Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/VilNctRfX3VlHx1so5pxZSNPA24.roa
File: VilNctRfX3VlHx1so5pxZSNPA24.roa (raw, json)
Hash identifier: ppGD+MzVgKmfcnDscCbLrIsnIz1MzLYmgne/wjU6cCU=
Subject key identifier: 56:29:4D:72:D4:5F:5F:75:65:1F:1D:6C:A3:9A:71:65:23:4F:03:6E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6E72
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/VilNctRfX3VlHx1so5pxZSNPA24.roa
Signing time: Sun 22 Jun 2025 02:14:11 +0000
ROA not before: Sun 22 Jun 2025 02:14:11 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28274 (0x6e72)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 22 02:14:11 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=56294D72D45F5F75651F1D6CA39A7165234F036E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:1d:13:51:01:5d:83:34:95:b3:88:61:34:84:
62:14:59:a9:a2:a5:84:d3:b3:93:a9:bb:de:52:b6:
c3:27:6e:69:ea:2c:63:7d:4f:3b:42:1f:ba:ef:ce:
18:2d:1b:33:9b:e6:60:96:73:ef:32:9c:81:ba:5a:
f3:e8:f4:8d:69:1c:e0:8b:7e:29:17:24:f4:fa:35:
27:2f:54:41:c7:b1:ad:b4:97:43:b2:97:15:d3:af:
8c:75:9d:df:ed:a4:34:a0:92:9a:b6:60:0c:00:04:
55:42:36:0f:bd:24:5c:0a:69:d9:9c:bf:40:5c:d5:
74:ae:90:cc:3f:05:93:c3:51:cd:00:5d:30:45:e3:
16:d0:9d:7c:21:f2:03:9a:b8:ac:8f:c3:8b:a3:c3:
a3:8f:26:88:93:1d:2a:aa:08:bb:7f:e6:96:1b:ca:
23:92:f3:cb:b6:3f:83:7b:01:07:5e:0b:92:93:3d:
08:9b:d0:e1:9e:e6:31:8c:41:7d:84:78:85:94:d1:
ca:b1:15:f5:a2:e5:ca:43:c1:52:92:de:2b:bc:d0:
17:bf:1f:06:91:2a:57:b9:4d:54:89:90:a6:12:cc:
82:29:a5:8c:1a:c7:9f:03:e5:e5:b6:1c:46:aa:40:
97:ac:d8:26:c8:b3:12:e9:75:ea:08:49:22:ea:c2:
4e:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:29:4D:72:D4:5F:5F:75:65:1F:1D:6C:A3:9A:71:65:23:4F:03:6E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/VilNctRfX3VlHx1so5pxZSNPA24.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
61:0e:c6:17:9f:f8:d9:8d:ab:4d:56:35:5c:67:40:e2:ca:27:
a4:d8:98:ed:ee:85:f2:16:6a:92:a0:59:a1:58:ac:dd:14:51:
92:95:b5:09:59:0e:f8:70:69:1b:a6:45:f3:f0:15:52:a4:48:
df:74:c9:57:e9:4b:46:e0:46:45:1e:11:70:9c:8a:1f:db:96:
8f:a9:b2:d9:81:5f:06:ae:0a:5e:73:34:77:29:4b:f2:4a:c4:
a5:2b:02:1a:96:7c:6e:ad:a3:b6:14:ef:c4:be:de:34:29:9c:
b4:a1:1f:1c:d8:43:2e:d2:19:c3:46:9f:98:84:31:80:38:01:
82:91:73:58:8e:ae:da:53:55:23:a8:f4:ab:2a:eb:9f:88:81:
ef:31:7d:7f:3f:c7:7c:fa:39:f6:4a:7f:83:21:63:f6:ac:5d:
31:ec:4e:9a:64:1a:90:d6:4d:0d:30:5f:68:2c:1f:64:09:aa:
20:7f:c9:87:0d:f4:d4:33:86:5a:df:4a:32:cc:2a:3f:fd:5e:
1f:f4:94:e6:40:59:67:82:6e:77:57:f0:f6:dc:cb:60:03:ff:
74:01:72:ca:35:19:a4:b3:1d:67:6b:c1:27:4d:67:74:aa:07:
66:b6:cb:29:3c:bb:b4:95:04:d3:96:a3:96:1f:08:5d:89:b1:
4a:1a:4c:1a
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbnIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjIw
MjE0MTFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDU2Mjk0RDcyRDQ1RjVG
NzU2NTFGMUQ2Q0EzOUE3MTY1MjM0RjAzNkUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDFHRNRAV2DNJWziGE0hGIUWamipYTTs5Opu95StsMnbmnqLGN9
TztCH7rvzhgtGzOb5mCWc+8ynIG6WvPo9I1pHOCLfikXJPT6NScvVEHHsa20l0Oy
lxXTr4x1nd/tpDSgkpq2YAwABFVCNg+9JFwKadmcv0Bc1XSukMw/BZPDUc0AXTBF
4xbQnXwh8gOauKyPw4ujw6OPJoiTHSqqCLt/5pYbyiOS88u2P4N7AQdeC5KTPQib
0OGe5jGMQX2EeIWU0cqxFfWi5cpDwVKS3iu80Be/HwaRKle5TVSJkKYSzIIppYwa
x58D5eW2HEaqQJes2CbIsxLpdeoISSLqwk7rAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUVilNctRfX3VlHx1so5pxZSNPA24wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1ZpbE5jdFJmWDNWbEh4
MXNvNXB4WlNOUEEyNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBhDsYX
n/jZjatNVjVcZ0Diyiek2Jjt7oXyFmqSoFmhWKzdFFGSlbUJWQ74cGkbpkXz8BVS
pEjfdMlX6UtG4EZFHhFwnIof25aPqbLZgV8GrgpeczR3KUvySsSlKwIalnxuraO2
FO/Evt40KZy0oR8c2EMu0hnDRp+YhDGAOAGCkXNYjq7aU1UjqPSrKuufiIHvMX1/
P8d8+jn2Sn+DIWP2rF0x7E6aZBqQ1k0NMF9oLB9kCaogf8mHDfTUM4Za30oyzCo/
/V4f9JTmQFlngm53V/D23MtgA/90AXLKNRmksx1na8EnTWd0qgdmtsspPLu0lQTT
lqOWHwhdibFKGkwa
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:39:08 2025 by rpki-client