Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Nsdh0fXDOB3MXoJcXTHVP3RE5Tg.roa
File: Nsdh0fXDOB3MXoJcXTHVP3RE5Tg.roa (raw, json)
Hash identifier: P8f2MeuaHqK+3Jk4YRu92PLc2dpjHdEAAceHEKvVkZo=
Subject key identifier: 36:C7:61:D1:F5:C3:38:1D:CC:5E:82:5C:5D:31:D5:3F:74:44:E5:38
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6E10
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Nsdh0fXDOB3MXoJcXTHVP3RE5Tg.roa
Signing time: Sat 21 Jun 2025 01:47:55 +0000
ROA not before: Sat 21 Jun 2025 01:47:55 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28176 (0x6e10)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 21 01:47:55 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=36C761D1F5C3381DCC5E825C5D31D53F7444E538
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:72:7e:8c:fd:26:4c:72:cd:9d:25:89:71:4b:
4c:9b:a0:c8:88:a6:06:bf:4b:a0:f6:37:b7:f7:cb:
bc:88:14:43:c9:50:93:3d:e7:b2:7e:49:68:e5:fe:
61:52:50:bc:6d:f2:dc:81:84:fd:ce:d0:a8:8d:5a:
5c:4f:a3:f5:e1:13:d2:a5:28:29:b2:0e:24:7d:63:
91:82:b6:ff:ca:80:fa:f6:57:27:fa:e1:17:fc:12:
4d:dd:53:1f:cd:f7:36:25:c1:43:1e:42:5a:94:b3:
ad:d7:bc:0e:c8:66:77:db:73:1d:66:7f:3b:67:aa:
06:49:6a:b5:6a:87:3c:08:18:a1:b2:c8:6a:42:2f:
05:1b:3b:1f:cb:88:ba:8f:98:e3:eb:74:34:2c:9f:
e5:0d:fa:2e:25:f3:01:e6:0e:ae:3b:27:fa:87:03:
e7:19:fa:9f:42:d7:60:18:3e:e3:fd:02:c8:38:ba:
03:4b:cb:ce:89:6d:53:73:13:7e:15:4d:a5:55:d4:
01:1e:42:27:e7:39:e5:46:a7:00:9d:cc:a2:d2:df:
c8:1b:02:31:bb:9e:62:de:03:2a:14:25:16:43:e1:
ee:01:e9:a2:dc:12:09:e6:12:83:31:30:fb:e5:10:
78:a9:f6:e0:82:b9:e7:d4:a1:01:be:34:26:6d:50:
51:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:C7:61:D1:F5:C3:38:1D:CC:5E:82:5C:5D:31:D5:3F:74:44:E5:38
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Nsdh0fXDOB3MXoJcXTHVP3RE5Tg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
32:5f:f7:20:75:78:8b:6b:4f:59:c8:cf:dd:df:2a:6d:14:17:
14:31:3d:ec:de:6f:9e:36:8b:c1:68:b6:36:06:44:7c:b5:cd:
e9:44:7a:02:7b:e7:3f:31:7e:15:d9:1e:0d:86:db:70:4e:6f:
d0:9a:16:bc:de:4b:89:50:8a:8a:6b:58:84:bc:2a:4f:ab:6a:
1a:fa:b0:5f:e2:e4:b7:94:a3:40:47:f8:04:8c:55:78:3d:64:
29:1e:4c:a4:70:2f:07:65:8a:17:6b:83:10:99:7e:94:e4:4e:
5a:a5:5f:58:11:89:f7:f4:70:fc:de:48:02:30:7c:96:a9:58:
95:e5:06:40:50:d9:bc:ea:8c:13:af:c8:66:c0:98:f1:a3:3b:
11:77:89:bd:35:8b:90:1b:97:81:31:af:3a:da:c1:69:a4:81:
f5:77:5f:d4:74:ab:bf:db:d5:64:29:cd:66:2f:98:91:9f:4c:
9f:51:f6:ce:07:06:50:d6:28:95:1c:57:50:f8:06:bf:3c:d2:
04:f3:42:1d:d0:9f:c7:48:0f:96:6a:bb:b8:53:60:7a:42:36:
45:42:04:bb:74:fd:a6:64:20:0a:59:94:d8:c8:7d:d0:ef:96:
00:06:02:17:51:4d:a4:2d:37:0f:87:5c:f0:52:c6:e5:2f:aa:
09:1b:45:ce
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbhAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjEw
MTQ3NTVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM2Qzc2MUQxRjVDMzM4
MURDQzVFODI1QzVEMzFENTNGNzQ0NEU1MzgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC3cn6M/SZMcs2dJYlxS0yboMiIpga/S6D2N7f3y7yIFEPJUJM9
57J+SWjl/mFSULxt8tyBhP3O0KiNWlxPo/XhE9KlKCmyDiR9Y5GCtv/KgPr2Vyf6
4Rf8Ek3dUx/N9zYlwUMeQlqUs63XvA7IZnfbcx1mfztnqgZJarVqhzwIGKGyyGpC
LwUbOx/LiLqPmOPrdDQsn+UN+i4l8wHmDq47J/qHA+cZ+p9C12AYPuP9Asg4ugNL
y86JbVNzE34VTaVV1AEeQifnOeVGpwCdzKLS38gbAjG7nmLeAyoUJRZD4e4B6aLc
EgnmEoMxMPvlEHip9uCCuefUoQG+NCZtUFG1AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUNsdh0fXDOB3MXoJcXTHVP3RE5TgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L05zZGgwZlhET0IzTVhv
SmNYVEhWUDNSRTVUZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAyX/cg
dXiLa09ZyM/d3yptFBcUMT3s3m+eNovBaLY2BkR8tc3pRHoCe+c/MX4V2R4Nhttw
Tm/Qmha83kuJUIqKa1iEvCpPq2oa+rBf4uS3lKNAR/gEjFV4PWQpHkykcC8HZYoX
a4MQmX6U5E5apV9YEYn39HD83kgCMHyWqViV5QZAUNm86owTr8hmwJjxozsRd4m9
NYuQG5eBMa862sFppIH1d1/UdKu/29VkKc1mL5iRn0yfUfbOBwZQ1iiVHFdQ+Aa/
PNIE80Id0J/HSA+Waru4U2B6QjZFQgS7dP2mZCAKWZTYyH3Q75YABgIXUU2kLTcP
h1zwUsblL6oJG0XO
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:57:50 2025 by rpki-client