Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/a-NdzcTczo1C30mwaSrsdfCvqak.roa
File: a-NdzcTczo1C30mwaSrsdfCvqak.roa (raw, json)
Hash identifier: VGlvEYydqFCyZysOnMW47MqTho8ezB7MjGWj8+KDd9g=
Subject key identifier: 6B:E3:5D:CD:C4:DC:CE:8D:42:DF:49:B0:69:2A:EC:75:F0:AF:A9:A9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6D84
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/a-NdzcTczo1C30mwaSrsdfCvqak.roa
Signing time: Thu 19 Jun 2025 08:10:55 +0000
ROA not before: Thu 19 Jun 2025 08:10:55 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28036 (0x6d84)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 19 08:10:55 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=6BE35DCDC4DCCE8D42DF49B0692AEC75F0AFA9A9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:57:23:af:fc:ba:28:9a:0d:0d:6e:b4:c0:c6:
29:67:17:7a:ff:1a:98:7a:fd:4e:fb:49:e4:95:79:
18:ea:99:ce:06:b7:0b:ee:e5:4f:55:7d:61:3e:65:
29:90:38:94:46:16:64:f7:4f:f3:15:15:6b:fa:3f:
4d:a7:00:33:6e:37:75:17:a7:a8:e0:08:6d:d7:72:
58:6d:f0:8a:cf:ed:ad:b8:55:14:b1:32:b8:10:9d:
56:c9:09:63:5f:f2:71:ce:a2:33:7e:6c:ec:fd:47:
26:fd:8f:73:5c:5a:69:de:4a:ce:a9:cf:9e:0b:50:
54:2e:af:af:cb:8d:6e:11:0f:3d:61:4c:ec:18:37:
a7:2d:06:ad:2e:94:24:e5:f5:da:cc:93:31:de:01:
42:dc:3a:07:49:0c:6d:0d:78:81:19:14:d6:00:bc:
93:2b:0f:44:5c:81:58:ab:73:89:08:5e:fd:34:49:
a3:be:90:3d:d0:a1:ef:f1:8b:71:7e:7f:c9:5d:d0:
4b:3e:e2:eb:73:da:f1:c2:07:db:f3:bb:58:3c:84:
b8:ff:9c:45:98:ed:75:24:1d:dd:20:5f:01:4f:5a:
e4:c1:f4:ee:a4:20:7f:ef:f2:f0:cf:3b:5e:8f:86:
61:1b:19:77:b6:b0:4a:55:07:f3:91:2b:f9:37:79:
ac:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:E3:5D:CD:C4:DC:CE:8D:42:DF:49:B0:69:2A:EC:75:F0:AF:A9:A9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/a-NdzcTczo1C30mwaSrsdfCvqak.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
6a:c4:6f:c9:bd:17:a6:88:48:cc:33:73:11:f0:fc:0c:10:86:
91:7d:fe:56:5f:6b:d1:37:f5:18:53:a5:77:ff:20:b1:db:fc:
f6:4b:ad:bd:c2:7f:90:c7:4e:d4:fd:4a:6c:b3:34:85:f8:89:
a9:c5:1b:97:16:8f:da:31:69:1d:89:34:77:88:8e:12:79:cc:
46:05:12:d6:7a:39:b9:f7:28:b3:56:94:3b:ca:68:d0:f6:db:
3f:f0:f5:7f:c0:34:5a:71:ec:78:f7:d5:00:0a:f8:70:5a:19:
d2:a9:9c:6d:33:be:6a:16:99:53:d3:b6:cb:7f:7d:0f:63:d1:
15:1f:2e:e5:e1:d0:f8:e9:2f:91:b9:09:4f:04:2a:04:ae:22:
64:96:83:51:e6:a9:3a:4c:bf:7d:cb:b6:21:ad:a6:9b:cd:6e:
4f:24:49:25:c4:d1:aa:c5:4d:4c:4d:57:34:83:0a:b3:d0:9a:
f2:46:ce:d8:c3:28:b7:13:13:e6:07:6f:7e:a4:5f:57:93:c1:
08:65:10:3b:b4:76:96:d3:c2:6b:3b:77:a4:81:ec:a3:34:04:
2c:17:8e:38:91:e5:f9:e2:70:2d:55:3a:ea:c9:e7:8c:7e:32:
5b:77:2a:7c:9d:f8:98:cb:5f:d1:d6:ab:53:f6:77:18:b2:bd:
2b:30:50:53
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbYQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTkw
ODEwNTVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDZCRTM1RENEQzREQ0NF
OEQ0MkRGNDlCMDY5MkFFQzc1RjBBRkE5QTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDVyOv/Loomg0NbrTAxilnF3r/Gph6/U77SeSVeRjqmc4Gtwvu
5U9VfWE+ZSmQOJRGFmT3T/MVFWv6P02nADNuN3UXp6jgCG3Xclht8IrP7a24VRSx
MrgQnVbJCWNf8nHOojN+bOz9Ryb9j3NcWmneSs6pz54LUFQur6/LjW4RDz1hTOwY
N6ctBq0ulCTl9drMkzHeAULcOgdJDG0NeIEZFNYAvJMrD0RcgVirc4kIXv00SaO+
kD3Qoe/xi3F+f8ld0Es+4utz2vHCB9vzu1g8hLj/nEWY7XUkHd0gXwFPWuTB9O6k
IH/v8vDPO16PhmEbGXe2sEpVB/ORK/k3eazVAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUa+NdzcTczo1C30mwaSrsdfCvqakwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2EtTmR6Y1Rjem8xQzMw
bXdhU3JzZGZDdnFhay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBqxG/J
vRemiEjMM3MR8PwMEIaRff5WX2vRN/UYU6V3/yCx2/z2S629wn+Qx07U/UpsszSF
+ImpxRuXFo/aMWkdiTR3iI4SecxGBRLWejm59yizVpQ7ymjQ9ts/8PV/wDRacex4
99UACvhwWhnSqZxtM75qFplT07bLf30PY9EVHy7l4dD46S+RuQlPBCoEriJkloNR
5qk6TL99y7YhraabzW5PJEklxNGqxU1MTVc0gwqz0JryRs7Ywyi3ExPmB29+pF9X
k8EIZRA7tHaW08JrO3ekgeyjNAQsF444keX54nAtVTrqyeeMfjJbdyp8nfiYy1/R
1qtT9ncYsr0rMFBT
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:36:15 2025 by rpki-client