Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Nw-KcKotGIz76X0uX8bGFz-GYp4.roa
File: Nw-KcKotGIz76X0uX8bGFz-GYp4.roa (raw, json)
Hash identifier: 0Tj2Y9cqtnAVwDex1NDe7oP9UvdqkFWiXm17XDT91VY=
Subject key identifier: 37:0F:8A:70:AA:2D:18:8C:FB:E9:7D:2E:5F:C6:C6:17:3F:86:62:9E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6226
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Nw-KcKotGIz76X0uX8bGFz-GYp4.roa
Signing time: Mon 19 May 2025 19:40:48 +0000
ROA not before: Mon 19 May 2025 19:40:48 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25126 (0x6226)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 19 19:40:48 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=370F8A70AA2D188CFBE97D2E5FC6C6173F86629E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:fd:47:ce:0c:0c:25:d4:68:e0:6e:a3:71:bb:
5b:4a:0a:bd:f9:31:94:d5:71:7b:2f:72:be:3e:55:
31:17:49:b5:1b:b3:08:28:5c:5f:07:a9:33:0e:56:
03:e0:e3:a5:20:c1:78:59:95:91:ec:45:76:27:10:
df:d8:43:5d:f8:70:92:eb:6c:d6:ae:95:d1:47:93:
20:cf:00:f5:38:f4:76:05:cd:8e:8c:6b:48:e6:e4:
ff:03:33:21:a7:44:32:48:d1:bf:79:f1:6c:f4:3d:
71:8c:a5:3e:5c:46:8e:d5:e9:4b:fa:69:de:54:ae:
74:9a:93:06:99:ff:97:cf:34:2b:0e:f9:20:61:bc:
57:a6:70:a9:7f:b8:2e:6b:0f:16:fc:27:2a:fc:91:
67:d4:3d:a4:61:0a:63:ef:10:7d:80:ed:31:a1:07:
ec:a4:97:aa:43:72:d4:91:5c:a3:8a:52:0c:d4:2a:
fa:fe:11:1c:af:d4:70:12:c3:f9:8a:8b:fd:1f:91:
04:e8:f8:cb:2f:d6:db:e8:17:10:a4:14:ea:6e:42:
fa:3b:ce:32:22:78:fa:c0:87:eb:9f:a4:77:88:aa:
c7:9f:38:5d:3f:ac:1d:e6:eb:82:a2:4a:95:d7:71:
36:fb:1e:75:91:14:ab:8b:63:d5:9e:da:9d:2d:5a:
5a:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:0F:8A:70:AA:2D:18:8C:FB:E9:7D:2E:5F:C6:C6:17:3F:86:62:9E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Nw-KcKotGIz76X0uX8bGFz-GYp4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
49:b6:48:86:fc:0a:fe:3d:df:63:ee:50:11:76:cf:3e:14:fd:
14:c3:7d:f6:7a:08:31:58:01:07:4f:fe:4d:b7:63:58:09:34:
7e:e5:44:c7:6a:61:cc:8d:02:37:f0:eb:9a:9d:93:93:cd:98:
e7:ff:df:01:a8:2e:13:62:78:25:2f:cd:9e:ea:1f:9b:1f:9f:
b6:aa:dd:b1:d0:13:81:70:80:6a:b0:98:b0:fa:79:58:88:a8:
e9:38:54:d9:6d:db:2e:bf:2b:35:fb:9c:be:4d:22:09:3e:0d:
cb:04:73:5c:ee:39:04:cb:e0:cf:0b:6a:86:d8:2b:31:bf:65:
d2:28:ce:41:01:0f:8d:9c:6e:13:91:1c:9d:88:cd:7f:49:34:
ba:0a:c6:40:fe:65:25:11:6c:d1:86:11:93:d0:d7:b5:17:b2:
be:21:90:77:f4:03:64:e1:c9:33:73:7f:dd:81:91:a2:f2:98:
dc:cd:8b:88:27:e2:91:62:b2:30:65:c0:86:01:78:73:c8:82:
18:62:96:be:4c:29:a0:40:35:f5:47:e7:94:4c:ca:77:9f:f0:
ec:f4:23:43:19:05:c1:11:a1:19:46:3d:d2:3d:bb:c8:3a:3b:
a8:20:7b:65:8c:7d:07:13:9e:63:93:7b:19:0a:84:59:56:ba:
90:1e:58:aa
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYiYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTkx
OTQwNDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM3MEY4QTcwQUEyRDE4
OENGQkU5N0QyRTVGQzZDNjE3M0Y4NjYyOUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDf/UfODAwl1GjgbqNxu1tKCr35MZTVcXsvcr4+VTEXSbUbswgo
XF8HqTMOVgPg46UgwXhZlZHsRXYnEN/YQ134cJLrbNauldFHkyDPAPU49HYFzY6M
a0jm5P8DMyGnRDJI0b958Wz0PXGMpT5cRo7V6Uv6ad5UrnSakwaZ/5fPNCsO+SBh
vFemcKl/uC5rDxb8Jyr8kWfUPaRhCmPvEH2A7TGhB+ykl6pDctSRXKOKUgzUKvr+
ERyv1HASw/mKi/0fkQTo+Msv1tvoFxCkFOpuQvo7zjIiePrAh+ufpHeIqsefOF0/
rB3m64KiSpXXcTb7HnWRFKuLY9We2p0tWlr9AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUNw+KcKotGIz76X0uX8bGFz+GYp4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L053LUtjS290R0l6NzZY
MHVYOGJHRnotR1lwNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBJtkiG
/Ar+Pd9j7lARds8+FP0Uw332eggxWAEHT/5Nt2NYCTR+5UTHamHMjQI38OuanZOT
zZjn/98BqC4TYnglL82e6h+bH5+2qt2x0BOBcIBqsJiw+nlYiKjpOFTZbdsuvys1
+5y+TSIJPg3LBHNc7jkEy+DPC2qG2Csxv2XSKM5BAQ+NnG4TkRydiM1/STS6CsZA
/mUlEWzRhhGT0Ne1F7K+IZB39ANk4ckzc3/dgZGi8pjczYuIJ+KRYrIwZcCGAXhz
yIIYYpa+TCmgQDX1R+eUTMp3n/Ds9CNDGQXBEaEZRj3SPbvIOjuoIHtljH0HE55j
k3sZCoRZVrqQHliq
-----END CERTIFICATE-----
Generated at Sat Jun 21 22:33:39 2025 by rpki-client