Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/MkGA650eInCD0x3PhR8ysnug9uY.roa
File: MkGA650eInCD0x3PhR8ysnug9uY.roa (raw, json)
Hash identifier: gfRMEynNImMHMlROKpebj+YFLP5xLw5zM0HVWg6VrZ0=
Subject key identifier: 32:41:80:EB:9D:1E:22:70:83:D3:1D:CF:85:1F:32:B2:7B:A0:F6:E6
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 78C2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MkGA650eInCD0x3PhR8ysnug9uY.roa
Signing time: Sat 19 Jul 2025 08:42:07 +0000
ROA not before: Sat 19 Jul 2025 08:42:07 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30914 (0x78c2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 19 08:42:07 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=324180EB9D1E227083D31DCF851F32B27BA0F6E6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f3:3d:79:25:bf:96:43:19:85:1e:49:5c:5f:b7:
be:72:87:8b:78:6d:84:13:6d:40:2d:66:8b:31:ec:
e4:7a:3a:76:61:73:4d:15:90:56:67:ba:78:98:8d:
ed:7c:98:48:fd:48:15:54:a8:28:f6:8a:8e:1c:09:
3f:af:96:2a:db:47:80:4b:89:08:57:74:07:2a:5f:
cf:28:3c:aa:51:9a:be:b6:a9:39:87:d9:72:9d:e0:
2a:6a:20:5b:b6:0c:43:cd:b5:cc:bf:83:e3:9f:9e:
8b:27:39:75:53:2e:d6:a9:69:14:68:74:8f:0f:a1:
4a:82:59:1a:a9:de:c4:db:c5:79:c9:cd:b0:f1:92:
2c:60:75:48:38:b1:fa:c9:91:42:d2:8b:70:f3:4a:
a2:3b:7d:d3:45:ec:2a:4e:38:c3:dd:53:6d:a6:49:
92:d0:3e:9f:73:d3:e1:b6:2f:3c:06:0b:af:b6:b1:
95:11:d5:da:f3:8d:c8:00:72:b1:76:77:bd:16:b3:
07:bf:71:5e:d1:02:2a:e0:83:36:25:1a:8a:70:07:
08:78:66:8d:04:21:95:13:d5:03:4d:1f:a4:5e:f2:
ca:14:1f:55:dd:50:d0:8d:fd:24:be:01:92:e8:a4:
4b:34:3d:2f:ad:25:f6:6b:6b:76:6e:8f:b5:27:e8:
80:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:41:80:EB:9D:1E:22:70:83:D3:1D:CF:85:1F:32:B2:7B:A0:F6:E6
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MkGA650eInCD0x3PhR8ysnug9uY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
80:51:63:9e:7a:1e:d0:2c:61:a2:52:d4:ad:19:49:e4:4c:61:
92:62:17:17:25:dd:1c:ec:bc:f9:40:a6:6a:97:b1:d9:4c:05:
14:b1:35:81:36:67:e0:eb:f4:bb:29:a5:89:82:7f:66:96:26:
15:05:d4:a9:d1:4f:a2:79:66:9d:1e:6e:16:d1:f3:49:e8:5e:
e9:3e:8e:44:ae:cc:f9:18:58:9e:92:46:a6:ab:20:94:0e:38:
98:36:82:98:26:80:c1:40:7c:ff:4e:3e:3a:a5:4d:a8:cf:b1:
83:bb:e7:2d:e9:56:9f:ad:c4:ab:bd:84:80:36:c0:42:29:58:
09:2f:2a:e5:3e:42:ef:b3:37:41:94:d4:f8:13:67:ea:2c:7b:
8e:ff:73:f9:4d:52:8f:c3:30:9f:3e:c6:ab:59:95:72:84:17:
f2:06:07:50:b8:02:38:7b:f5:4f:a2:ef:5d:06:60:d0:d6:4e:
32:ae:12:22:9a:88:82:4e:2b:b8:3e:07:5c:88:aa:b4:be:2f:
ce:d1:dc:99:e7:66:28:05:31:e1:3f:9a:12:36:52:59:f0:1a:
00:29:ba:f5:09:56:33:95:f3:f6:d3:42:81:82:ef:07:ae:4c:
bf:f6:df:35:84:a2:68:37:2a:47:6f:7c:ce:a9:96:d7:a7:4d:
84:49:ee:dc
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeMIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTkw
ODQyMDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDMyNDE4MEVCOUQxRTIy
NzA4M0QzMURDRjg1MUYzMkIyN0JBMEY2RTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDzPXklv5ZDGYUeSVxft75yh4t4bYQTbUAtZosx7OR6OnZhc00V
kFZnuniYje18mEj9SBVUqCj2io4cCT+vlirbR4BLiQhXdAcqX88oPKpRmr62qTmH
2XKd4CpqIFu2DEPNtcy/g+OfnosnOXVTLtapaRRodI8PoUqCWRqp3sTbxXnJzbDx
kixgdUg4sfrJkULSi3DzSqI7fdNF7CpOOMPdU22mSZLQPp9z0+G2LzwGC6+2sZUR
1drzjcgAcrF2d70Wswe/cV7RAirggzYlGopwBwh4Zo0EIZUT1QNNH6Re8soUH1Xd
UNCN/SS+AZLopEs0PS+tJfZra3Zuj7Un6ID/AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUMkGA650eInCD0x3PhR8ysnug9uYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L01rR0E2NTBlSW5DRDB4
M1BoUjh5c251Zzl1WS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCAUWOe
eh7QLGGiUtStGUnkTGGSYhcXJd0c7Lz5QKZql7HZTAUUsTWBNmfg6/S7KaWJgn9m
liYVBdSp0U+ieWadHm4W0fNJ6F7pPo5Ersz5GFiekkamqyCUDjiYNoKYJoDBQHz/
Tj46pU2oz7GDu+ct6VafrcSrvYSANsBCKVgJLyrlPkLvszdBlNT4E2fqLHuO/3P5
TVKPwzCfPsarWZVyhBfyBgdQuAI4e/VPou9dBmDQ1k4yrhIimoiCTiu4PgdciKq0
vi/O0dyZ52YoBTHhP5oSNlJZ8BoAKbr1CVYzlfP200KBgu8Hrky/9t81hKJoNypH
b3zOqZbXp02ESe7c
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:32:11 2025 by rpki-client