Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/MnF8yytbwrlGVBYT9EUA3QpW3FM.roa
File: MnF8yytbwrlGVBYT9EUA3QpW3FM.roa (raw, json)
Hash identifier: hoC6bwrS04Kg3CXTSxsxSe1vs80GCsRDnKKZZPugCYo=
Subject key identifier: 32:71:7C:CB:2B:5B:C2:B9:46:54:16:13:F4:45:00:DD:0A:56:DC:53
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7660
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MnF8yytbwrlGVBYT9EUA3QpW3FM.roa
Signing time: Sun 13 Jul 2025 00:11:38 +0000
ROA not before: Sun 13 Jul 2025 00:11:38 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30304 (0x7660)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 13 00:11:38 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=32717CCB2B5BC2B946541613F44500DD0A56DC53
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:a9:90:30:f1:b1:c6:74:66:73:63:eb:92:14:
39:a4:72:51:fc:b9:7e:b3:74:39:a9:10:04:a9:94:
c7:c4:74:ea:54:05:4f:2a:e3:ee:67:8d:37:c8:d6:
2b:93:c0:d2:45:b2:c3:5e:61:ef:9e:6f:e1:d2:34:
79:31:7a:33:8e:ad:c9:e3:3a:6d:25:56:51:84:2c:
47:33:e5:1a:c4:e2:1f:67:a0:88:92:7e:eb:d2:ab:
74:e3:3d:b8:6f:41:85:58:6e:21:b0:5b:88:a6:c8:
6c:28:cd:2e:c8:54:21:38:dc:a0:2c:ab:47:c0:0c:
80:22:f6:ea:c1:93:be:ab:78:e4:a0:5d:fd:81:01:
fe:67:88:5e:a8:50:26:f3:c4:a6:86:d8:d1:14:1b:
e0:62:39:d3:ac:92:3b:c3:c6:4a:b0:69:f4:d9:3f:
f7:99:e2:d6:c3:0f:b2:3e:f0:b6:0d:71:2e:e9:a3:
fd:38:58:d4:a8:8a:53:57:3f:73:52:41:2e:14:db:
c0:f4:95:5e:8b:19:e5:0e:5a:95:05:34:ce:ad:e6:
6e:dc:da:1e:d0:26:a3:52:1f:70:9a:e5:3b:c1:bb:
b6:45:98:65:43:6a:f2:bb:f6:ab:c1:e2:14:79:95:
3f:80:95:7a:c9:76:6a:ac:2f:8c:92:11:23:fc:cd:
eb:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:71:7C:CB:2B:5B:C2:B9:46:54:16:13:F4:45:00:DD:0A:56:DC:53
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MnF8yytbwrlGVBYT9EUA3QpW3FM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
9f:04:a2:5a:2f:cd:57:38:68:2a:34:f2:51:8f:f3:d9:e7:f5:
97:41:05:88:d1:65:cd:45:58:2a:1b:93:d5:0f:15:7c:a1:7c:
4f:3c:60:09:35:92:e9:da:56:fb:5b:d5:35:ec:18:60:71:18:
e9:ac:9d:74:08:32:44:97:0b:a9:2d:16:2d:86:4e:90:7e:6c:
a5:be:a5:ea:7b:ac:1e:0d:b6:fc:ba:b0:8d:0d:1e:d7:36:f2:
44:44:b5:ae:85:64:49:bd:93:1e:57:4b:fd:61:86:ac:94:12:
a8:9b:94:f1:c0:80:f4:e5:ae:4a:be:34:f8:6a:4a:5f:4f:5f:
79:21:e2:61:d6:2c:06:1b:e2:d1:ac:bc:05:af:97:9e:00:05:
91:1a:8e:0f:48:ba:4d:86:5f:fd:ee:cd:1c:21:62:62:dc:90:
d1:de:a3:08:bf:aa:db:53:cd:6e:d9:e5:8a:e5:2b:5c:e6:65:
26:db:2b:e0:09:3d:6a:cd:3f:32:67:d8:2d:55:76:97:d3:4e:
3e:0b:6d:ce:1f:da:b3:10:ef:13:6a:14:a3:49:de:65:36:82:
67:a5:fe:8c:38:9e:57:d4:c8:de:d5:94:29:00:57:0a:49:92:
a6:d3:26:11:28:85:87:44:3f:c5:2e:04:e3:10:8d:45:f6:64:
08:37:28:0c
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdmAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTMw
MDExMzhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDMyNzE3Q0NCMkI1QkMy
Qjk0NjU0MTYxM0Y0NDUwMEREMEE1NkRDNTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDZqZAw8bHGdGZzY+uSFDmkclH8uX6zdDmpEASplMfEdOpUBU8q
4+5njTfI1iuTwNJFssNeYe+eb+HSNHkxejOOrcnjOm0lVlGELEcz5RrE4h9noIiS
fuvSq3TjPbhvQYVYbiGwW4imyGwozS7IVCE43KAsq0fADIAi9urBk76reOSgXf2B
Af5niF6oUCbzxKaG2NEUG+BiOdOskjvDxkqwafTZP/eZ4tbDD7I+8LYNcS7po/04
WNSoilNXP3NSQS4U28D0lV6LGeUOWpUFNM6t5m7c2h7QJqNSH3Ca5TvBu7ZFmGVD
avK79qvB4hR5lT+AlXrJdmqsL4ySESP8zevrAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUMnF8yytbwrlGVBYT9EUA3QpW3FMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L01uRjh5eXRid3JsR1ZC
WVQ5RVVBM1FwVzNGTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCfBKJa
L81XOGgqNPJRj/PZ5/WXQQWI0WXNRVgqG5PVDxV8oXxPPGAJNZLp2lb7W9U17Bhg
cRjprJ10CDJElwupLRYthk6QfmylvqXqe6weDbb8urCNDR7XNvJERLWuhWRJvZMe
V0v9YYaslBKom5TxwID05a5KvjT4akpfT195IeJh1iwGG+LRrLwFr5eeAAWRGo4P
SLpNhl/97s0cIWJi3JDR3qMIv6rbU81u2eWK5Stc5mUm2yvgCT1qzT8yZ9gtVXaX
004+C23OH9qzEO8TahSjSd5lNoJnpf6MOJ5X1Mje1ZQpAFcKSZKm0yYRKIWHRD/F
LgTjEI1F9mQINygM
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:50:45 2025 by rpki-client