Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/McbW-DdUi7hqLzH8RfFuPk8jePo.roa
File: McbW-DdUi7hqLzH8RfFuPk8jePo.roa (raw, json)
Hash identifier: MEx8YkvIUOtD0gwlOMa+VG0HfgQD08BLkvAg/Ak8zhI=
Subject key identifier: 31:C6:D6:F8:37:54:8B:B8:6A:2F:31:FC:45:F1:6E:3E:4F:23:78:FA
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 75C4
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/McbW-DdUi7hqLzH8RfFuPk8jePo.roa
Signing time: Fri 11 Jul 2025 09:11:54 +0000
ROA not before: Fri 11 Jul 2025 09:11:54 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30148 (0x75c4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 11 09:11:54 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=31C6D6F837548BB86A2F31FC45F16E3E4F2378FA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:00:74:9c:66:59:74:b5:34:56:6c:24:ff:a5:
71:31:bf:30:bf:bc:11:f8:ef:e6:fe:0e:92:97:f9:
87:96:68:63:90:7b:ee:fd:4b:93:d8:93:c4:ce:66:
53:93:66:fd:98:61:c7:df:6c:2d:e6:98:aa:69:c4:
a4:12:d8:27:28:ae:e9:7c:68:fa:45:70:23:06:a2:
7e:44:e3:f3:b4:bb:42:06:83:67:a0:0c:2b:c6:f3:
30:de:a8:ed:80:2e:8b:50:9e:a3:8b:85:a1:65:ff:
d2:54:c5:b1:b5:3d:f4:cf:4f:ae:3b:4b:6c:7f:ec:
01:4d:9e:3a:6a:73:34:35:f9:c6:27:39:27:a1:6b:
5c:31:ca:c6:dd:b0:eb:be:f4:0a:00:e9:83:45:12:
b2:fd:b6:92:ab:23:55:db:2d:fd:c1:03:39:d8:d7:
0c:10:29:19:ce:a1:7a:19:8e:30:54:36:b6:da:c5:
52:78:8f:d0:1b:8f:d2:d6:57:66:dd:0d:92:57:ca:
cb:0a:c2:4c:ab:2d:7f:31:af:d9:c7:e3:f3:6c:69:
b5:9a:cd:bf:c3:44:cf:0f:e3:b4:f1:3c:63:61:8a:
ac:16:35:23:ee:27:45:9e:82:ff:57:46:8d:2b:d6:
36:3d:03:b7:16:c2:be:a8:32:9b:29:14:69:7d:d8:
f5:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:C6:D6:F8:37:54:8B:B8:6A:2F:31:FC:45:F1:6E:3E:4F:23:78:FA
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/McbW-DdUi7hqLzH8RfFuPk8jePo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
0d:28:a5:13:a7:eb:29:94:c6:f6:73:db:70:ce:be:1d:a8:b2:
e5:a9:c8:b0:8b:af:58:38:4d:ad:c1:52:7e:f2:6c:13:41:80:
ea:67:5a:a9:b1:d8:5b:e5:84:22:3d:7f:d8:63:96:8a:ea:55:
aa:5b:10:ed:82:b9:b6:12:fe:5e:b9:57:56:65:8c:aa:f3:14:
e8:65:64:ca:9f:55:85:c2:8e:73:db:df:df:1f:a5:6e:8f:fd:
3e:f4:c8:52:d9:81:13:4a:06:ec:dc:78:53:03:ac:85:bb:67:
82:e2:23:35:dd:a7:39:a9:00:4f:0f:a4:e1:be:13:87:b4:68:
d1:5a:93:95:be:c6:94:87:b6:7f:19:e6:f2:b5:42:a0:bc:b9:
88:c6:55:81:bb:24:df:b4:12:6e:57:b4:b2:18:b6:94:92:03:
bf:09:73:0a:92:f2:02:32:e4:d4:86:4f:5f:2c:10:40:75:6b:
f0:cc:f3:8d:8f:1c:83:7a:73:ee:e6:01:d2:54:ae:d5:a3:ff:
99:1a:60:41:9d:f8:1b:dd:f8:6e:ac:b8:89:20:84:d0:95:c7:
43:2d:5c:62:8f:6a:07:90:3f:7d:fa:b7:83:26:b3:b6:f5:5a:
f4:3b:cf:14:f7:8f:9d:e0:58:ea:4d:93:97:8d:37:b9:59:4e:
aa:7d:10:a2
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdcQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTEw
OTExNTRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDMxQzZENkY4Mzc1NDhC
Qjg2QTJGMzFGQzQ1RjE2RTNFNEYyMzc4RkEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC8AHScZll0tTRWbCT/pXExvzC/vBH47+b+DpKX+YeWaGOQe+79
S5PYk8TOZlOTZv2YYcffbC3mmKppxKQS2Ccorul8aPpFcCMGon5E4/O0u0IGg2eg
DCvG8zDeqO2ALotQnqOLhaFl/9JUxbG1PfTPT647S2x/7AFNnjpqczQ1+cYnOSeh
a1wxysbdsOu+9AoA6YNFErL9tpKrI1XbLf3BAznY1wwQKRnOoXoZjjBUNrbaxVJ4
j9Abj9LWV2bdDZJXyssKwkyrLX8xr9nH4/NsabWazb/DRM8P47TxPGNhiqwWNSPu
J0Wegv9XRo0r1jY9A7cWwr6oMpspFGl92PUDAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUMcbW+DdUi7hqLzH8RfFuPk8jePowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L01jYlctRGRVaTdocUx6
SDhSZkZ1UGs4amVQby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQANKKUT
p+splMb2c9twzr4dqLLlqciwi69YOE2twVJ+8mwTQYDqZ1qpsdhb5YQiPX/YY5aK
6lWqWxDtgrm2Ev5euVdWZYyq8xToZWTKn1WFwo5z29/fH6Vuj/0+9MhS2YETSgbs
3HhTA6yFu2eC4iM13ac5qQBPD6ThvhOHtGjRWpOVvsaUh7Z/GebytUKgvLmIxlWB
uyTftBJuV7SyGLaUkgO/CXMKkvICMuTUhk9fLBBAdWvwzPONjxyDenPu5gHSVK7V
o/+ZGmBBnfgb3fhurLiJIITQlcdDLVxij2oHkD99+reDJrO29Vr0O88U94+d4Fjq
TZOXjTe5WU6qfRCi
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:37:35 2025 by rpki-client