Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/vPl9lqmAq_jj1QuUEKyuFrhVjI8.roa
File: vPl9lqmAq_jj1QuUEKyuFrhVjI8.roa (raw, json)
Hash identifier: 28fIbfcC0RA+RUIt+0NCvneeYFldwv+39zWvEwClTro=
Subject key identifier: BC:F9:7D:96:A9:80:AB:F8:E3:D5:0B:94:10:AC:AE:16:B8:55:8C:8F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 684C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vPl9lqmAq_jj1QuUEKyuFrhVjI8.roa
Signing time: Thu 05 Jun 2025 05:11:49 +0000
ROA not before: Thu 05 Jun 2025 05:11:49 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26700 (0x684c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 5 05:11:49 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=BCF97D96A980ABF8E3D50B9410ACAE16B8558C8F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:9e:16:a0:50:32:2c:67:78:11:f9:b4:17:11:
fb:23:a0:66:67:3d:19:82:cc:7e:5e:da:cd:cd:12:
89:5f:77:22:f2:58:20:cf:fe:36:32:ae:79:53:fe:
a0:d2:3b:f5:81:5b:80:d4:82:28:0d:33:ed:ee:a6:
07:49:b4:cb:5f:f8:b3:a1:f1:58:2a:c4:83:02:f0:
70:87:e3:1a:6f:76:ed:63:0e:57:bb:d1:5e:e1:bb:
e9:4b:a8:4a:ea:2a:18:e6:5c:cb:be:76:72:17:2b:
45:ea:da:a3:04:ad:09:49:4a:e8:22:2c:6e:fb:d6:
93:51:98:0c:b1:a1:f5:9b:9c:51:8d:09:d4:9e:eb:
be:90:b0:c0:63:26:85:c8:47:52:e1:99:9b:6f:51:
3e:30:c7:dd:22:2b:17:a0:85:2c:97:cd:3f:a3:05:
dc:c7:ed:9a:6f:60:64:b6:dd:35:c2:d9:b3:e2:a6:
a1:d7:9e:a6:93:f3:5d:0d:86:e5:6e:9c:01:f4:18:
fa:c8:85:04:8b:71:88:86:07:ec:ff:54:f5:da:86:
ad:b9:e9:3e:ad:f2:07:76:fd:69:5a:17:bf:f9:2e:
c1:e4:83:b5:b3:9c:94:e2:24:8d:15:ab:40:d2:86:
a6:5b:f8:24:3e:4c:26:7e:d2:04:ab:cb:b9:10:9c:
9c:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BC:F9:7D:96:A9:80:AB:F8:E3:D5:0B:94:10:AC:AE:16:B8:55:8C:8F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vPl9lqmAq_jj1QuUEKyuFrhVjI8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
96:43:74:c0:fb:68:f1:69:e2:ac:1a:98:ec:5a:3f:bd:4e:8a:
ef:d3:4d:2e:29:be:07:83:87:fb:26:4b:0f:8a:27:b2:a5:33:
7b:cd:d9:df:14:37:4b:f4:0b:6b:22:2d:dc:b9:b0:72:b3:ba:
16:76:ad:90:6c:9a:4e:ed:b5:0f:17:b5:ea:5e:4c:f1:9d:33:
55:82:d2:2f:47:ef:d6:7a:8c:15:ff:f2:b2:e1:7c:db:61:7d:
2c:4e:77:15:ce:91:2e:0b:ee:8d:81:fa:65:c8:03:0c:e6:1a:
c5:af:bf:e2:fa:7d:52:a1:37:dc:8c:29:ab:7f:27:da:da:89:
dc:08:f7:a1:f8:7d:ba:59:a0:39:14:a0:cc:a9:d7:34:68:d7:
53:7e:2d:f7:d1:7a:df:e7:e8:70:bb:50:9d:f2:60:81:c8:55:
92:7b:19:fc:37:8f:2b:7a:f5:82:62:9e:09:89:fd:cd:44:82:
6e:78:0b:a1:66:32:5d:ac:d5:e6:93:7e:33:36:65:84:81:b8:
60:99:d0:57:63:18:b5:c9:b0:2e:e1:62:4d:2b:48:79:39:39:
52:47:63:79:51:79:4a:90:9e:fe:f6:58:a5:ce:23:9f:8e:a1:
fb:16:1a:ab:5e:56:4f:a4:61:76:35:07:d8:99:6a:25:59:ac:
39:cf:4a:78
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICaEwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDUw
NTExNDlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEJDRjk3RDk2QTk4MEFC
RjhFM0Q1MEI5NDEwQUNBRTE2Qjg1NThDOEYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCpnhagUDIsZ3gR+bQXEfsjoGZnPRmCzH5e2s3NEolfdyLyWCDP
/jYyrnlT/qDSO/WBW4DUgigNM+3upgdJtMtf+LOh8VgqxIMC8HCH4xpvdu1jDle7
0V7hu+lLqErqKhjmXMu+dnIXK0Xq2qMErQlJSugiLG771pNRmAyxofWbnFGNCdSe
676QsMBjJoXIR1LhmZtvUT4wx90iKxeghSyXzT+jBdzH7ZpvYGS23TXC2bPipqHX
nqaT810NhuVunAH0GPrIhQSLcYiGB+z/VPXahq256T6t8gd2/WlaF7/5LsHkg7Wz
nJTiJI0Vq0DShqZb+CQ+TCZ+0gSry7kQnJyJAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUvPl9lqmAq/jj1QuUEKyuFrhVjI8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3ZQbDlscW1BcV9qajFR
dVVFS3l1RnJoVmpJOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCWQ3TA
+2jxaeKsGpjsWj+9Torv000uKb4Hg4f7JksPiieypTN7zdnfFDdL9AtrIi3cubBy
s7oWdq2QbJpO7bUPF7XqXkzxnTNVgtIvR+/WeowV//Ky4XzbYX0sTncVzpEuC+6N
gfplyAMM5hrFr7/i+n1SoTfcjCmrfyfa2oncCPeh+H26WaA5FKDMqdc0aNdTfi33
0Xrf5+hwu1Cd8mCByFWSexn8N48revWCYp4Jif3NRIJueAuhZjJdrNXmk34zNmWE
gbhgmdBXYxi1ybAu4WJNK0h5OTlSR2N5UXlKkJ7+9lilziOfjqH7FhqrXlZPpGF2
NQfYmWolWaw5z0p4
-----END CERTIFICATE-----
Generated at Sun Jun 22 01:06:13 2025 by rpki-client