Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/VN98VFAaPgONS01_Ad4rwfZIdDU.roa
File: VN98VFAaPgONS01_Ad4rwfZIdDU.roa (raw, json)
Hash identifier: RpWDuLPSd8EA+csCAnxvU+SaA3Y+MKuvd9AftnNceZQ=
Subject key identifier: 54:DF:7C:54:50:1A:3E:03:8D:4B:4D:7F:01:DE:2B:C1:F6:48:74:35
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6E06
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/VN98VFAaPgONS01_Ad4rwfZIdDU.roa
Signing time: Fri 20 Jun 2025 23:14:19 +0000
ROA not before: Fri 20 Jun 2025 23:14:19 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28166 (0x6e06)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 20 23:14:19 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=54DF7C54501A3E038D4B4D7F01DE2BC1F6487435
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:8c:0f:37:bf:25:84:c8:5a:4a:0d:c6:25:23:
22:5a:b2:16:c2:b4:1e:00:fb:92:86:ed:4b:6e:7c:
a8:5d:e0:65:77:2e:18:14:a6:a8:d8:ec:e1:e1:2a:
12:ff:c3:9d:91:f1:e1:c4:3a:6a:53:09:4d:78:67:
53:51:b2:de:02:af:93:11:99:1d:70:fe:0c:99:8a:
90:ec:43:cd:2b:32:72:c6:47:bd:3f:ba:71:76:9b:
4a:1e:89:ff:14:c8:c1:4e:c4:cd:2c:e5:08:e9:4c:
28:c2:5c:13:ab:cf:99:9c:91:ac:8c:96:6b:23:43:
82:32:df:74:09:f7:6c:8c:5c:99:46:be:95:51:d5:
0e:87:4a:da:9c:51:a8:3b:aa:69:91:3a:94:0c:cb:
75:c3:a0:50:30:f9:34:46:e6:33:a3:73:ce:d2:88:
de:c0:6f:a3:b5:d2:14:8c:a1:41:2a:6b:2d:80:59:
88:b9:90:40:d3:00:8a:7a:50:38:a1:ed:f9:ed:ba:
72:81:ff:07:3b:db:ae:4d:a3:cd:7a:c2:d5:24:2a:
e8:50:9f:a8:82:cc:ef:e6:ae:14:36:45:fe:4e:27:
19:fc:56:01:ff:1d:85:6e:3d:56:d1:ab:fa:6c:64:
c3:5b:13:74:6e:93:1d:f2:5a:f9:c9:3b:a7:58:16:
e8:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
54:DF:7C:54:50:1A:3E:03:8D:4B:4D:7F:01:DE:2B:C1:F6:48:74:35
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/VN98VFAaPgONS01_Ad4rwfZIdDU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
7c:18:6c:76:57:45:b3:94:fd:bb:93:80:a3:2c:49:7b:20:5a:
21:eb:2e:c4:af:4d:4d:e8:9c:3a:bc:38:ff:87:5a:a0:de:ff:
0f:8d:da:9c:04:b3:25:5e:ce:a7:25:db:43:97:9b:c6:ed:b0:
a0:d8:07:36:e2:e9:54:e1:fc:6d:66:69:3a:78:33:bd:6f:8b:
20:9f:86:02:ba:a7:aa:4f:ad:9c:20:b6:85:27:b0:d9:12:b0:
40:06:c3:8f:8f:39:e5:bc:b4:0b:83:ad:40:e5:05:7f:13:7f:
3e:1a:95:1f:24:fe:00:bb:c1:31:1a:d5:79:42:84:b1:3a:91:
dc:36:0f:3e:0e:0d:59:f5:ac:16:6a:98:16:38:00:11:28:46:
48:7f:9c:41:92:58:90:bc:b4:2c:c7:8a:7e:0f:e8:f1:d8:d3:
fb:d6:5d:f2:f9:32:94:bb:28:17:9d:c7:fe:dc:ae:16:35:f1:
c6:d3:8f:96:b7:9f:76:c8:d5:87:c2:e7:40:8c:72:e6:68:f8:
68:7b:9f:f7:0a:99:b1:b7:57:1b:b1:d0:d7:5e:ff:cf:0c:02:
40:bc:9b:10:e2:df:19:f3:b6:8d:e6:99:ac:01:7a:7d:a2:5e:
e7:d5:e4:04:4d:ed:d0:c9:18:43:d4:00:99:cb:f1:68:9b:f0:
02:42:32:ef
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbgYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjAy
MzE0MTlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDU0REY3QzU0NTAxQTNF
MDM4RDRCNEQ3RjAxREUyQkMxRjY0ODc0MzUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDEjA83vyWEyFpKDcYlIyJashbCtB4A+5KG7UtufKhd4GV3LhgU
pqjY7OHhKhL/w52R8eHEOmpTCU14Z1NRst4Cr5MRmR1w/gyZipDsQ80rMnLGR70/
unF2m0oeif8UyMFOxM0s5QjpTCjCXBOrz5mckayMlmsjQ4Iy33QJ92yMXJlGvpVR
1Q6HStqcUag7qmmROpQMy3XDoFAw+TRG5jOjc87SiN7Ab6O10hSMoUEqay2AWYi5
kEDTAIp6UDih7fntunKB/wc7265No816wtUkKuhQn6iCzO/mrhQ2Rf5OJxn8VgH/
HYVuPVbRq/psZMNbE3Rukx3yWvnJO6dYFuhhAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUVN98VFAaPgONS01/Ad4rwfZIdDUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1ZOOThWRkFhUGdPTlMw
MV9BZDRyd2ZaSWREVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB8GGx2
V0WzlP27k4CjLEl7IFoh6y7Er01N6Jw6vDj/h1qg3v8PjdqcBLMlXs6nJdtDl5vG
7bCg2Ac24ulU4fxtZmk6eDO9b4sgn4YCuqeqT62cILaFJ7DZErBABsOPjznlvLQL
g61A5QV/E38+GpUfJP4Au8ExGtV5QoSxOpHcNg8+Dg1Z9awWapgWOAARKEZIf5xB
kliQvLQsx4p+D+jx2NP71l3y+TKUuygXncf+3K4WNfHG04+Wt592yNWHwudAjHLm
aPhoe5/3Cpmxt1cbsdDXXv/PDAJAvJsQ4t8Z87aN5pmsAXp9ol7n1eQETe3QyRhD
1ACZy/Fom/ACQjLv
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:38:39 2025 by rpki-client