Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/MALTLB9KjnuzWIgZXgb-9J-U1Go.roa
File: MALTLB9KjnuzWIgZXgb-9J-U1Go.roa (raw, json)
Hash identifier: M2ht+bJqvPIBLUi8tWuSEDrEJ6LoCaCDwfMoQD4BoPw=
Subject key identifier: 30:02:D3:2C:1F:4A:8E:7B:B3:58:88:19:5E:06:FE:F4:9F:94:D4:6A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 63B2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MALTLB9KjnuzWIgZXgb-9J-U1Go.roa
Signing time: Fri 23 May 2025 22:40:54 +0000
ROA not before: Fri 23 May 2025 22:40:54 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25522 (0x63b2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 23 22:40:54 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=3002D32C1F4A8E7BB35888195E06FEF49F94D46A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:2b:9a:2e:f5:03:c4:09:e4:fd:a6:5d:ef:7b:
36:04:0b:1d:fd:40:dd:7b:38:0a:05:b9:30:4f:cd:
fb:17:a5:cf:a6:35:79:12:d4:9a:2b:d7:16:43:8d:
81:42:b3:b2:82:99:8b:e2:9a:f1:c1:5a:e9:8a:75:
af:d0:17:b0:25:f8:78:0e:87:3a:81:f0:be:8d:a1:
07:f1:ea:c5:69:a5:38:7c:0c:b4:03:fb:e0:68:0c:
e7:77:9f:32:78:6e:da:86:2e:7c:0d:01:8a:f1:a6:
c4:ab:93:4e:e7:fa:d7:72:c6:b7:fe:78:52:b3:ae:
41:8d:5a:fa:c1:a4:4c:8c:8f:16:0b:f7:ce:97:fd:
aa:d7:24:e2:33:08:be:b6:b8:ab:9d:40:19:33:a1:
c0:3f:c5:ad:a7:7f:66:65:2d:67:8f:32:17:4b:24:
1d:a2:df:f5:2f:24:9d:cf:4b:6c:3f:9b:e9:1b:12:
80:e4:0b:c4:24:41:02:8e:f0:13:44:1c:6d:c1:00:
af:6c:a4:3c:4f:fb:87:0e:b7:a0:20:02:eb:31:b8:
c8:1c:3c:6c:42:3b:18:bf:bc:47:e5:f8:58:f3:a4:
d0:4d:17:d5:70:3c:57:96:65:76:98:81:57:53:70:
30:a2:f9:28:86:0e:a9:ce:3a:75:61:9e:24:c6:53:
c2:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:02:D3:2C:1F:4A:8E:7B:B3:58:88:19:5E:06:FE:F4:9F:94:D4:6A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MALTLB9KjnuzWIgZXgb-9J-U1Go.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
42:67:0b:b1:19:0e:bb:75:0d:32:ca:e9:43:41:43:11:d3:4c:
22:bb:7c:0d:c5:5a:a4:27:2e:48:f9:9d:c2:a9:fd:51:6b:f4:
b7:c1:55:d8:ff:76:83:a6:3b:31:b5:0a:ab:91:39:b6:01:51:
7c:fa:6d:17:78:3e:1e:e2:2f:a5:27:85:a8:7d:ee:be:c6:1b:
f6:70:6d:08:d7:ad:f2:89:68:77:d8:11:8a:c4:22:54:84:a5:
6c:a2:77:33:75:5f:bb:c9:cd:e7:d3:da:6c:ba:d0:8e:a5:b6:
67:3c:3a:3d:a1:aa:47:79:dd:47:70:8f:7b:85:f4:53:ff:d1:
28:bf:e2:ad:11:6f:40:69:e3:01:c8:12:78:ea:cd:b4:81:7e:
ff:4d:14:df:bb:c6:1b:5c:c9:9b:65:0e:f1:9e:40:fd:30:68:
e1:34:e7:ae:27:3d:1f:27:c0:c6:01:46:13:4d:28:99:07:7d:
4a:98:01:da:80:99:6d:8b:00:ad:a1:40:99:66:4c:57:2b:32:
95:34:2b:37:2e:88:01:f1:68:38:0c:41:f2:03:ee:ee:b5:7d:
f9:b3:bc:c7:89:a4:cd:14:af:8d:87:b2:a7:eb:45:05:47:6f:
e8:fc:e6:97:db:22:69:f6:d3:85:a2:28:47:24:ef:39:09:86:
69:4f:4d:74
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICY7IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjMy
MjQwNTRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDMwMDJEMzJDMUY0QThF
N0JCMzU4ODgxOTVFMDZGRUY0OUY5NEQ0NkEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCwK5ou9QPECeT9pl3vezYECx39QN17OAoFuTBPzfsXpc+mNXkS
1Jor1xZDjYFCs7KCmYvimvHBWumKda/QF7Al+HgOhzqB8L6NoQfx6sVppTh8DLQD
++BoDOd3nzJ4btqGLnwNAYrxpsSrk07n+tdyxrf+eFKzrkGNWvrBpEyMjxYL986X
/arXJOIzCL62uKudQBkzocA/xa2nf2ZlLWePMhdLJB2i3/UvJJ3PS2w/m+kbEoDk
C8QkQQKO8BNEHG3BAK9spDxP+4cOt6AgAusxuMgcPGxCOxi/vEfl+FjzpNBNF9Vw
PFeWZXaYgVdTcDCi+SiGDqnOOnVhniTGU8IlAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUMALTLB9KjnuzWIgZXgb+9J+U1GowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L01BTFRMQjlLam51eldJ
Z1pYZ2ItOUotVTFHby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBCZwux
GQ67dQ0yyulDQUMR00wiu3wNxVqkJy5I+Z3Cqf1Ra/S3wVXY/3aDpjsxtQqrkTm2
AVF8+m0XeD4e4i+lJ4Wofe6+xhv2cG0I163yiWh32BGKxCJUhKVsonczdV+7yc3n
09psutCOpbZnPDo9oapHed1HcI97hfRT/9Eov+KtEW9AaeMByBJ46s20gX7/TRTf
u8YbXMmbZQ7xnkD9MGjhNOeuJz0fJ8DGAUYTTSiZB31KmAHagJltiwCtoUCZZkxX
KzKVNCs3LogB8Wg4DEHyA+7utX35s7zHiaTNFK+Nh7Kn60UFR2/o/OaX2yJp9tOF
oihHJO85CYZpT010
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:04:26 2025 by rpki-client