Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/VRnMfwpQjdpqcY-b-eT6GSaQU7Q.roa
File: VRnMfwpQjdpqcY-b-eT6GSaQU7Q.roa (raw, json)
Hash identifier: bcLCEz6CbeKdoGTvVfIuiFgaj53wrj+iMEiUo+ZXR7s=
Subject key identifier: 55:19:CC:7F:0A:50:8D:DA:6A:71:8F:9B:F9:E4:FA:19:26:90:53:B4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5F30
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/VRnMfwpQjdpqcY-b-eT6GSaQU7Q.roa
Signing time: Mon 12 May 2025 07:49:06 +0000
ROA not before: Mon 12 May 2025 07:49:06 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24368 (0x5f30)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 12 07:49:06 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=5519CC7F0A508DDA6A718F9BF9E4FA19269053B4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:2c:e9:1b:84:ea:36:85:88:d7:2f:f9:38:62:
92:4f:b8:e3:4c:3e:42:48:7a:ab:e1:e3:96:fd:57:
04:21:d6:70:8f:18:77:41:49:2f:85:58:18:c9:15:
fb:dd:97:fe:1d:0f:04:6e:a3:4b:df:ae:a6:35:02:
be:5c:93:19:cb:3c:8e:a0:44:72:ed:ec:c7:12:df:
d1:8f:13:82:fc:0e:b7:45:3c:01:cc:db:12:b4:f0:
12:2e:24:3c:d5:7b:a2:01:49:32:2c:d3:7f:d1:3f:
7c:f4:4b:8e:8f:48:44:1c:a9:5d:28:47:b2:7e:20:
02:ef:bc:2f:ee:12:05:d8:a8:9c:4c:4a:0c:b3:5b:
5a:22:c5:bd:13:c6:28:9a:69:2c:96:b8:79:bc:de:
04:c7:13:f8:dd:99:a1:3d:c9:38:5a:7e:96:b4:c7:
ae:7b:a6:c8:59:e7:b5:a3:92:b0:15:f7:a5:43:62:
3a:f8:7b:fd:1d:f7:e3:85:1b:82:a6:42:ad:ac:44:
ae:56:f7:21:01:30:4c:62:7a:9e:e4:9e:38:fc:3a:
9b:88:11:e6:87:25:2b:19:ad:48:51:19:2d:fd:71:
82:58:2b:b9:29:27:d3:eb:79:df:d1:b8:a9:03:25:
cc:9e:65:5e:07:a6:ae:8f:14:37:da:09:1a:30:e9:
a2:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
55:19:CC:7F:0A:50:8D:DA:6A:71:8F:9B:F9:E4:FA:19:26:90:53:B4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/VRnMfwpQjdpqcY-b-eT6GSaQU7Q.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
30:e5:2b:c9:b4:b9:91:91:3a:9f:53:3f:d8:be:6b:e0:27:6e:
b9:2a:6a:61:57:47:9c:4f:99:6f:e9:01:3e:8d:f2:61:94:e3:
9f:d2:a2:21:22:0b:a6:14:43:ec:e7:03:80:86:f2:57:29:39:
9f:ad:9c:b0:0f:43:e7:3b:41:84:19:7f:d2:4f:5e:28:6b:91:
a7:c4:48:82:2d:71:18:b6:ef:1f:37:41:fc:5e:7a:0d:36:10:
91:87:a6:4d:44:f6:42:7f:c8:ad:32:b7:cd:62:23:fe:73:16:
db:f4:f7:c2:a5:ac:e1:75:58:a7:4b:e3:af:43:e6:5c:b5:bd:
75:c6:b3:60:fe:a2:c0:29:2b:bc:c7:e7:ed:73:83:22:e6:cc:
4a:37:80:7a:e6:82:ed:08:ed:f4:1a:30:a4:f4:5d:fa:49:bd:
92:fe:49:77:92:a8:4d:a5:72:62:d4:35:c6:0c:9d:be:ad:d9:
e7:0b:82:56:c7:fc:b5:ef:9d:96:14:0c:a2:ae:78:f8:40:22:
b6:04:a0:61:7a:9c:15:d8:f9:ac:38:63:a9:18:0c:16:e0:5b:
d6:15:42:8e:94:80:1e:3f:b1:df:7b:37:06:91:3a:a1:44:d2:
ce:d2:76:41:fd:ac:12:41:ca:bb:a1:9b:ee:17:ae:5b:94:b7:
68:91:e4:cc
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICXzAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTIw
NzQ5MDZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDU1MTlDQzdGMEE1MDhE
REE2QTcxOEY5QkY5RTRGQTE5MjY5MDUzQjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCvLOkbhOo2hYjXL/k4YpJPuONMPkJIeqvh45b9VwQh1nCPGHdB
SS+FWBjJFfvdl/4dDwRuo0vfrqY1Ar5ckxnLPI6gRHLt7McS39GPE4L8DrdFPAHM
2xK08BIuJDzVe6IBSTIs03/RP3z0S46PSEQcqV0oR7J+IALvvC/uEgXYqJxMSgyz
W1oixb0TxiiaaSyWuHm83gTHE/jdmaE9yThafpa0x657pshZ57WjkrAV96VDYjr4
e/0d9+OFG4KmQq2sRK5W9yEBMExiep7knjj8OpuIEeaHJSsZrUhRGS39cYJYK7kp
J9Pred/RuKkDJcyeZV4Hpq6PFDfaCRow6aLLAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUVRnMfwpQjdpqcY+b+eT6GSaQU7QwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1ZSbk1md3BRamRwcWNZ
LWItZVQ2R1NhUVU3US5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAw5SvJ
tLmRkTqfUz/YvmvgJ265KmphV0ecT5lv6QE+jfJhlOOf0qIhIgumFEPs5wOAhvJX
KTmfrZywD0PnO0GEGX/ST14oa5GnxEiCLXEYtu8fN0H8XnoNNhCRh6ZNRPZCf8it
MrfNYiP+cxbb9PfCpazhdVinS+OvQ+Zctb11xrNg/qLAKSu8x+ftc4Mi5sxKN4B6
5oLtCO30GjCk9F36Sb2S/kl3kqhNpXJi1DXGDJ2+rdnnC4JWx/y1752WFAyirnj4
QCK2BKBhepwV2PmsOGOpGAwW4FvWFUKOlIAeP7HfezcGkTqhRNLO0nZB/awSQcq7
oZvuF65blLdokeTM
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:52:48 2025 by rpki-client