Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/rN0qgePRIo2Nnomz8NrYIfeCgKU.roa
File: rN0qgePRIo2Nnomz8NrYIfeCgKU.roa (raw, json)
Hash identifier: hZGOB8DJznlbFVVfiYcn1XB1uf5AkEVFdUsZEko11Xw=
Subject key identifier: AC:DD:2A:81:E3:D1:22:8D:8D:9E:89:B3:F0:DA:D8:21:F7:82:80:A5
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 62E4
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rN0qgePRIo2Nnomz8NrYIfeCgKU.roa
Signing time: Wed 21 May 2025 19:11:49 +0000
ROA not before: Wed 21 May 2025 19:11:49 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25316 (0x62e4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 21 19:11:49 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=ACDD2A81E3D1228D8D9E89B3F0DAD821F78280A5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:b0:60:b3:5b:7d:03:a6:39:b3:45:b0:f1:72:
3d:7d:7d:27:41:58:bd:8b:2d:16:2e:fa:12:b9:91:
63:7c:1c:f2:9c:8e:37:d5:78:46:15:c4:85:b9:3e:
bf:50:49:2e:0b:47:42:d6:d9:66:52:79:40:7c:bc:
a5:a2:e0:b7:af:6d:d2:ea:7e:13:08:7e:b6:fe:96:
ef:79:34:4d:01:7c:c1:34:d9:6f:30:98:4d:6a:83:
75:35:dd:1d:ae:df:fd:24:81:c8:e2:1f:b6:99:48:
9e:8a:23:78:d4:d7:8a:54:cd:da:71:9d:c1:ae:90:
50:dd:d7:09:da:48:08:66:c1:13:f5:cb:66:7f:7c:
d1:39:c8:6f:20:a1:49:5c:15:11:14:5c:ed:84:1e:
8d:4d:7c:ec:48:92:c4:02:c2:04:72:24:e1:5f:5a:
e5:30:e6:75:4f:de:85:4f:02:1a:0f:91:a8:40:90:
3b:d8:ca:62:d2:62:49:25:cd:24:88:18:d7:77:a7:
f9:a0:e8:b1:57:13:f8:95:4e:dc:74:7d:84:ed:c2:
f1:c5:ed:4b:a9:85:c5:62:07:c9:90:13:7b:e7:2d:
17:e0:08:54:de:67:6f:37:48:77:63:64:bd:30:09:
a2:61:8f:66:64:ba:a7:0e:9d:3c:9b:e2:14:d3:c7:
42:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:DD:2A:81:E3:D1:22:8D:8D:9E:89:B3:F0:DA:D8:21:F7:82:80:A5
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rN0qgePRIo2Nnomz8NrYIfeCgKU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
a8:13:67:09:5a:d4:bc:61:4b:c3:5e:33:6b:7b:b2:69:b6:c1:
28:63:48:d8:39:e5:4e:63:b1:93:42:30:45:ec:e5:1f:6b:be:
8a:17:32:06:56:14:f8:f7:c6:61:5d:17:6f:2c:dd:09:bb:64:
3b:6c:e4:df:b5:8e:87:0f:f0:63:85:d0:16:bd:a5:56:84:e5:
01:2b:5f:91:f7:e5:84:7d:cf:7f:cf:c6:de:f1:36:20:e4:0b:
e6:09:49:f6:93:59:f7:8b:c0:be:74:59:9a:7e:bd:23:d2:0f:
18:47:08:ad:88:0d:80:e7:01:de:7f:a2:fb:9a:1b:c6:18:10:
d2:8d:06:32:25:2d:2f:5b:49:3a:4a:07:e7:7c:f3:fe:d9:45:
29:c0:56:8c:de:72:d4:2c:0d:30:0b:a9:c3:11:e9:eb:20:22:
28:89:a8:e3:35:30:ab:6a:12:18:94:e0:6d:cd:68:8d:da:bd:
d8:0a:25:c0:68:2d:bc:49:4a:16:b5:72:7c:40:56:8d:20:f3:
eb:a1:a7:dc:4f:ba:dd:27:cf:8b:bd:3b:43:40:91:f4:02:3b:
24:3b:e4:75:88:7e:67:fb:30:59:21:03:20:ce:c1:1c:0f:ff:
08:08:68:6a:29:94:c5:26:87:85:97:9d:aa:1c:0f:14:f0:5c:
e6:fb:71:f3
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYuQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjEx
OTExNDlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEFDREQyQTgxRTNEMTIy
OEQ4RDlFODlCM0YwREFEODIxRjc4MjgwQTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDdsGCzW30DpjmzRbDxcj19fSdBWL2LLRYu+hK5kWN8HPKcjjfV
eEYVxIW5Pr9QSS4LR0LW2WZSeUB8vKWi4LevbdLqfhMIfrb+lu95NE0BfME02W8w
mE1qg3U13R2u3/0kgcjiH7aZSJ6KI3jU14pUzdpxncGukFDd1wnaSAhmwRP1y2Z/
fNE5yG8goUlcFREUXO2EHo1NfOxIksQCwgRyJOFfWuUw5nVP3oVPAhoPkahAkDvY
ymLSYkklzSSIGNd3p/mg6LFXE/iVTtx0fYTtwvHF7UuphcViB8mQE3vnLRfgCFTe
Z283SHdjZL0wCaJhj2ZkuqcOnTyb4hTTx0L/AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUrN0qgePRIo2Nnomz8NrYIfeCgKUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3JOMHFnZVBSSW8yTm5v
bXo4TnJZSWZlQ2dLVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCoE2cJ
WtS8YUvDXjNre7JptsEoY0jYOeVOY7GTQjBF7OUfa76KFzIGVhT498ZhXRdvLN0J
u2Q7bOTftY6HD/BjhdAWvaVWhOUBK1+R9+WEfc9/z8be8TYg5AvmCUn2k1n3i8C+
dFmafr0j0g8YRwitiA2A5wHef6L7mhvGGBDSjQYyJS0vW0k6SgfnfPP+2UUpwFaM
3nLULA0wC6nDEenrICIoiajjNTCrahIYlOBtzWiN2r3YCiXAaC28SUoWtXJ8QFaN
IPProafcT7rdJ8+LvTtDQJH0AjskO+R1iH5n+zBZIQMgzsEcD/8ICGhqKZTFJoeF
l52qHA8U8Fzm+3Hz
-----END CERTIFICATE-----
Generated at Sun Jun 15 09:25:43 2025 by rpki-client