:40:b4:ad:
88:39:1f:54:41:64:ae:f5:d5:53:0b:7c:a3:ab:eb:19:8b:cd:
4f:f7:d2:0e
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZ9AwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDMy
MjExNDBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM2MjIzODJFRDZCMDU1
RjUzNTZCRTFCM0U0QTFDNkRCOTc4MTRCN0UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC90oDzhOQvWN9cIho2QLXK/nUk+oiWGoQR+eTfcT94TcqdV3+q
lNR8QsTOBc1mdoLRjnugHHOpHdEPlzTI1950WGwNVy3tD75qZVkMbDIEpabDmB3S
4VTBq8O21pzk9GtZ2Ed8TLBO0dKM0mDY/Io1Gb4mz00Rx+5Xcs730EYe5Yi1uULu
OG8htZ6z2rdCaoIlYQaxQ7S3qlUMAXsF8mNihxdYc3hlXjf6mnZuN3PITcclo9wg
Tj46DK8lR5r6lXFfYwo5GJVytbiov+YSZZ70SORwALegdDQJ4BoFce3nEXrYgClr
XDEuDbH6rLY8JGmkXrUmZjxWuzR/pmEqtF4vAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUNiI4LtawVfU1a+Gz5KHG25eBS34wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L05pSTRMdGF3VmZVMWEt
R3o1S0hHMjVlQlMzNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAp5Pdu
a6SICdfV3zRyQX8UVm8NRQQSfjjmgKjBrvEvQtGe7/Ig+EljnPMyqtBv+AMlTdwI
r8IWVe1OXKLuQ95Fo4AplUzejpY7gj8SQT61PhcF4ua4HAkW6dHEuXq7DMoxhXVw
hODQyEYlKdxhreIV4w0wS9kkQgqv8F9/P6U+XuW6+KJW0DtP38B95KSz6peXRj3f
VBtxah7RPTRvE/J1pQ0AIZc2RoOkZ660n1mJ6wqdaOr4D0OlM60WKgN4YpWFDPGz
Bu91XXT0Vk46tzyeIFs9nmRmA6dBq4Ygwzx8ckuKNTeIAxJAtK2IOR9UQWSu9dVT
C3yjq+sZi81P99IO
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:59:53 2025 by rpki-client