Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/m1fxhT1tsgtETNJUn9eoVeBIQuI.roa
File: m1fxhT1tsgtETNJUn9eoVeBIQuI.roa (raw, json)
Hash identifier: jUUgeFjzn37vrKs65x5A26BkS5AqK76T5VvA6+fx2OM=
Subject key identifier: 9B:57:F1:85:3D:6D:B2:0B:44:4C:D2:54:9F:D7:A8:55:E0:48:42:E2
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6F08
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/m1fxhT1tsgtETNJUn9eoVeBIQuI.roa
Signing time: Mon 23 Jun 2025 15:44:17 +0000
ROA not before: Mon 23 Jun 2025 15:44:17 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28424 (0x6f08)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 23 15:44:17 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=9B57F1853D6DB20B444CD2549FD7A855E04842E2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:3f:36:a4:24:b9:91:bd:2d:5d:c1:2b:40:32:
c0:cb:94:a1:aa:ad:cb:2b:d4:bd:53:4d:cf:db:01:
59:b0:36:62:1a:24:9f:5c:81:61:e2:be:cf:f2:48:
16:86:5c:76:43:19:83:29:c3:91:28:a8:2c:48:9c:
b3:16:9b:dc:df:b8:4f:52:a1:af:31:6a:18:5e:67:
6a:85:de:60:1d:a3:0e:6d:5d:c5:98:cf:ee:9f:7c:
29:4c:c8:d0:5a:95:47:a2:95:43:7e:d3:1f:7c:15:
aa:eb:86:b3:37:91:45:6e:60:e1:d1:d1:05:93:17:
22:a2:43:05:ba:76:38:37:11:b2:38:ba:b4:f3:d8:
e0:a5:41:7c:e7:41:f1:84:7e:30:30:ec:64:b4:ec:
61:07:97:78:7b:d9:61:5a:6f:b8:ab:b1:44:f7:ae:
7b:07:6c:eb:fa:f7:6e:84:34:a4:48:2b:fd:c5:00:
b0:57:af:0e:dc:ff:af:08:96:48:d8:ff:ba:4c:12:
86:89:67:3d:93:aa:b5:2e:f8:43:b0:c2:35:a0:85:
de:2f:b5:2d:27:5e:48:1d:67:01:2d:d7:40:c1:9c:
4c:87:a6:c7:a4:9f:55:64:da:46:5e:1a:f9:9b:06:
33:4c:28:cf:f1:06:10:45:24:a4:b8:1e:79:c3:12:
79:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:57:F1:85:3D:6D:B2:0B:44:4C:D2:54:9F:D7:A8:55:E0:48:42:E2
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/m1fxhT1tsgtETNJUn9eoVeBIQuI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
5f:6e:4f:3b:ec:f5:a9:fe:65:7c:35:97:37:9f:42:b3:45:8f:
f4:a3:96:de:ac:0f:92:d6:3b:19:54:cf:ad:70:c2:60:d5:de:
c5:78:cf:e3:88:bf:26:63:be:25:aa:03:52:68:8a:39:2b:46:
50:7d:29:6d:fd:cd:e9:68:82:f2:da:65:6f:91:9b:f1:a7:c6:
8a:d6:fd:5e:94:45:94:96:58:97:31:cc:f7:52:06:6b:cf:6e:
bc:0f:56:cc:e2:c4:dd:02:99:cf:41:1b:30:e8:aa:5a:dd:ab:
7e:93:a6:d0:23:bd:e9:b1:c1:1b:27:75:d7:81:5e:1f:a9:0d:
84:58:03:94:ec:68:10:d5:69:7d:a3:ae:88:b3:5c:15:d7:67:
45:b7:41:54:72:64:31:a6:a2:f1:91:ab:43:04:6a:aa:59:e1:
f7:cf:1c:70:fb:98:7a:ec:d4:2f:c5:8f:d0:19:7c:44:9c:91:
f0:26:47:04:a8:41:02:37:46:a3:80:0c:50:66:c8:9a:3d:17:
c7:d8:17:e8:bf:c0:9d:f2:e4:7a:08:e5:0b:47:be:b5:ba:44:
71:e1:22:66:17:0a:86:9c:40:96:57:80:db:13:c8:a8:bb:55:
0a:ee:45:64:33:c0:24:7f:3a:bc:c4:eb:17:32:dd:08:f8:b0:
15:8e:ab:b4
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbwgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjMx
NTQ0MTdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDlCNTdGMTg1M0Q2REIy
MEI0NDRDRDI1NDlGRDdBODU1RTA0ODQyRTIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDIPzakJLmRvS1dwStAMsDLlKGqrcsr1L1TTc/bAVmwNmIaJJ9c
gWHivs/ySBaGXHZDGYMpw5EoqCxInLMWm9zfuE9Soa8xahheZ2qF3mAdow5tXcWY
z+6ffClMyNBalUeilUN+0x98FarrhrM3kUVuYOHR0QWTFyKiQwW6djg3EbI4urTz
2OClQXznQfGEfjAw7GS07GEHl3h72WFab7irsUT3rnsHbOv6926ENKRIK/3FALBX
rw7c/68IlkjY/7pMEoaJZz2TqrUu+EOwwjWghd4vtS0nXkgdZwEt10DBnEyHpsek
n1Vk2kZeGvmbBjNMKM/xBhBFJKS4HnnDEnkBAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUm1fxhT1tsgtETNJUn9eoVeBIQuIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L20xZnhoVDF0c2d0RVRO
SlVuOWVvVmVCSVF1SS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBfbk87
7PWp/mV8NZc3n0KzRY/0o5berA+S1jsZVM+tcMJg1d7FeM/jiL8mY74lqgNSaIo5
K0ZQfSlt/c3paILy2mVvkZvxp8aK1v1elEWUlliXMcz3UgZrz268D1bM4sTdApnP
QRsw6Kpa3at+k6bQI73pscEbJ3XXgV4fqQ2EWAOU7GgQ1Wl9o66Is1wV12dFt0FU
cmQxpqLxkatDBGqqWeH3zxxw+5h67NQvxY/QGXxEnJHwJkcEqEECN0ajgAxQZsia
PRfH2Bfov8Cd8uR6COULR761ukRx4SJmFwqGnECWV4DbE8iou1UK7kVkM8Akfzq8
xOsXMt0I+LAVjqu0
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:40:18 2025 by rpki-client