Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/nVRZRsp1nJ7hk7b1q3YpTgSl2t0.roa
File: nVRZRsp1nJ7hk7b1q3YpTgSl2t0.roa (raw, json)
Hash identifier: HQ0yj0y9dzLtznyJNyJXfuuAC08iABsNs9whTM/ZY40=
Subject key identifier: 9D:54:59:46:CA:75:9C:9E:E1:93:B6:F5:AB:76:29:4E:04:A5:DA:DD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 61B4
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/nVRZRsp1nJ7hk7b1q3YpTgSl2t0.roa
Signing time: Sun 18 May 2025 15:10:45 +0000
ROA not before: Sun 18 May 2025 15:10:45 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25012 (0x61b4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 18 15:10:45 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=9D545946CA759C9EE193B6F5AB76294E04A5DADD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:6e:12:74:0d:3e:7c:ab:b8:a8:db:bf:f9:8f:
f6:65:02:82:4e:c9:6d:dc:6f:29:43:f7:47:a6:82:
c3:86:4e:35:fb:5c:22:4e:67:01:9f:d5:7d:4e:70:
70:00:2d:8f:65:ae:4d:7f:89:1b:66:fa:25:1f:85:
a3:82:a5:35:50:a6:7e:f7:63:e2:86:d0:81:5b:e6:
31:7b:8f:a5:90:2d:be:a7:80:59:87:18:9e:03:49:
ec:b8:a1:11:1f:9d:97:09:29:76:91:8e:a0:fa:75:
f8:37:7d:2f:c4:42:8d:cc:bf:97:06:b5:de:8a:68:
dc:db:26:03:16:b2:70:f4:19:43:84:ac:da:d8:b4:
7c:d2:50:5a:79:f4:d6:13:0f:d6:1a:d4:4b:27:2c:
f3:66:77:17:bd:fc:40:1b:3f:cc:47:dd:29:5f:37:
90:15:46:6f:66:b7:c2:c3:b8:35:9f:a1:33:09:bc:
a9:67:17:83:ca:90:6e:35:c7:8e:ad:ec:dc:b2:dd:
00:8e:df:ab:ae:23:fb:5c:06:69:4b:71:d8:80:f5:
7f:6d:b5:ba:7a:81:f3:92:80:17:f9:7a:11:c0:f0:
5a:4c:92:fb:f8:d7:27:f3:2f:e9:89:34:68:f5:54:
a9:3b:6b:0f:b8:70:07:d3:45:53:92:10:28:e1:33:
e4:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:54:59:46:CA:75:9C:9E:E1:93:B6:F5:AB:76:29:4E:04:A5:DA:DD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/nVRZRsp1nJ7hk7b1q3YpTgSl2t0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
9e:35:ea:22:ca:df:dd:cb:d6:e5:41:73:6f:15:40:11:c8:52:
25:37:11:c3:d8:2e:67:c8:f5:31:10:ef:ab:bd:00:f0:13:1f:
df:88:58:a0:e3:95:28:21:98:3c:30:01:b4:5c:70:61:b4:a5:
f8:4d:13:c3:14:0a:25:28:44:72:de:d8:1e:cd:e1:6f:a2:48:
61:95:00:05:d3:28:2c:79:d1:5f:24:ad:21:cf:c3:a1:4c:8b:
08:38:c0:ef:70:79:a4:29:e2:41:46:31:de:98:09:77:95:76:
6e:5c:55:60:8a:80:a1:f5:68:39:56:40:b3:6f:15:ff:65:ac:
48:e6:81:fa:8f:65:5d:c4:78:6c:66:21:29:91:1f:07:c2:6e:
2c:c3:3d:53:86:32:5a:5b:7d:fc:25:87:46:c1:92:5a:26:88:
9d:be:dc:db:93:a3:88:04:df:d9:bc:47:e2:cb:7f:cb:04:36:
c4:6f:2c:66:ea:74:5d:0d:ab:f5:cf:59:56:d5:ba:bb:af:b7:
db:f1:a8:02:09:37:8e:4e:5b:cf:c7:a2:d3:5d:e4:b8:e7:3d:
8c:77:92:4a:a3:38:84:35:27:0a:13:bf:a7:2a:a9:f2:1d:6a:
03:c7:13:f1:f3:06:a2:56:00:50:ad:12:eb:a8:ed:17:f7:9b:
64:1b:9c:83
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYbQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTgx
NTEwNDVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDlENTQ1OTQ2Q0E3NTlD
OUVFMTkzQjZGNUFCNzYyOTRFMDRBNURBREQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC5bhJ0DT58q7io27/5j/ZlAoJOyW3cbylD90emgsOGTjX7XCJO
ZwGf1X1OcHAALY9lrk1/iRtm+iUfhaOCpTVQpn73Y+KG0IFb5jF7j6WQLb6ngFmH
GJ4DSey4oREfnZcJKXaRjqD6dfg3fS/EQo3Mv5cGtd6KaNzbJgMWsnD0GUOErNrY
tHzSUFp59NYTD9Ya1EsnLPNmdxe9/EAbP8xH3SlfN5AVRm9mt8LDuDWfoTMJvKln
F4PKkG41x46t7Nyy3QCO36uuI/tcBmlLcdiA9X9ttbp6gfOSgBf5ehHA8FpMkvv4
1yfzL+mJNGj1VKk7aw+4cAfTRVOSECjhM+SjAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUnVRZRsp1nJ7hk7b1q3YpTgSl2t0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L25WUlpSc3Axbko3aGs3
YjFxM1lwVGdTbDJ0MC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCeNeoi
yt/dy9blQXNvFUARyFIlNxHD2C5nyPUxEO+rvQDwEx/fiFig45UoIZg8MAG0XHBh
tKX4TRPDFAolKERy3tgezeFvokhhlQAF0ygsedFfJK0hz8OhTIsIOMDvcHmkKeJB
RjHemAl3lXZuXFVgioCh9Wg5VkCzbxX/ZaxI5oH6j2VdxHhsZiEpkR8Hwm4swz1T
hjJaW338JYdGwZJaJoidvtzbk6OIBN/ZvEfiy3/LBDbEbyxm6nRdDav1z1lW1bq7
r7fb8agCCTeOTlvPx6LTXeS45z2Md5JKoziENScKE7+nKqnyHWoDxxPx8waiVgBQ
rRLrqO0X95tkG5yD
-----END CERTIFICATE-----
Generated at Sun Jun 22 06:05:25 2025 by rpki-client