Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/9UyQHTeiMCWwGqLX-47Hn2vgmRM.roa
File: 9UyQHTeiMCWwGqLX-47Hn2vgmRM.roa (raw, json)
Hash identifier: 1jFjOzkrjxM1wKwzpThg2jktH6MIsK36n0nwxlzfTAk=
Subject key identifier: F5:4C:90:1D:37:A2:30:25:B0:1A:A2:D7:FB:8E:C7:9F:6B:E0:99:13
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 62FE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/9UyQHTeiMCWwGqLX-47Hn2vgmRM.roa
Signing time: Thu 22 May 2025 01:40:52 +0000
ROA not before: Thu 22 May 2025 01:40:52 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25342 (0x62fe)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 22 01:40:52 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=F54C901D37A23025B01AA2D7FB8EC79F6BE09913
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:78:93:5c:ec:63:31:13:5f:e5:49:59:7e:7b:
4e:df:24:84:5b:eb:e9:f8:5c:a9:a7:9d:02:52:b1:
3b:34:4d:d8:d3:f2:52:4b:d8:f7:7e:7a:83:8b:8b:
7f:66:eb:96:35:64:76:9c:d6:84:9a:97:8e:61:81:
4d:dc:72:80:3a:4f:55:79:9e:58:23:b7:0e:4b:60:
34:90:7f:4e:2b:2c:00:b8:22:1c:54:a1:f2:8e:30:
88:17:c4:54:c4:ea:48:cd:41:de:fd:89:8a:6b:1b:
91:a0:17:b1:41:b6:95:23:22:13:53:de:0a:9f:8a:
f8:36:7b:01:21:fa:5c:8c:13:48:d7:d9:f8:9c:fe:
76:ea:9b:1a:25:df:27:24:7b:c6:37:65:4b:6d:2b:
eb:0f:27:9e:4a:09:87:91:7e:55:9d:a0:64:a2:8f:
f0:47:25:67:2b:00:3a:03:6b:8f:a8:05:7b:f3:b8:
61:c8:a0:2b:be:fb:4a:a4:25:f1:3b:a1:59:c4:c6:
3b:ec:0d:47:03:fd:30:30:c4:0f:96:fc:fe:e3:ec:
ae:9c:6e:a0:a0:85:0e:83:f7:98:1a:03:ba:15:b1:
78:91:cd:80:2a:40:f8:44:d6:d9:e5:48:aa:4d:ad:
3a:13:79:2a:59:fe:f5:ed:02:6d:4a:78:de:de:26:
6e:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:4C:90:1D:37:A2:30:25:B0:1A:A2:D7:FB:8E:C7:9F:6B:E0:99:13
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/9UyQHTeiMCWwGqLX-47Hn2vgmRM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
7f:c6:bd:5e:98:dd:55:64:de:41:96:88:b1:66:35:10:39:28:
b8:e0:32:1b:47:56:ea:d4:bc:16:cc:c7:0c:22:35:c4:8d:56:
57:01:e5:dc:eb:b1:f1:a7:8c:aa:24:12:3c:d3:b8:4d:23:48:
01:54:fa:b3:e1:52:a0:aa:49:6f:47:9a:31:67:6b:3e:4b:0f:
22:2f:f3:d9:95:d2:10:ad:ed:24:59:08:eb:7a:92:7f:7d:70:
8d:fc:b3:eb:e1:e0:28:78:71:fa:46:fa:db:95:b0:6a:17:16:
1c:62:c1:99:e4:11:b6:f7:5a:6d:8c:6b:09:69:1a:b9:2b:94:
10:50:53:a1:c0:af:56:3e:b6:09:a8:4a:19:dc:d7:be:52:2c:
bd:4e:65:72:66:17:41:ce:f4:3d:1f:fa:26:8d:be:a8:a9:9f:
0f:85:0c:51:75:5b:ac:98:b5:96:66:c6:ef:c8:33:03:c4:81:
63:83:ca:7c:da:45:73:66:1b:15:af:fb:16:33:7a:10:92:b2:
09:f6:69:0f:80:6c:6a:f5:65:24:30:83:b0:ea:98:ad:69:7c:
84:8f:9d:15:3f:0c:d5:07:de:09:46:1b:ec:cc:50:33:c1:4f:
24:80:ab:01:31:b8:7f:99:de:6f:43:de:9d:5f:fe:5d:92:0b:
2c:5b:a0:e9
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYv4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjIw
MTQwNTJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEY1NEM5MDFEMzdBMjMw
MjVCMDFBQTJEN0ZCOEVDNzlGNkJFMDk5MTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCqeJNc7GMxE1/lSVl+e07fJIRb6+n4XKmnnQJSsTs0TdjT8lJL
2Pd+eoOLi39m65Y1ZHac1oSal45hgU3ccoA6T1V5nlgjtw5LYDSQf04rLAC4IhxU
ofKOMIgXxFTE6kjNQd79iYprG5GgF7FBtpUjIhNT3gqfivg2ewEh+lyME0jX2fic
/nbqmxol3ycke8Y3ZUttK+sPJ55KCYeRflWdoGSij/BHJWcrADoDa4+oBXvzuGHI
oCu++0qkJfE7oVnExjvsDUcD/TAwxA+W/P7j7K6cbqCghQ6D95gaA7oVsXiRzYAq
QPhE1tnlSKpNrToTeSpZ/vXtAm1KeN7eJm7TAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU9UyQHTeiMCWwGqLX+47Hn2vgmRMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzlVeVFIVGVpTUNXd0dx
TFgtNDdIbjJ2Z21STS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB/xr1e
mN1VZN5BloixZjUQOSi44DIbR1bq1LwWzMcMIjXEjVZXAeXc67Hxp4yqJBI807hN
I0gBVPqz4VKgqklvR5oxZ2s+Sw8iL/PZldIQre0kWQjrepJ/fXCN/LPr4eAoeHH6
RvrblbBqFxYcYsGZ5BG291ptjGsJaRq5K5QQUFOhwK9WPrYJqEoZ3Ne+Uiy9TmVy
ZhdBzvQ9H/omjb6oqZ8PhQxRdVusmLWWZsbvyDMDxIFjg8p82kVzZhsVr/sWM3oQ
krIJ9mkPgGxq9WUkMIOw6pitaXyEj50VPwzVB94JRhvszFAzwU8kgKsBMbh/md5v
Q96dX/5dkgssW6Dp
-----END CERTIFICATE-----
Generated at Sun Jul 20 16:33:40 2025 by rpki-client