Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/NGk76MyxKvaYRvo8-t5fA7ZG5pc.roa
File: NGk76MyxKvaYRvo8-t5fA7ZG5pc.roa (raw, json)
Hash identifier: iWQEbHXfSTuq47FqZL8CWylFSUls/HJ6GCxBZgvrxT0=
Subject key identifier: 34:69:3B:E8:CC:B1:2A:F6:98:46:FA:3C:FA:DE:5F:03:B6:46:E6:97
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6CC0
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NGk76MyxKvaYRvo8-t5fA7ZG5pc.roa
Signing time: Tue 17 Jun 2025 02:12:29 +0000
ROA not before: Tue 17 Jun 2025 02:12:29 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27840 (0x6cc0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 17 02:12:29 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=34693BE8CCB12AF69846FA3CFADE5F03B646E697
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:a0:0c:34:21:12:66:24:61:a2:95:b0:65:03:
3c:52:fb:2d:13:ed:b0:6b:dc:0e:0e:1b:97:8b:c8:
c4:5f:2c:62:c3:c1:01:21:0a:7a:f8:f1:be:b8:6b:
8b:78:97:7d:a1:46:f0:a1:f5:29:2a:13:5f:fd:ad:
96:13:c7:84:75:2a:0d:72:96:91:ca:26:f2:97:29:
9c:ec:9e:9c:46:53:fb:78:b5:ad:e3:10:b0:5b:f8:
2d:e8:59:f5:32:2d:db:c1:87:3e:dc:55:1b:55:1c:
63:64:0d:56:9d:aa:63:5a:fd:24:88:61:86:91:98:
a4:4d:34:bf:e2:f6:d4:1b:f1:dc:61:fd:16:19:1f:
07:1f:8f:d2:ab:1e:79:7b:7f:74:9f:bd:ef:58:2c:
8b:3a:86:a2:df:2b:e2:84:c3:b6:7e:05:3b:8f:95:
c4:28:6b:e9:0d:9d:2e:15:f4:ee:a1:2a:a6:1d:c0:
c2:8c:ee:52:5f:88:af:2d:5a:e2:cf:96:cb:56:3e:
7a:5e:ad:68:89:25:31:75:6e:3b:51:47:4c:d5:e6:
7f:56:a8:ff:40:eb:90:37:81:ca:86:5a:58:bf:6b:
8a:c0:54:9a:f0:6e:79:34:5c:10:b3:df:79:2e:18:
98:2c:b6:45:76:b3:cd:fb:ed:fc:53:ca:a1:ae:a2:
af:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:69:3B:E8:CC:B1:2A:F6:98:46:FA:3C:FA:DE:5F:03:B6:46:E6:97
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NGk76MyxKvaYRvo8-t5fA7ZG5pc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
48:4b:ea:89:4c:ad:69:92:34:c8:45:0a:0e:65:44:13:a5:ae:
91:ad:0d:6a:b1:c8:0e:87:9c:26:03:af:97:96:78:2c:fb:45:
96:f9:87:cd:ea:4f:58:3b:1e:4b:75:b9:31:4a:1f:2d:ba:85:
fb:0a:e7:34:fc:ca:a8:a9:72:67:0d:12:34:92:48:41:a4:8d:
11:8d:35:ef:d1:e2:4f:04:93:d0:78:6c:40:ac:c3:c0:b7:58:
ed:83:7e:0d:d0:dc:51:43:0c:e1:b7:2d:08:22:69:7b:81:1c:
0b:3b:7e:33:b1:04:c5:47:5f:08:9c:12:bd:a4:a5:21:09:1a:
fa:1f:8b:bc:19:3b:7b:04:20:52:7c:db:7e:7d:93:2a:22:9d:
58:ef:73:e8:e9:d9:35:a6:b8:f6:b1:44:b4:d8:d9:a5:2f:a2:
26:65:94:26:36:87:d1:70:a8:74:a1:94:47:fb:55:e2:56:cb:
34:29:64:d6:bc:38:68:14:fb:8d:24:4f:84:f1:ae:c2:6c:9f:
5f:80:5e:c7:1d:dc:9d:d2:86:c2:f9:b9:6e:f5:9a:91:18:04:
80:05:fb:be:15:47:f5:0e:db:d1:2c:b6:0d:38:6a:b9:4c:a1:
b4:82:62:f6:58:74:e0:9d:49:77:93:b4:89:30:42:56:f8:d7:
2b:89:da:d0
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbMAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTcw
MjEyMjlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM0NjkzQkU4Q0NCMTJB
RjY5ODQ2RkEzQ0ZBREU1RjAzQjY0NkU2OTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDRoAw0IRJmJGGilbBlAzxS+y0T7bBr3A4OG5eLyMRfLGLDwQEh
Cnr48b64a4t4l32hRvCh9SkqE1/9rZYTx4R1Kg1ylpHKJvKXKZzsnpxGU/t4ta3j
ELBb+C3oWfUyLdvBhz7cVRtVHGNkDVadqmNa/SSIYYaRmKRNNL/i9tQb8dxh/RYZ
Hwcfj9KrHnl7f3Sfve9YLIs6hqLfK+KEw7Z+BTuPlcQoa+kNnS4V9O6hKqYdwMKM
7lJfiK8tWuLPlstWPnperWiJJTF1bjtRR0zV5n9WqP9A65A3gcqGWli/a4rAVJrw
bnk0XBCz33kuGJgstkV2s8377fxTyqGuoq+/AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUNGk76MyxKvaYRvo8+t5fA7ZG5pcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L05Hazc2TXl4S3ZhWVJ2
bzgtdDVmQTdaRzVwYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBIS+qJ
TK1pkjTIRQoOZUQTpa6RrQ1qscgOh5wmA6+Xlngs+0WW+YfN6k9YOx5LdbkxSh8t
uoX7Cuc0/MqoqXJnDRI0kkhBpI0RjTXv0eJPBJPQeGxArMPAt1jtg34N0NxRQwzh
ty0IIml7gRwLO34zsQTFR18InBK9pKUhCRr6H4u8GTt7BCBSfNt+fZMqIp1Y73Po
6dk1prj2sUS02NmlL6ImZZQmNofRcKh0oZRH+1XiVss0KWTWvDhoFPuNJE+E8a7C
bJ9fgF7HHdyd0obC+blu9ZqRGASABfu+FUf1DtvRLLYNOGq5TKG0gmL2WHTgnUl3
k7SJMEJW+NcridrQ
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:37:11 2025 by rpki-client