Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/nL9PwD8-CyZejvnueNHQbZCyXTo.roa
File: nL9PwD8-CyZejvnueNHQbZCyXTo.roa (raw, json)
Hash identifier: KmFch/G8MmPB1sdKES/PkV5CW/kirFqSHx4clXeZL8o=
Subject key identifier: 9C:BF:4F:C0:3F:3E:0B:26:5E:8E:F9:EE:78:D1:D0:6D:90:B2:5D:3A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6214
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/nL9PwD8-CyZejvnueNHQbZCyXTo.roa
Signing time: Mon 19 May 2025 15:10:33 +0000
ROA not before: Mon 19 May 2025 15:10:33 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25108 (0x6214)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 19 15:10:33 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=9CBF4FC03F3E0B265E8EF9EE78D1D06D90B25D3A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:2f:ef:04:1d:e9:f3:5e:2d:89:34:df:af:c0:
a3:4f:7d:7c:28:3a:52:c3:8e:12:39:97:36:d7:e6:
af:12:2e:4d:24:9f:2b:3a:8a:bc:9a:52:e4:49:57:
d8:a8:e7:cc:c0:5e:08:e2:b0:f6:a3:1e:74:5a:2f:
21:bb:b9:93:f1:ee:42:86:40:52:bc:42:ca:e4:95:
4a:2e:34:f5:95:af:14:e1:ab:5f:67:ec:31:58:17:
8b:41:ec:1d:92:f9:38:9c:40:60:09:f2:cf:16:fd:
72:6f:7b:cc:5d:d1:d7:ab:57:58:a8:35:96:5e:b2:
26:1c:12:ea:a8:e7:87:23:16:1e:89:e1:40:bc:ae:
32:48:fc:7f:fc:d1:48:1f:b5:8b:dc:f2:81:64:1e:
67:18:d7:11:68:52:d8:f0:9b:8d:e5:25:ed:08:b4:
b2:5c:77:03:b9:94:47:69:8f:09:14:f6:d9:72:df:
49:14:36:d3:af:a5:9b:ee:7c:81:ba:7a:f9:b9:7a:
f4:7b:24:5d:2c:79:98:b4:a7:e2:90:ad:53:15:5a:
86:ee:c6:f0:65:71:53:da:03:93:3c:4a:67:b3:5e:
f9:05:ce:1c:0d:22:8f:ab:3f:0b:da:16:0b:9a:92:
e5:93:18:c3:c9:80:4b:3a:a6:ad:5f:71:33:ae:aa:
ab:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:BF:4F:C0:3F:3E:0B:26:5E:8E:F9:EE:78:D1:D0:6D:90:B2:5D:3A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/nL9PwD8-CyZejvnueNHQbZCyXTo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
37:65:b6:80:ee:61:da:34:56:9f:48:a8:e0:1a:0d:6d:19:9d:
f3:88:c5:35:21:3e:13:a3:b6:e4:9e:09:cc:aa:a2:b9:49:55:
a0:36:e3:5b:20:4f:88:ac:88:b0:f7:6a:bd:de:47:b5:9b:fb:
74:af:98:1c:fa:b3:66:d2:63:2f:b6:9f:4c:2f:4b:cc:16:a0:
e2:b2:20:67:cb:2e:8d:23:7b:3c:12:42:8b:8f:b0:f1:66:db:
04:9f:4c:cf:0b:d9:53:8b:36:8d:e6:4c:99:75:58:52:22:cd:
93:21:05:e3:ff:e4:60:f1:88:24:b9:fb:03:cb:a9:ca:26:0c:
c2:fc:a6:a4:9f:7a:f8:7f:4d:e5:ec:a9:b4:9e:69:67:ae:21:
09:2c:9d:a0:8d:13:cf:25:56:f3:97:5c:db:d0:55:34:82:b7:
df:8a:09:26:b5:27:36:20:14:87:4f:17:d6:88:8c:57:8a:dd:
76:07:6e:c6:48:0b:2f:dd:a3:c4:86:e1:24:7e:77:e2:af:21:
de:44:d5:20:d0:fd:49:29:1c:47:30:62:d1:2f:be:5d:40:bc:
ab:8b:f5:58:94:fb:07:d2:b2:c1:57:da:9c:aa:f2:2b:30:a1:
1a:d6:a5:e7:d4:84:46:d1:78:50:48:a7:cd:04:eb:19:54:15:
2b:50:c6:77
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYhQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTkx
NTEwMzNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDlDQkY0RkMwM0YzRTBC
MjY1RThFRjlFRTc4RDFEMDZEOTBCMjVEM0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDAL+8EHenzXi2JNN+vwKNPfXwoOlLDjhI5lzbX5q8SLk0knys6
iryaUuRJV9io58zAXgjisPajHnRaLyG7uZPx7kKGQFK8QsrklUouNPWVrxThq19n
7DFYF4tB7B2S+TicQGAJ8s8W/XJve8xd0derV1ioNZZesiYcEuqo54cjFh6J4UC8
rjJI/H/80UgftYvc8oFkHmcY1xFoUtjwm43lJe0ItLJcdwO5lEdpjwkU9tly30kU
NtOvpZvufIG6evm5evR7JF0seZi0p+KQrVMVWobuxvBlcVPaA5M8SmezXvkFzhwN
Io+rPwvaFguakuWTGMPJgEs6pq1fcTOuqqtJAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUnL9PwD8+CyZejvnueNHQbZCyXTowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L25MOVB3RDgtQ3laZWp2
bnVlTkhRYlpDeVhUby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA3ZbaA
7mHaNFafSKjgGg1tGZ3ziMU1IT4To7bkngnMqqK5SVWgNuNbIE+IrIiw92q93ke1
m/t0r5gc+rNm0mMvtp9ML0vMFqDisiBnyy6NI3s8EkKLj7DxZtsEn0zPC9lTizaN
5kyZdVhSIs2TIQXj/+Rg8YgkufsDy6nKJgzC/Kakn3r4f03l7Km0nmlnriEJLJ2g
jRPPJVbzl1zb0FU0grffigkmtSc2IBSHTxfWiIxXit12B27GSAsv3aPEhuEkfnfi
ryHeRNUg0P1JKRxHMGLRL75dQLyri/VYlPsH0rLBV9qcqvIrMKEa1qXn1IRG0XhQ
SKfNBOsZVBUrUMZ3
-----END CERTIFICATE-----
Generated at Sat Jun 21 11:19:17 2025 by rpki-client