Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/NE9HHZdkOEqNUIQZcWIzoQwvcIg.roa
File: NE9HHZdkOEqNUIQZcWIzoQwvcIg.roa (raw, json)
Hash identifier: Q6VYNTBP9FLXIMf63zr+Fss6rpyXQVZL1ng/FfQrj8s=
Subject key identifier: 34:4F:47:1D:97:64:38:4A:8D:50:84:19:71:62:33:A1:0C:2F:70:88
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 75EE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NE9HHZdkOEqNUIQZcWIzoQwvcIg.roa
Signing time: Fri 11 Jul 2025 19:41:33 +0000
ROA not before: Fri 11 Jul 2025 19:41:33 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30190 (0x75ee)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 11 19:41:33 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=344F471D9764384A8D508419716233A10C2F7088
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:4d:2d:e6:83:7b:53:5e:c3:93:9a:4d:e0:1f:
21:9e:85:ae:db:66:c3:66:b4:bf:a4:e0:f2:a3:6d:
02:1c:fd:ff:a6:d2:92:bf:e6:76:26:30:7b:2d:2e:
e8:03:6a:8c:52:f2:e3:ad:b9:73:7d:23:d7:ca:4d:
4c:ea:a5:66:2f:57:2b:09:98:80:3a:86:21:73:e9:
e2:3b:82:ac:cc:12:ca:12:55:ad:51:78:b2:23:7a:
0f:ac:c8:f8:10:d8:83:4b:29:41:63:88:1a:78:b9:
b6:8e:e7:d9:5f:c0:b3:9c:9c:58:42:2c:5f:f1:d2:
1e:5a:3f:87:f3:df:84:1a:4d:57:a5:c6:bc:89:c4:
84:54:af:b0:ae:8b:97:76:9a:e4:f0:44:f8:28:c2:
7b:59:1a:2b:5b:57:56:11:f6:ff:ea:50:58:fe:03:
2e:e6:ae:3a:bc:a9:7b:9b:42:47:7d:9e:c8:a9:68:
ae:75:9a:69:91:a1:8e:bc:96:84:86:6f:26:42:96:
2d:f6:f7:ab:ea:4e:22:7f:e4:81:8f:71:7e:62:1c:
c9:74:09:b5:fe:76:2c:32:66:11:82:1e:fa:b2:c7:
a2:e2:cb:3f:25:36:5a:4a:cb:cd:2d:62:95:14:d5:
e5:b4:db:55:93:ba:85:01:b8:93:26:8b:18:fa:e6:
d3:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:4F:47:1D:97:64:38:4A:8D:50:84:19:71:62:33:A1:0C:2F:70:88
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NE9HHZdkOEqNUIQZcWIzoQwvcIg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
02:7d:b5:07:7a:5b:81:bb:9c:ec:17:d6:7f:9b:c6:fb:88:07:
76:86:ed:74:e9:9a:bf:bb:33:fd:df:03:94:76:21:b2:5d:e6:
87:d9:b6:84:5e:a9:55:99:e5:49:61:4c:cf:ce:31:bf:9e:26:
90:8f:6f:f1:15:dd:b9:e4:89:9f:5a:23:9f:1e:17:53:61:e2:
24:de:b6:55:57:31:1e:b2:ec:ed:96:e2:4a:4e:71:72:66:dc:
ee:83:68:d5:f5:6f:74:06:a2:63:77:f0:b4:ac:ad:25:f3:0c:
e7:01:9d:97:13:ab:46:81:d6:2a:5d:13:05:09:db:c1:75:3f:
8e:e9:95:46:ce:16:eb:5d:1a:43:0f:f1:6c:84:b9:ec:1c:4d:
f4:f0:46:b2:d7:d4:0e:67:c3:47:f2:b9:fc:5f:83:09:3d:04:
3b:34:66:60:0f:c5:a0:de:8b:3b:18:a6:26:c6:86:75:3c:65:
63:96:32:44:18:2f:00:48:2f:03:56:0b:a4:be:e2:fe:9d:22:
4d:a8:39:0b:f1:69:a9:a6:64:36:aa:d4:9c:9b:a8:3d:b5:6f:
1e:9f:aa:66:cf:3e:c6:60:84:08:c2:04:c4:a6:96:9e:a5:03:
76:c0:04:e8:6e:43:cb:01:f7:67:74:bb:f6:b9:ca:06:b7:58:
b4:44:75:81
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICde4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTEx
OTQxMzNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM0NEY0NzFEOTc2NDM4
NEE4RDUwODQxOTcxNjIzM0ExMEMyRjcwODgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDATS3mg3tTXsOTmk3gHyGeha7bZsNmtL+k4PKjbQIc/f+m0pK/
5nYmMHstLugDaoxS8uOtuXN9I9fKTUzqpWYvVysJmIA6hiFz6eI7gqzMEsoSVa1R
eLIjeg+syPgQ2INLKUFjiBp4ubaO59lfwLOcnFhCLF/x0h5aP4fz34QaTVelxryJ
xIRUr7Cui5d2muTwRPgowntZGitbV1YR9v/qUFj+Ay7mrjq8qXubQkd9nsipaK51
mmmRoY68loSGbyZCli3296vqTiJ/5IGPcX5iHMl0CbX+diwyZhGCHvqyx6Liyz8l
NlpKy80tYpUU1eW021WTuoUBuJMmixj65tMLAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUNE9HHZdkOEqNUIQZcWIzoQwvcIgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L05FOUhIWmRrT0VxTlVJ
UVpjV0l6b1F3dmNJZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQACfbUH
eluBu5zsF9Z/m8b7iAd2hu106Zq/uzP93wOUdiGyXeaH2baEXqlVmeVJYUzPzjG/
niaQj2/xFd255ImfWiOfHhdTYeIk3rZVVzEesuztluJKTnFyZtzug2jV9W90BqJj
d/C0rK0l8wznAZ2XE6tGgdYqXRMFCdvBdT+O6ZVGzhbrXRpDD/FshLnsHE308Eay
19QOZ8NH8rn8X4MJPQQ7NGZgD8Wg3os7GKYmxoZ1PGVjljJEGC8ASC8DVgukvuL+
nSJNqDkL8WmppmQ2qtScm6g9tW8en6pmzz7GYIQIwgTEppaepQN2wATobkPLAfdn
dLv2ucoGt1i0RHWB
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:38:51 2025 by rpki-client