Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/N9paTViW4HifUjyckIJaT4rWf2A.roa
File: N9paTViW4HifUjyckIJaT4rWf2A.roa (raw, json)
Hash identifier: X7/2xJcP8EEs/jfCboDb9/BUVtmc90ulNFCgM5vsZao=
Subject key identifier: 37:DA:5A:4D:58:96:E0:78:9F:52:3C:9C:90:82:5A:4F:8A:D6:7F:60
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6FBA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/N9paTViW4HifUjyckIJaT4rWf2A.roa
Signing time: Wed 25 Jun 2025 06:14:35 +0000
ROA not before: Wed 25 Jun 2025 06:14:35 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28602 (0x6fba)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 25 06:14:35 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=37DA5A4D5896E0789F523C9C90825A4F8AD67F60
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f1:5c:69:95:29:74:68:c4:ad:b2:74:4d:c9:82:
30:a1:31:b8:37:63:77:1c:49:6b:02:6f:5c:19:59:
21:ea:19:64:6b:ab:99:c8:17:36:9b:0f:69:aa:e9:
8f:40:8d:df:e6:ef:08:72:2f:75:5e:83:27:73:0d:
53:df:38:07:61:07:31:13:61:72:ef:f9:b0:89:cd:
5a:b7:f9:6d:aa:44:fe:4b:62:39:69:dd:75:aa:b1:
28:20:bb:28:1a:73:5c:48:10:ef:59:2d:7d:09:e4:
72:f6:ff:d3:6c:5f:1d:42:36:3c:02:94:64:8b:5f:
55:72:c0:78:5e:3e:54:12:1c:68:e7:1a:d1:d3:b6:
2d:f0:80:da:5e:a2:93:d2:74:03:c8:94:c6:63:44:
47:0e:ae:dc:a4:28:f4:21:e6:b6:ba:6d:9a:0f:e3:
be:5d:7f:8f:f0:7e:4b:2c:ac:99:b1:66:ad:c0:d3:
47:b2:10:da:d0:d1:9d:8a:b9:6f:56:51:52:cc:22:
40:c1:9e:68:1d:a4:a7:cf:bd:f8:6c:23:59:a2:de:
16:9a:55:95:30:c1:ef:a1:e5:6e:1b:bd:9f:c6:dc:
5d:d3:73:b0:56:95:18:c1:86:fc:59:a6:d0:2e:f1:
81:d9:33:0c:29:b6:ab:3f:68:ae:8d:fa:f0:b1:20:
62:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:DA:5A:4D:58:96:E0:78:9F:52:3C:9C:90:82:5A:4F:8A:D6:7F:60
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/N9paTViW4HifUjyckIJaT4rWf2A.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
09:9c:7c:0f:d2:70:c0:e7:e2:da:59:5a:f0:74:73:b9:96:0c:
29:da:11:9a:68:ab:7d:21:7d:2c:39:cc:6e:18:e2:e3:ca:90:
2c:5a:22:e0:01:ae:b4:50:4f:89:13:05:f2:3a:4c:58:7f:18:
6b:b6:bf:a7:68:d5:5f:53:51:17:41:4b:55:3c:81:0e:5e:0a:
f2:7c:29:2a:ab:69:6e:2b:7d:2e:f0:59:cf:52:55:3c:ac:49:
09:6c:c5:04:0a:82:c5:64:76:dd:5c:50:ab:c1:1c:fa:62:a6:
d3:a2:07:07:0c:6e:fc:d9:dc:c8:6b:6d:e1:8b:8a:46:dd:36:
80:7e:94:ed:67:1e:11:e0:b4:fd:fb:cf:9a:88:1e:a9:08:35:
0e:33:e3:8c:fb:15:94:a9:68:3a:29:9e:f5:6d:a3:1f:91:a5:
ba:a2:d1:64:83:20:c8:e1:e9:f3:09:6c:fe:6c:67:c8:15:63:
87:af:e1:e8:72:d5:c6:30:87:81:ec:3d:35:0c:98:9a:33:27:
81:3d:5d:90:7c:ec:57:bc:be:7c:ca:40:df:7e:67:5a:a9:16:
f6:df:b7:ed:8c:f5:5a:a2:29:2e:e6:0d:2a:0d:16:b6:01:67:
ea:9b:36:a6:85:30:0f:a7:f1:79:36:6c:70:b1:07:16:dd:de:
f0:d9:8e:62
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICb7owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjUw
NjE0MzVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM3REE1QTRENTg5NkUw
Nzg5RjUyM0M5QzkwODI1QTRGOEFENjdGNjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDxXGmVKXRoxK2ydE3JgjChMbg3Y3ccSWsCb1wZWSHqGWRrq5nI
FzabD2mq6Y9Ajd/m7whyL3VegydzDVPfOAdhBzETYXLv+bCJzVq3+W2qRP5LYjlp
3XWqsSgguygac1xIEO9ZLX0J5HL2/9NsXx1CNjwClGSLX1VywHhePlQSHGjnGtHT
ti3wgNpeopPSdAPIlMZjREcOrtykKPQh5ra6bZoP475df4/wfkssrJmxZq3A00ey
ENrQ0Z2KuW9WUVLMIkDBnmgdpKfPvfhsI1mi3haaVZUwwe+h5W4bvZ/G3F3Tc7BW
lRjBhvxZptAu8YHZMwwptqs/aK6N+vCxIGItAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUN9paTViW4HifUjyckIJaT4rWf2AwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L045cGFUVmlXNEhpZlVq
eWNrSUphVDRyV2YyQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAJnHwP
0nDA5+LaWVrwdHO5lgwp2hGaaKt9IX0sOcxuGOLjypAsWiLgAa60UE+JEwXyOkxY
fxhrtr+naNVfU1EXQUtVPIEOXgryfCkqq2luK30u8FnPUlU8rEkJbMUECoLFZHbd
XFCrwRz6YqbTogcHDG782dzIa23hi4pG3TaAfpTtZx4R4LT9+8+aiB6pCDUOM+OM
+xWUqWg6KZ71baMfkaW6otFkgyDI4enzCWz+bGfIFWOHr+HoctXGMIeB7D01DJia
MyeBPV2QfOxXvL58ykDffmdaqRb237ftjPVaoiku5g0qDRa2AWfqmzamhTAPp/F5
NmxwsQcW3d7w2Y5i
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:54:54 2025 by rpki-client