Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/N79eiAYiuhB_lG-C6MCS5raUDXI.roa
File: N79eiAYiuhB_lG-C6MCS5raUDXI.roa (raw, json)
Hash identifier: FDz4fd3QMzNaURV6Spjz/OtyswXRCRXk5o2PA22cXkg=
Subject key identifier: 37:BF:5E:88:06:22:BA:10:7F:94:6F:82:E8:C0:92:E6:B6:94:0D:72
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 70A2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/N79eiAYiuhB_lG-C6MCS5raUDXI.roa
Signing time: Fri 27 Jun 2025 16:14:31 +0000
ROA not before: Fri 27 Jun 2025 16:14:31 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28834 (0x70a2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 27 16:14:31 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=37BF5E880622BA107F946F82E8C092E6B6940D72
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:c6:b4:92:d6:d9:97:79:72:a8:90:54:36:83:
2b:97:00:5d:ba:89:2d:1e:29:d5:3d:6a:7a:04:ee:
d3:a8:7f:5e:7c:0b:46:ac:ee:81:db:cc:06:12:91:
b0:2b:b8:75:84:16:fa:44:2d:63:02:d9:0e:f8:59:
3b:e9:08:b4:c9:e8:f2:f0:ad:5b:54:13:76:3b:5e:
7b:15:a2:f4:78:34:10:1a:14:b2:e0:46:c1:6e:ee:
e7:30:b0:ba:b0:94:42:54:07:6c:99:a1:20:00:1a:
57:6e:87:bc:2f:b8:8a:27:7c:35:48:8c:18:61:63:
73:6d:3c:74:cd:c1:d7:c4:87:98:2d:7a:4c:8c:ef:
f7:94:07:c5:db:56:26:e6:ed:28:6e:c8:36:15:a2:
45:f1:a1:65:ab:1d:f4:52:c9:84:4f:58:9d:66:ea:
5e:4b:ac:cc:17:8b:72:28:42:ba:60:b3:af:16:91:
58:a9:cd:25:45:d1:70:a5:65:c3:24:be:c0:35:6b:
31:cb:05:f2:ea:1f:85:24:06:78:62:1f:13:bc:b8:
14:51:dd:de:ca:05:1e:57:ff:34:3e:93:dd:df:7f:
e6:a8:43:b0:50:bd:5f:b2:56:45:5b:60:83:99:28:
10:bc:a4:45:fb:6c:ed:91:77:fc:af:00:92:45:04:
21:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:BF:5E:88:06:22:BA:10:7F:94:6F:82:E8:C0:92:E6:B6:94:0D:72
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/N79eiAYiuhB_lG-C6MCS5raUDXI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
7c:be:14:ae:fc:e9:99:5c:89:db:16:f9:e9:93:64:92:92:57:
d8:20:60:ac:6e:ef:08:4d:68:68:2d:38:83:9c:75:c9:1e:fe:
47:23:2e:81:8c:c0:7a:15:1d:8c:10:09:49:24:de:3d:2c:d6:
c2:f2:71:a3:01:87:2a:4e:72:03:83:6d:b0:c9:3b:fd:87:4b:
aa:07:01:52:b9:2d:20:82:ff:6e:d6:14:f8:4b:d0:44:56:0d:
c1:eb:e3:d9:7a:41:ae:29:d8:dc:20:cd:88:43:3a:a1:c2:47:
3d:79:3b:1f:d6:1a:6e:36:8c:f0:a1:f7:64:08:38:d0:ea:81:
83:eb:7b:b2:fa:ec:13:76:bd:67:0c:6a:2e:e8:f1:26:c1:d3:
e2:11:f4:86:21:89:67:24:67:38:c7:05:75:30:e7:e1:21:4d:
65:35:32:97:2c:92:db:4c:b4:28:7d:9b:98:72:7f:de:62:21:
bf:e1:ed:33:7d:15:a3:a8:b9:ef:4d:1a:09:e2:76:e3:15:99:
35:37:16:4e:12:36:42:c3:30:91:bd:f2:49:bd:e3:74:22:4e:
66:84:9c:7d:43:28:5b:b7:df:cc:5a:22:e7:5d:23:45:1c:e5:
56:8f:25:a3:be:28:c6:f8:b2:5d:12:0b:39:dd:a6:84:c9:e2:
d1:7f:55:c3
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcKIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2Mjcx
NjE0MzFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM3QkY1RTg4MDYyMkJB
MTA3Rjk0NkY4MkU4QzA5MkU2QjY5NDBENzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+xrSS1tmXeXKokFQ2gyuXAF26iS0eKdU9anoE7tOof158C0as
7oHbzAYSkbAruHWEFvpELWMC2Q74WTvpCLTJ6PLwrVtUE3Y7XnsVovR4NBAaFLLg
RsFu7ucwsLqwlEJUB2yZoSAAGlduh7wvuIonfDVIjBhhY3NtPHTNwdfEh5gtekyM
7/eUB8XbVibm7ShuyDYVokXxoWWrHfRSyYRPWJ1m6l5LrMwXi3IoQrpgs68WkVip
zSVF0XClZcMkvsA1azHLBfLqH4UkBnhiHxO8uBRR3d7KBR5X/zQ+k93ff+aoQ7BQ
vV+yVkVbYIOZKBC8pEX7bO2Rd/yvAJJFBCFZAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUN79eiAYiuhB/lG+C6MCS5raUDXIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L043OWVpQVlpdWhCX2xH
LUM2TUNTNXJhVURYSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB8vhSu
/OmZXInbFvnpk2SSklfYIGCsbu8ITWhoLTiDnHXJHv5HIy6BjMB6FR2MEAlJJN49
LNbC8nGjAYcqTnIDg22wyTv9h0uqBwFSuS0ggv9u1hT4S9BEVg3B6+PZekGuKdjc
IM2IQzqhwkc9eTsf1hpuNozwofdkCDjQ6oGD63uy+uwTdr1nDGou6PEmwdPiEfSG
IYlnJGc4xwV1MOfhIU1lNTKXLJLbTLQofZuYcn/eYiG/4e0zfRWjqLnvTRoJ4nbj
FZk1NxZOEjZCwzCRvfJJveN0Ik5mhJx9Qyhbt9/MWiLnXSNFHOVWjyWjvijG+LJd
Egs53aaEyeLRf1XD
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:36:15 2025 by rpki-client