Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/NxGrp7zYbJmThRA5qGBNgs_x2u0.roa
File: NxGrp7zYbJmThRA5qGBNgs_x2u0.roa (raw, json)
Hash identifier: LrJxqVReC+6t0oaFwKawquPJ/9hwzK5XWEi09o5A2IA=
Subject key identifier: 37:11:AB:A7:BC:D8:6C:99:93:85:10:39:A8:60:4D:82:CF:F1:DA:ED
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6C7E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NxGrp7zYbJmThRA5qGBNgs_x2u0.roa
Signing time: Mon 16 Jun 2025 09:42:26 +0000
ROA not before: Mon 16 Jun 2025 09:42:26 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27774 (0x6c7e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 16 09:42:26 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=3711ABA7BCD86C9993851039A8604D82CFF1DAED
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:67:1f:a7:24:8a:78:a6:81:3c:dd:e4:71:7d:
05:75:0c:d2:9c:f6:08:8c:9c:17:67:c5:a9:75:0e:
3f:1a:c1:1d:c4:c9:43:78:5f:d8:fe:2e:c5:0f:d5:
19:4b:e6:08:f9:45:8c:e7:23:42:22:4d:3f:d7:69:
ea:7c:16:38:98:d0:a2:58:25:f0:db:4e:9e:16:4f:
af:96:33:44:4c:26:cb:e0:53:fc:38:64:ff:6c:63:
5d:d8:7b:2e:57:53:a8:8a:5d:c7:68:75:1d:c6:30:
ce:06:dd:4e:68:f8:c5:d8:61:77:76:58:60:76:71:
73:fb:b4:f9:93:55:7b:dd:9a:ab:76:51:49:46:b2:
22:6b:dc:1e:76:03:af:9b:a8:1a:11:4d:8e:b8:00:
d4:3e:94:93:bf:74:a4:15:fa:42:33:4e:82:db:e8:
d7:3d:f3:4f:ed:5a:3d:08:fa:fb:2a:57:d6:1d:ba:
9e:83:d0:cf:eb:56:1d:55:2f:c1:e9:48:c3:ff:6b:
a3:91:3f:00:e4:fc:82:3d:04:8f:88:23:55:10:dc:
bc:45:8a:94:c4:99:54:bd:a0:ac:90:11:d7:f7:fd:
2b:29:e2:fe:0b:0b:45:c5:02:8f:6e:7a:38:88:31:
c1:b0:ed:fe:2f:16:8e:91:71:04:7b:74:01:26:a6:
1b:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:11:AB:A7:BC:D8:6C:99:93:85:10:39:A8:60:4D:82:CF:F1:DA:ED
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/NxGrp7zYbJmThRA5qGBNgs_x2u0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
26:fe:2b:d8:ff:fa:47:e3:9a:8b:b0:78:93:2b:2a:b0:c8:eb:
51:9d:38:37:c6:a9:53:a8:7b:6a:94:29:7b:ca:99:a8:14:58:
ed:33:81:e1:e2:a8:d4:d0:82:8e:08:42:ff:07:d7:f8:26:15:
49:0b:e8:58:bf:b6:c3:13:79:09:f1:ac:61:71:a5:de:a1:ec:
d8:8e:13:d5:e2:27:c2:67:34:f3:21:7b:4a:3d:f5:b9:a6:9e:
4a:d6:a0:24:57:83:9b:7b:7e:52:09:18:5e:63:ab:b6:bb:bd:
df:85:8b:b9:42:bb:9c:9c:1b:c4:43:98:be:0e:3b:23:07:d8:
11:a7:ec:23:7c:cb:c3:a0:99:d3:ef:a9:26:58:f7:18:ce:43:
11:a5:96:72:86:82:e0:f9:ec:3f:ef:72:d0:b2:3c:06:fd:44:
a3:43:cb:8c:62:b9:32:72:a8:eb:bf:4a:a9:f8:67:31:b8:92:
a1:db:6d:a2:8a:68:fd:97:01:a1:9c:09:a5:7b:3c:58:c0:13:
70:00:e6:c1:7c:df:43:9d:47:50:5b:61:ae:b4:ec:43:98:d7:
10:59:53:e9:f6:7b:30:14:de:3b:88:ec:5e:db:28:51:19:39:
19:5b:01:0d:03:9b:4a:68:5c:30:96:5b:c9:f6:8d:84:10:03:
44:83:ab:65
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbH4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTYw
OTQyMjZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM3MTFBQkE3QkNEODZD
OTk5Mzg1MTAzOUE4NjA0RDgyQ0ZGMURBRUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC8Zx+nJIp4poE83eRxfQV1DNKc9giMnBdnxal1Dj8awR3EyUN4
X9j+LsUP1RlL5gj5RYznI0IiTT/Xaep8FjiY0KJYJfDbTp4WT6+WM0RMJsvgU/w4
ZP9sY13Yey5XU6iKXcdodR3GMM4G3U5o+MXYYXd2WGB2cXP7tPmTVXvdmqt2UUlG
siJr3B52A6+bqBoRTY64ANQ+lJO/dKQV+kIzToLb6Nc980/tWj0I+vsqV9Ydup6D
0M/rVh1VL8HpSMP/a6ORPwDk/II9BI+II1UQ3LxFipTEmVS9oKyQEdf3/Ssp4v4L
C0XFAo9uejiIMcGw7f4vFo6RcQR7dAEmphvBAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUNxGrp7zYbJmThRA5qGBNgs/x2u0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L054R3JwN3pZYkptVGhS
QTVxR0JOZ3NfeDJ1MC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAm/ivY
//pH45qLsHiTKyqwyOtRnTg3xqlTqHtqlCl7ypmoFFjtM4Hh4qjU0IKOCEL/B9f4
JhVJC+hYv7bDE3kJ8axhcaXeoezYjhPV4ifCZzTzIXtKPfW5pp5K1qAkV4Obe35S
CRheY6u2u73fhYu5QrucnBvEQ5i+DjsjB9gRp+wjfMvDoJnT76kmWPcYzkMRpZZy
hoLg+ew/73LQsjwG/USjQ8uMYrkycqjrv0qp+GcxuJKh222iimj9lwGhnAmlezxY
wBNwAObBfN9DnUdQW2GutOxDmNcQWVPp9nswFN47iOxe2yhRGTkZWwENA5tKaFww
llvJ9o2EEANEg6tl
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:53:20 2025 by rpki-client