Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/XUXNkNV-cN-N13A55kRyWd_DcR4.roa
File: XUXNkNV-cN-N13A55kRyWd_DcR4.roa (raw, json)
Hash identifier: JRKXuLuqRzs8PPIk8KiYcGq/2ichwtfrpo6ztpQ03jc=
Subject key identifier: 5D:45:CD:90:D5:7E:70:DF:8D:D7:70:39:E6:44:72:59:DF:C3:71:1E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 70B0
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XUXNkNV-cN-N13A55kRyWd_DcR4.roa
Signing time: Fri 27 Jun 2025 19:44:35 +0000
ROA not before: Fri 27 Jun 2025 19:44:35 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28848 (0x70b0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 27 19:44:35 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=5D45CD90D57E70DF8DD77039E6447259DFC3711E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:5f:70:92:29:dc:ee:9e:b8:4c:66:e2:ce:f3:
1f:09:c1:e9:a7:5b:a7:45:11:35:3b:db:be:a7:de:
7b:d1:a7:e0:f9:41:fc:57:27:38:4d:fe:ff:d1:01:
2e:e1:e0:1f:46:b3:7e:76:76:f2:4e:23:1b:99:ad:
39:8c:39:33:00:c6:ef:7c:0d:2c:72:25:58:cf:8d:
f1:c6:2f:64:5e:30:cc:40:dd:fb:a2:e2:9c:42:bd:
bf:5d:9d:4e:f9:38:11:d5:89:ef:85:cb:6e:87:40:
8f:41:99:71:a9:84:53:86:00:4e:95:e7:ed:01:16:
11:d1:d3:4d:e4:56:e0:c6:98:9f:c5:d6:82:cb:5a:
85:8e:14:63:42:df:16:86:fd:d0:ad:e9:db:a3:a0:
36:9b:dd:35:93:3a:f6:8b:f0:0b:6d:4e:08:1d:95:
2c:d5:0d:80:63:a8:dd:b4:73:7a:b5:fe:ad:12:c9:
af:31:d6:75:a7:e6:1e:1e:9f:ad:d2:fa:e9:ad:c2:
e7:34:da:cd:3f:cd:43:a8:0e:be:45:f8:9a:86:cd:
62:55:44:e4:53:3e:fb:1b:75:ce:ba:b9:c3:84:20:
e9:50:89:b9:99:96:3e:a4:d4:b8:81:24:e1:be:d0:
6b:ce:f3:73:94:88:ec:bf:7a:31:43:67:c4:df:83:
cb:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:45:CD:90:D5:7E:70:DF:8D:D7:70:39:E6:44:72:59:DF:C3:71:1E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/XUXNkNV-cN-N13A55kRyWd_DcR4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
73:b4:82:62:ed:b9:97:7c:6b:ff:f4:39:4f:3c:d1:03:c7:2a:
80:dd:47:d3:3d:7c:27:64:d2:6c:45:8f:50:e9:7d:d9:4c:c9:
1a:86:cb:a3:ca:73:2e:b0:22:d4:d6:43:4b:ce:85:41:bc:10:
6a:fd:f8:d5:0f:86:21:bc:93:44:f7:f1:9f:d9:16:73:2a:48:
54:40:fa:c3:2a:99:25:5b:07:9d:7a:6a:c1:58:c2:ad:be:e9:
c1:bc:fb:4e:8f:40:3c:71:55:72:b8:01:f6:68:a0:45:3b:69:
34:d3:27:9e:8a:9a:d6:44:62:dd:d4:ef:5e:88:f4:42:21:2b:
84:e6:c4:c5:81:b6:78:39:5d:27:0b:3b:c3:16:c4:f8:23:7b:
de:29:ad:a5:6a:53:30:3f:b6:b9:6c:b4:c4:49:3d:03:43:94:
60:4f:43:1a:c6:74:22:14:7a:19:e5:5e:29:12:13:87:f6:b3:
2f:16:a3:18:65:6f:71:24:12:21:f7:08:76:75:26:03:7b:32:
31:ad:47:a0:b0:9f:22:1d:8c:29:f4:ba:4f:99:8e:83:85:8a:
7b:cd:6f:26:ef:cf:eb:06:75:de:f0:79:a3:4a:d9:41:f7:ab:
21:f4:3d:bc:ac:87:0e:92:81:13:9b:35:6e:6e:a7:d6:64:0d:
0e:2d:ea:82
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcLAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2Mjcx
OTQ0MzVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDVENDVDRDkwRDU3RTcw
REY4REQ3NzAzOUU2NDQ3MjU5REZDMzcxMUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDLX3CSKdzunrhMZuLO8x8JwemnW6dFETU7276n3nvRp+D5QfxX
JzhN/v/RAS7h4B9Gs352dvJOIxuZrTmMOTMAxu98DSxyJVjPjfHGL2ReMMxA3fui
4pxCvb9dnU75OBHVie+Fy26HQI9BmXGphFOGAE6V5+0BFhHR003kVuDGmJ/F1oLL
WoWOFGNC3xaG/dCt6dujoDab3TWTOvaL8AttTggdlSzVDYBjqN20c3q1/q0Sya8x
1nWn5h4en63S+umtwuc02s0/zUOoDr5F+JqGzWJVRORTPvsbdc66ucOEIOlQibmZ
lj6k1LiBJOG+0GvO83OUiOy/ejFDZ8Tfg8sdAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUXUXNkNV+cN+N13A55kRyWd/DcR4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1hVWE5rTlYtY04tTjEz
QTU1a1J5V2RfRGNSNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBztIJi
7bmXfGv/9DlPPNEDxyqA3UfTPXwnZNJsRY9Q6X3ZTMkahsujynMusCLU1kNLzoVB
vBBq/fjVD4YhvJNE9/Gf2RZzKkhUQPrDKpklWwedemrBWMKtvunBvPtOj0A8cVVy
uAH2aKBFO2k00yeeiprWRGLd1O9eiPRCISuE5sTFgbZ4OV0nCzvDFsT4I3veKa2l
alMwP7a5bLTEST0DQ5RgT0MaxnQiFHoZ5V4pEhOH9rMvFqMYZW9xJBIh9wh2dSYD
ezIxrUegsJ8iHYwp9LpPmY6DhYp7zW8m78/rBnXe8HmjStlB96sh9D28rIcOkoET
mzVubqfWZA0OLeqC
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:47:36 2025 by rpki-client