Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/m5d0qisgDFvT7dbEDc8aOB5-OL4.roa
File: m5d0qisgDFvT7dbEDc8aOB5-OL4.roa (raw, json)
Hash identifier: ajDefTg2o3YvvYRa+/1jUrwxGLwnrQc5pIFFaFNmQA0=
Subject key identifier: 9B:97:74:AA:2B:20:0C:5B:D3:ED:D6:C4:0D:CF:1A:38:1E:7E:38:BE
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 739C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/m5d0qisgDFvT7dbEDc8aOB5-OL4.roa
Signing time: Sat 05 Jul 2025 14:44:59 +0000
ROA not before: Sat 05 Jul 2025 14:44:59 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29596 (0x739c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 5 14:44:59 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=9B9774AA2B200C5BD3EDD6C40DCF1A381E7E38BE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:87:64:4f:e1:a1:ef:95:09:2a:79:37:ff:94:
a1:ff:19:f8:b2:1f:60:de:c0:04:f1:7d:53:ac:d3:
5f:58:04:89:85:d3:c8:dd:44:32:70:a5:79:78:8e:
23:04:87:2d:3f:65:00:cb:29:5e:6f:2c:05:59:d5:
45:76:ab:40:81:2c:23:00:55:3a:b5:21:04:6d:37:
b6:53:1b:9d:be:c2:f0:90:af:38:e9:73:07:24:24:
e6:a0:e7:d8:f1:ac:f6:ca:55:4e:7f:46:2e:2f:76:
c3:35:5e:2d:a1:c9:d2:56:e3:cd:7f:2c:c5:b8:0e:
b3:be:c1:e2:4c:0b:43:60:89:1f:17:e1:84:41:39:
b9:37:1c:e5:d8:f5:3c:60:d4:45:7e:08:bf:fb:25:
06:88:00:32:38:27:8b:2a:5a:41:c5:bf:97:32:ab:
87:b8:5b:9f:fd:f8:37:e0:e9:f5:5f:e7:9d:43:cd:
fa:75:d7:5e:90:aa:1a:64:69:00:38:27:f8:ed:74:
51:a0:48:ed:5c:ac:80:26:af:34:90:aa:6c:dd:91:
88:4b:3b:12:e2:36:36:63:6d:c4:fa:cf:8b:59:fb:
f8:f3:d1:85:8c:26:99:4c:d1:b1:47:df:5c:8a:15:
b1:d7:58:f2:d5:55:94:41:24:45:0b:9c:c9:69:03:
04:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:97:74:AA:2B:20:0C:5B:D3:ED:D6:C4:0D:CF:1A:38:1E:7E:38:BE
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/m5d0qisgDFvT7dbEDc8aOB5-OL4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
57:bb:43:38:fa:9b:f1:46:1d:0e:15:19:0f:83:2d:16:d2:49:
96:3d:bb:ac:da:9b:34:30:0f:27:a3:fc:61:11:c6:cb:9d:1b:
3b:82:e0:63:15:7e:d5:c7:f0:73:c8:17:39:50:c8:40:d7:e8:
7a:e7:11:7c:e9:50:82:1e:57:3b:87:c5:4d:2a:77:89:e5:23:
5a:14:85:71:f1:58:a9:fb:1b:3b:93:07:6e:fa:77:f4:0d:81:
0d:ac:7f:97:3e:9b:78:86:56:97:f3:37:49:97:aa:59:1a:3d:
4a:94:c9:61:1d:c2:23:15:25:5f:87:5a:ee:75:2b:2b:64:3b:
9a:df:95:dc:6e:28:d5:4c:29:c9:82:19:d4:e8:a8:4f:3a:9c:
20:39:24:c0:71:d5:c9:42:e6:99:61:cf:e6:00:4f:c7:bb:4d:
66:05:68:bb:5c:24:f5:3c:77:e4:47:11:1f:e6:b7:c8:3b:c7:
2b:68:c5:04:a0:c8:ec:47:6a:81:92:d7:fb:85:b6:52:29:8f:
8a:c2:78:57:5b:82:32:44:0f:b7:59:18:83:30:1d:73:eb:db:
3d:32:d9:93:46:a8:94:65:3c:f2:61:78:9d:9e:0b:9f:46:92:
23:dc:41:45:84:c8:43:f7:d7:d4:0c:0b:52:40:ce:39:fc:8c:
b9:b6:29:25
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICc5wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDUx
NDQ0NTlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDlCOTc3NEFBMkIyMDBD
NUJEM0VERDZDNDBEQ0YxQTM4MUU3RTM4QkUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDFh2RP4aHvlQkqeTf/lKH/GfiyH2DewATxfVOs019YBImF08jd
RDJwpXl4jiMEhy0/ZQDLKV5vLAVZ1UV2q0CBLCMAVTq1IQRtN7ZTG52+wvCQrzjp
cwckJOag59jxrPbKVU5/Ri4vdsM1Xi2hydJW481/LMW4DrO+weJMC0NgiR8X4YRB
Obk3HOXY9Txg1EV+CL/7JQaIADI4J4sqWkHFv5cyq4e4W5/9+Dfg6fVf551Dzfp1
116QqhpkaQA4J/jtdFGgSO1crIAmrzSQqmzdkYhLOxLiNjZjbcT6z4tZ+/jz0YWM
JplM0bFH31yKFbHXWPLVVZRBJEULnMlpAwSNAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUm5d0qisgDFvT7dbEDc8aOB5+OL4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L201ZDBxaXNnREZ2VDdk
YkVEYzhhT0I1LU9MNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBXu0M4
+pvxRh0OFRkPgy0W0kmWPbus2ps0MA8no/xhEcbLnRs7guBjFX7Vx/BzyBc5UMhA
1+h65xF86VCCHlc7h8VNKneJ5SNaFIVx8Vip+xs7kwdu+nf0DYENrH+XPpt4hlaX
8zdJl6pZGj1KlMlhHcIjFSVfh1rudSsrZDua35XcbijVTCnJghnU6KhPOpwgOSTA
cdXJQuaZYc/mAE/Hu01mBWi7XCT1PHfkRxEf5rfIO8craMUEoMjsR2qBktf7hbZS
KY+KwnhXW4IyRA+3WRiDMB1z69s9MtmTRqiUZTzyYXidngufRpIj3EFFhMhD99fU
DAtSQM45/Iy5tikl
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:34:02 2025 by rpki-client