Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/N5hQV6qqR2-wRdmtSUlUMk_Xqtc.roa
File: N5hQV6qqR2-wRdmtSUlUMk_Xqtc.roa (raw, json)
Hash identifier: rzCXLdx0DPs08gS0Tl/0rrRR699ne+Q81xYoeX6GF/Q=
Subject key identifier: 37:98:50:57:AA:AA:47:6F:B0:45:D9:AD:49:49:54:32:4F:D7:AA:D7
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 669A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/N5hQV6qqR2-wRdmtSUlUMk_Xqtc.roa
Signing time: Sat 31 May 2025 16:41:40 +0000
ROA not before: Sat 31 May 2025 16:41:40 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26266 (0x669a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 31 16:41:40 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=37985057AAAA476FB045D9AD494954324FD7AAD7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:8a:c9:0a:c5:84:76:d2:82:16:90:31:da:07:
ce:b4:01:84:ac:24:1a:73:5c:51:50:3b:01:e1:75:
68:e3:bb:4f:61:6f:b7:13:67:02:47:b2:86:dc:8a:
53:25:4b:08:f4:83:bd:e4:0a:3b:3c:da:7d:61:88:
55:f6:9a:e1:86:f1:82:02:6d:55:d1:a7:c9:45:6a:
5c:f6:32:50:16:88:d6:67:83:a0:2b:ef:74:ff:fc:
ad:d5:d5:8f:c9:db:4e:6e:3d:f7:a2:1b:71:43:81:
5b:69:2a:5c:49:77:1e:a9:6f:8b:8f:c4:be:0d:af:
2a:4f:bf:f4:69:2e:34:13:ca:01:7f:1b:29:02:ca:
cb:f6:d8:20:b2:ac:2b:f1:e0:a9:24:8a:ba:56:74:
74:7f:61:a2:c1:e6:0b:50:a6:4c:31:0a:b1:e5:8c:
05:73:bb:92:d9:6b:c9:00:89:0f:b3:49:e7:37:11:
db:33:68:7e:8a:91:b8:3d:f4:e1:4d:da:2a:0d:b9:
28:f1:50:7f:cf:27:4b:6a:c4:89:62:20:1a:55:4c:
bd:be:d1:27:35:78:68:98:79:20:6b:af:e9:da:49:
db:ca:c1:27:21:d6:e2:ba:97:6b:41:e6:ac:04:22:
20:9a:6d:59:ec:fa:04:bb:74:b1:fe:7d:cb:6b:cf:
df:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:98:50:57:AA:AA:47:6F:B0:45:D9:AD:49:49:54:32:4F:D7:AA:D7
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/N5hQV6qqR2-wRdmtSUlUMk_Xqtc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
ae:85:2b:e8:78:25:2a:f3:06:14:0b:0a:6b:b6:0d:5e:2d:f6:
5c:0d:82:e9:b9:9f:ec:ed:aa:4d:98:9e:7a:e7:e6:90:4e:c8:
8f:19:9d:4f:62:56:c5:52:76:70:dc:21:e3:47:6c:36:fb:87:
61:87:50:35:4b:bf:c8:11:7b:16:e8:a1:cc:62:28:49:0b:c8:
26:35:c0:37:c2:6a:b9:e7:1c:79:11:16:f1:90:9c:f2:96:75:
e8:3a:79:d4:e4:f8:c0:ba:a4:93:74:98:dc:0f:0e:28:fb:44:
b3:17:c7:90:5d:3e:40:1d:35:e6:12:5f:9e:83:2e:71:2f:54:
46:05:0b:f7:49:18:b4:78:03:97:16:df:2f:17:df:21:9e:3a:
29:40:4e:f8:42:48:d4:b9:5a:61:41:60:7a:cc:dd:74:7b:a1:
ef:10:5c:fd:b6:27:11:35:8a:63:a9:e9:14:f7:9a:73:59:48:
ab:63:97:6f:5d:77:35:7f:e5:dd:39:f4:88:5f:44:88:9c:97:
8e:df:5a:f0:16:f3:b6:80:c3:6f:83:3f:33:8b:29:c6:98:d7:
2f:5e:ee:5d:4b:2b:a9:60:d0:83:5f:17:46:89:e5:36:33:9a:
01:6d:0a:16:c6:a7:11:d9:34:f8:39:3d:b1:2e:1f:54:45:c0:
3a:f0:bf:16
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZpowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MzEx
NjQxNDBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM3OTg1MDU3QUFBQTQ3
NkZCMDQ1RDlBRDQ5NDk1NDMyNEZEN0FBRDcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJiskKxYR20oIWkDHaB860AYSsJBpzXFFQOwHhdWjju09hb7cT
ZwJHsobcilMlSwj0g73kCjs82n1hiFX2muGG8YICbVXRp8lFalz2MlAWiNZng6Ar
73T//K3V1Y/J205uPfeiG3FDgVtpKlxJdx6pb4uPxL4NrypPv/RpLjQTygF/GykC
ysv22CCyrCvx4KkkirpWdHR/YaLB5gtQpkwxCrHljAVzu5LZa8kAiQ+zSec3Edsz
aH6Kkbg99OFN2ioNuSjxUH/PJ0tqxIliIBpVTL2+0Sc1eGiYeSBrr+naSdvKwSch
1uK6l2tB5qwEIiCabVns+gS7dLH+fctrz989AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUN5hQV6qqR2+wRdmtSUlUMk/XqtcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L041aFFWNnFxUjItd1Jk
bXRTVWxVTWtfWHF0Yy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCuhSvo
eCUq8wYUCwprtg1eLfZcDYLpuZ/s7apNmJ565+aQTsiPGZ1PYlbFUnZw3CHjR2w2
+4dhh1A1S7/IEXsW6KHMYihJC8gmNcA3wmq55xx5ERbxkJzylnXoOnnU5PjAuqST
dJjcDw4o+0SzF8eQXT5AHTXmEl+egy5xL1RGBQv3SRi0eAOXFt8vF98hnjopQE74
QkjUuVphQWB6zN10e6HvEFz9ticRNYpjqekU95pzWUirY5dvXXc1f+XdOfSIX0SI
nJeO31rwFvO2gMNvgz8ziynGmNcvXu5dSyupYNCDXxdGieU2M5oBbQoWxqcR2TT4
OT2xLh9URcA68L8W
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:48:58 2025 by rpki-client