Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/NtHCNcl-FFkvo1ybRa6Vd5j1QLM.roa
File: NtHCNcl-FFkvo1ybRa6Vd5j1QLM.roa (raw, json)
Hash identifier: jfZ2c2I4P7YC3oPtqllV3Q/vZACcM+SUkKXPG8cd0Po=
Subject key identifier: 36:D1:C2:35:C9:7E:14:59:2F:A3:5C:9B:45:AE:95:77:98:F5:40:B3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6144
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NtHCNcl-FFkvo1ybRa6Vd5j1QLM.roa
Signing time: Sat 17 May 2025 11:10:34 +0000
ROA not before: Sat 17 May 2025 11:10:34 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24900 (0x6144)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 17 11:10:34 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=36D1C235C97E14592FA35C9B45AE957798F540B3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f1:0e:29:0a:01:d9:2d:d8:4b:67:79:0d:6b:55:
f2:3d:21:38:02:11:28:e5:d1:42:41:32:b2:2a:d8:
6b:0d:f1:29:3f:a3:e9:95:d4:c2:86:e2:3d:89:6a:
d9:7c:33:fb:54:4b:93:04:e1:e5:a9:95:8b:8f:9a:
d8:ec:16:d5:04:7d:18:2a:d6:56:b9:06:47:0b:b3:
74:91:93:34:07:f4:ba:80:4d:b0:80:d1:78:67:bc:
c5:65:df:35:9a:86:67:98:22:e8:bc:44:78:87:ec:
b7:9e:f6:f3:fa:23:6e:db:68:7b:5f:26:68:6f:da:
a0:e0:96:37:9d:04:fa:7b:22:a4:c9:02:7d:cc:19:
d2:cb:3d:d1:f9:25:9e:ee:33:90:8a:be:20:d7:a6:
8b:56:57:7c:7a:45:a7:cb:73:0d:08:17:18:d3:7f:
6c:69:73:51:ba:91:d3:fc:00:a3:25:7e:8f:86:3b:
21:36:c3:84:f6:c0:49:d6:1e:d9:c2:d3:02:3d:a1:
a5:cd:eb:08:a5:f2:7b:71:dc:59:ba:13:3a:89:9f:
f9:f3:ec:4d:c2:58:09:59:d6:48:14:1c:55:d7:9d:
f5:3a:e8:11:18:79:24:4d:9f:d6:ac:00:53:d0:a5:
50:c4:20:fd:55:b0:1f:95:67:c8:c2:5d:1d:d4:fd:
dd:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:D1:C2:35:C9:7E:14:59:2F:A3:5C:9B:45:AE:95:77:98:F5:40:B3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NtHCNcl-FFkvo1ybRa6Vd5j1QLM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
a8:c9:40:b7:a5:fd:b9:01:af:2c:cd:d8:e8:be:be:a2:ff:a6:
39:5e:86:b1:ed:34:2f:21:6b:7c:f8:61:57:76:99:03:6d:a9:
f2:61:ff:35:d3:7c:b2:70:44:d0:e1:14:01:14:18:3b:75:d0:
5a:7e:5b:14:44:46:9b:8e:6e:c2:a8:a8:f3:a5:38:45:33:65:
8e:3b:4d:6d:05:50:53:03:ba:4b:8f:30:a4:8a:6b:0e:f0:42:
85:59:04:32:d0:f0:5f:ef:82:e4:50:c4:cc:be:08:2b:43:a0:
6e:9d:52:7f:57:fa:fc:5e:9e:c1:c4:72:a7:e9:bb:85:3c:46:
28:53:4a:8d:a2:d2:47:2e:2d:19:a0:de:fe:30:bf:ed:b3:ee:
e6:7a:b2:69:bf:51:65:07:30:8e:5d:bd:0a:c2:89:a5:97:33:
b5:c4:fa:5f:8d:d0:3d:04:40:e9:dc:fc:ba:51:6b:70:cd:1f:
fd:de:ad:03:5b:67:fc:34:5f:19:06:0f:ae:fa:7d:cf:38:4e:
9f:55:88:67:94:dc:b5:5e:b6:55:66:dd:fd:89:ca:47:d6:4d:
2e:0d:e3:5a:52:77:2e:f9:bf:f7:d7:28:df:54:19:14:12:2f:
4a:63:be:17:f0:12:2b:e3:7f:19:32:f0:e8:b7:b1:00:fe:01:
78:31:21:61
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYUQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTcx
MTEwMzRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM2RDFDMjM1Qzk3RTE0
NTkyRkEzNUM5QjQ1QUU5NTc3OThGNTQwQjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDxDikKAdkt2EtneQ1rVfI9ITgCESjl0UJBMrIq2GsN8Sk/o+mV
1MKG4j2Jatl8M/tUS5ME4eWplYuPmtjsFtUEfRgq1la5BkcLs3SRkzQH9LqATbCA
0XhnvMVl3zWahmeYIui8RHiH7Lee9vP6I27baHtfJmhv2qDgljedBPp7IqTJAn3M
GdLLPdH5JZ7uM5CKviDXpotWV3x6RafLcw0IFxjTf2xpc1G6kdP8AKMlfo+GOyE2
w4T2wEnWHtnC0wI9oaXN6wil8ntx3Fm6EzqJn/nz7E3CWAlZ1kgUHFXXnfU66BEY
eSRNn9asAFPQpVDEIP1VsB+VZ8jCXR3U/d2hAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUNtHCNcl+FFkvo1ybRa6Vd5j1QLMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L050SENOY2wtRkZrdm8x
eWJSYTZWZDVqMVFMTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCoyUC3
pf25Aa8szdjovr6i/6Y5Xoax7TQvIWt8+GFXdpkDbanyYf8103yycETQ4RQBFBg7
ddBaflsUREabjm7CqKjzpThFM2WOO01tBVBTA7pLjzCkimsO8EKFWQQy0PBf74Lk
UMTMvggrQ6BunVJ/V/r8Xp7BxHKn6buFPEYoU0qNotJHLi0ZoN7+ML/ts+7merJp
v1FlBzCOXb0KwomllzO1xPpfjdA9BEDp3Py6UWtwzR/93q0DW2f8NF8ZBg+u+n3P
OE6fVYhnlNy1XrZVZt39icpH1k0uDeNaUncu+b/31yjfVBkUEi9KY74X8BIr438Z
MvDot7EA/gF4MSFh
-----END CERTIFICATE-----
Generated at Sat Jun 21 07:59:41 2025 by rpki-client