Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/MiVu-aTFeoK6H7kWhZ_4ybjS_UM.roa
File: MiVu-aTFeoK6H7kWhZ_4ybjS_UM.roa (raw, json)
Hash identifier: gbeC7eZEQ8dMqhyoBkhQHBy89zwnxAkJ4pFlriU0Srw=
Subject key identifier: 32:25:6E:F9:A4:C5:7A:82:BA:1F:B9:16:85:9F:F8:C9:B8:D2:FD:43
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6C44
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MiVu-aTFeoK6H7kWhZ_4ybjS_UM.roa
Signing time: Sun 15 Jun 2025 19:22:00 +0000
ROA not before: Sun 15 Jun 2025 19:22:00 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27716 (0x6c44)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 15 19:22:00 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=32256EF9A4C57A82BA1FB916859FF8C9B8D2FD43
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:fe:3c:d4:95:e9:09:d3:dc:ab:3a:81:6e:62:
b9:3a:d0:1b:1b:30:8b:0d:66:08:44:ba:df:02:1f:
5c:b9:7d:7e:40:78:c5:1c:26:31:60:56:29:ad:5f:
f0:30:4b:b2:b7:5a:4a:db:dc:6d:68:90:20:96:e1:
44:89:f7:21:22:bb:ea:72:e7:e1:b0:a8:3e:72:59:
43:6e:54:60:7a:38:0b:6a:e5:5d:0e:1d:a2:f5:c3:
13:34:9f:dd:a2:5a:e9:f0:c0:a3:eb:53:32:27:3b:
25:f3:d4:b6:9a:a0:cc:07:3a:8d:13:3f:7b:74:ec:
b4:f9:07:64:d7:9f:a5:17:2b:fb:34:bb:61:87:5a:
6f:8b:0b:9c:fb:ce:c6:c9:ba:dc:74:06:5a:60:22:
84:e8:46:ee:a5:a6:7d:e4:ea:7e:eb:60:7e:d8:2e:
8a:58:f2:7d:26:3d:76:35:c5:ac:0f:11:47:b9:be:
11:d9:1f:07:30:03:ac:d3:62:d7:2d:63:bb:c6:68:
18:e7:87:ae:a2:fd:76:63:f0:39:5e:af:0a:36:e1:
c7:c9:87:a9:60:85:46:be:cb:3b:a4:16:5e:ba:13:
7c:4a:39:31:13:9c:e0:c1:5e:13:69:34:c1:08:83:
cd:ce:4c:7c:64:15:f1:15:2d:26:a4:e7:4f:e3:2e:
b7:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:25:6E:F9:A4:C5:7A:82:BA:1F:B9:16:85:9F:F8:C9:B8:D2:FD:43
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MiVu-aTFeoK6H7kWhZ_4ybjS_UM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
9b:dd:51:0f:99:12:48:b4:35:ea:27:91:ce:01:52:3e:b7:c3:
2d:4f:17:cf:fc:d8:12:ff:62:cf:c8:dc:84:c3:a1:6b:49:e0:
43:39:70:22:81:bb:b7:94:a0:f7:0a:19:9b:48:3a:29:57:00:
4c:47:f1:10:2c:c8:fb:14:a6:0a:01:48:bf:e2:3a:6b:83:33:
a2:9c:23:6c:9a:f4:c2:dc:0b:70:97:37:93:ac:e2:ef:6a:b2:
b6:2e:42:01:27:9d:0e:c6:2e:ab:37:b7:04:f7:da:7c:28:17:
d8:d5:b2:6c:91:a4:5b:e4:f5:ce:74:5e:c6:82:07:7e:3e:3c:
d0:93:d2:4a:0b:2a:e5:87:af:9d:04:d4:17:9a:a8:1b:39:10:
2d:55:ee:b0:a0:1d:ff:75:dc:19:e6:4f:ea:fe:2a:81:89:9e:
49:b0:91:bb:d1:70:43:c2:f3:45:41:c4:99:54:af:be:b9:18:
e5:ee:8d:2f:b3:d1:40:4e:c5:f8:3a:61:ca:39:47:37:e9:9c:
92:32:91:7a:ef:ef:89:b3:09:ad:b3:d9:4d:ef:84:89:fd:d9:
1b:0f:1b:01:fa:8f:9f:32:a8:9c:76:6e:ae:8f:0c:2c:a4:70:
69:72:81:93:cc:63:d8:33:87:c5:a2:2c:3e:76:be:93:7f:b6:
57:89:23:81
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbEQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTUx
OTIyMDBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDMyMjU2RUY5QTRDNTdB
ODJCQTFGQjkxNjg1OUZGOEM5QjhEMkZENDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCm/jzUlekJ09yrOoFuYrk60BsbMIsNZghEut8CH1y5fX5AeMUc
JjFgVimtX/AwS7K3Wkrb3G1okCCW4USJ9yEiu+py5+GwqD5yWUNuVGB6OAtq5V0O
HaL1wxM0n92iWunwwKPrUzInOyXz1LaaoMwHOo0TP3t07LT5B2TXn6UXK/s0u2GH
Wm+LC5z7zsbJutx0BlpgIoToRu6lpn3k6n7rYH7YLopY8n0mPXY1xawPEUe5vhHZ
HwcwA6zTYtctY7vGaBjnh66i/XZj8Dlerwo24cfJh6lghUa+yzukFl66E3xKOTET
nODBXhNpNMEIg83OTHxkFfEVLSak50/jLrepAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUMiVu+aTFeoK6H7kWhZ/4ybjS/UMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L01pVnUtYVRGZW9LNkg3
a1doWl80eWJqU19VTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCb3VEP
mRJItDXqJ5HOAVI+t8MtTxfP/NgS/2LPyNyEw6FrSeBDOXAigbu3lKD3ChmbSDop
VwBMR/EQLMj7FKYKAUi/4jprgzOinCNsmvTC3AtwlzeTrOLvarK2LkIBJ50Oxi6r
N7cE99p8KBfY1bJskaRb5PXOdF7Gggd+PjzQk9JKCyrlh6+dBNQXmqgbORAtVe6w
oB3/ddwZ5k/q/iqBiZ5JsJG70XBDwvNFQcSZVK++uRjl7o0vs9FATsX4OmHKOUc3
6ZySMpF67++Jswmts9lN74SJ/dkbDxsB+o+fMqicdm6ujwwspHBpcoGTzGPYM4fF
oiw+dr6Tf7ZXiSOB
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:57:42 2025 by rpki-client