Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/NT9VDxMvTMmFoo0WGRanx2WcLQU.roa
File: NT9VDxMvTMmFoo0WGRanx2WcLQU.roa (raw, json)
Hash identifier: +rn2qnFkExtuREfGvwXY0n+vnhkIEoikI5NCtLPh340=
Subject key identifier: 35:3F:55:0F:13:2F:4C:C9:85:A2:8D:16:19:16:A7:C7:65:9C:2D:05
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7530
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NT9VDxMvTMmFoo0WGRanx2WcLQU.roa
Signing time: Wed 09 Jul 2025 19:45:05 +0000
ROA not before: Wed 09 Jul 2025 19:45:05 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30000 (0x7530)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 9 19:45:05 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=353F550F132F4CC985A28D161916A7C7659C2D05
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:a1:15:7d:5c:d9:98:7b:65:c2:bf:b2:c3:e8:
c3:2e:d3:b1:28:39:19:76:d1:4c:a7:db:92:f2:81:
82:6e:a9:7c:1f:4c:0d:ba:6f:b6:9c:02:90:9f:62:
56:e9:13:c8:47:19:dd:76:45:29:f2:cc:6b:0a:3c:
23:0b:79:5d:67:18:76:d0:84:81:63:5e:cf:cd:cf:
84:ed:ee:58:9e:ed:65:d1:c4:f0:cb:e8:09:12:0c:
03:cb:03:5e:61:c2:8d:3e:aa:71:e0:b0:d7:5a:b7:
bb:43:6f:68:79:61:4f:54:fd:6b:78:2d:a3:07:65:
21:54:9f:5c:c2:89:23:b4:0c:e9:71:71:a7:38:53:
ec:4b:35:bc:53:87:43:f7:f7:59:d1:5c:77:99:e0:
5d:d6:45:1f:fd:fc:66:cd:a6:a3:23:fe:b9:cd:0e:
32:c9:d0:34:c6:55:06:d1:06:24:83:17:81:0e:5b:
ba:9b:7d:a8:aa:fe:80:35:16:7b:75:95:13:1f:96:
0f:96:02:62:32:44:5e:47:f0:d4:92:2f:2e:a1:7f:
29:84:19:34:25:cb:92:f6:d5:01:f2:39:cf:c5:56:
14:77:6d:1b:c3:77:14:00:cf:c0:8b:e1:0f:d6:57:
39:0f:b9:84:0f:b4:1e:7b:eb:b4:89:0c:9c:84:8c:
f9:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:3F:55:0F:13:2F:4C:C9:85:A2:8D:16:19:16:A7:C7:65:9C:2D:05
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NT9VDxMvTMmFoo0WGRanx2WcLQU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
4d:40:12:14:6d:fb:91:cd:3c:ce:73:4d:30:5d:5d:e8:6b:d1:
57:82:59:57:bc:3d:6e:74:8e:89:3d:d5:0d:10:46:17:b2:4f:
dc:3a:24:88:c1:82:cf:ea:54:b2:9c:b6:da:9e:81:5b:af:b5:
32:b6:1a:35:f9:f5:05:3a:a6:9a:62:1b:4c:73:bc:ae:30:e0:
ca:fe:a1:ab:7d:8f:c7:dc:72:57:af:55:8f:b7:67:36:98:c7:
14:3a:e9:5f:8d:ea:1d:12:a5:f5:81:e5:87:71:ce:c8:19:e0:
32:e0:02:f2:72:2e:a4:e6:d5:e6:11:26:2f:5b:d6:f9:0e:3d:
12:8c:3a:06:36:48:1c:60:41:12:07:8f:39:f6:22:c2:a5:f5:
5f:8a:38:07:a3:52:0a:09:5d:af:80:16:9f:37:67:ea:5d:b7:
d5:7c:a4:25:0f:56:1d:89:bc:e6:f5:47:2d:05:eb:c0:e0:ee:
52:6a:b1:6a:27:74:34:f0:c9:ea:bf:35:ad:1f:d1:e8:b4:96:
d2:0e:03:6d:6f:88:b7:d2:e7:af:a8:3c:41:5a:1a:6d:f5:46:
9a:3c:5c:63:c1:84:55:9c:54:ba:1b:2e:d3:b3:72:f7:fe:f5:
6d:51:50:25:3a:cd:98:ac:15:aa:af:41:af:e3:24:66:ac:c1:
07:34:7f:74
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdTAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDkx
OTQ1MDVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM1M0Y1NTBGMTMyRjRD
Qzk4NUEyOEQxNjE5MTZBN0M3NjU5QzJEMDUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDMoRV9XNmYe2XCv7LD6MMu07EoORl20Uyn25LygYJuqXwfTA26
b7acApCfYlbpE8hHGd12RSnyzGsKPCMLeV1nGHbQhIFjXs/Nz4Tt7lie7WXRxPDL
6AkSDAPLA15hwo0+qnHgsNdat7tDb2h5YU9U/Wt4LaMHZSFUn1zCiSO0DOlxcac4
U+xLNbxTh0P391nRXHeZ4F3WRR/9/GbNpqMj/rnNDjLJ0DTGVQbRBiSDF4EOW7qb
faiq/oA1Fnt1lRMflg+WAmIyRF5H8NSSLy6hfymEGTQly5L21QHyOc/FVhR3bRvD
dxQAz8CL4Q/WVzkPuYQPtB5767SJDJyEjPlhAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUNT9VDxMvTMmFoo0WGRanx2WcLQUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L05UOVZEeE12VE1tRm9v
MFdHUmFueDJXY0xRVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBNQBIU
bfuRzTzOc00wXV3oa9FXgllXvD1udI6JPdUNEEYXsk/cOiSIwYLP6lSynLbanoFb
r7Uytho1+fUFOqaaYhtMc7yuMODK/qGrfY/H3HJXr1WPt2c2mMcUOulfjeodEqX1
geWHcc7IGeAy4ALyci6k5tXmESYvW9b5Dj0SjDoGNkgcYEESB4859iLCpfVfijgH
o1IKCV2vgBafN2fqXbfVfKQlD1Ydibzm9UctBevA4O5SarFqJ3Q08MnqvzWtH9Ho
tJbSDgNtb4i30uevqDxBWhpt9UaaPFxjwYRVnFS6Gy7Ts3L3/vVtUVAlOs2YrBWq
r0Gv4yRmrMEHNH90
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:45:23 2025 by rpki-client