Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/nPP-fhNyngkQVwKsPU0gz5PDdeA.roa
File: nPP-fhNyngkQVwKsPU0gz5PDdeA.roa (raw, json)
Hash identifier: De36ZhSSlUXmE6kXegMNixlXTdFEpOqgHS6gT44v7Bg=
Subject key identifier: 9C:F3:FE:7E:13:72:9E:09:10:57:02:AC:3D:4D:20:CF:93:C3:75:E0
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 75A8
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/nPP-fhNyngkQVwKsPU0gz5PDdeA.roa
Signing time: Fri 11 Jul 2025 01:45:07 +0000
ROA not before: Fri 11 Jul 2025 01:45:07 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30120 (0x75a8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 11 01:45:07 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=9CF3FE7E13729E09105702AC3D4D20CF93C375E0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:6d:00:6e:95:02:40:05:14:05:c4:bb:d7:e4:
ad:1d:15:f0:1a:1d:bc:a3:25:17:a7:4f:34:d1:ad:
7a:96:9c:c0:59:a3:25:d6:db:b9:8b:4f:f6:9b:31:
ef:c8:42:86:0c:73:70:f6:c4:a8:b9:59:59:87:4c:
e5:4d:1d:72:9c:c0:9f:db:e4:72:75:b2:5b:92:1d:
13:53:30:f2:fe:e0:76:38:6d:a2:7e:4b:9d:85:7d:
5f:90:39:a9:3e:43:d3:35:bb:8c:5a:74:f6:75:3f:
0b:cb:28:5b:60:ac:a7:de:0e:f4:4f:25:64:9a:ef:
ec:18:0f:45:75:ab:a8:18:3e:21:38:08:bc:8f:c8:
f0:9c:17:5d:04:59:bb:1e:a7:1b:41:ef:16:8c:b6:
bd:5c:a9:19:53:5a:81:f6:45:a1:62:60:23:11:80:
0f:c2:a7:d0:bf:c6:1f:ff:30:e5:02:72:16:89:4e:
81:8c:d8:e2:7d:be:39:a7:f3:e4:76:ad:8d:23:8b:
dc:c3:ad:e2:1c:8c:2a:9e:64:00:90:18:33:49:48:
6e:38:5e:30:83:26:d5:64:e9:fd:79:16:cb:ac:c1:
6d:54:df:f1:e0:d0:61:86:84:d6:c5:32:1d:0b:13:
51:f4:1e:ea:0e:85:07:a6:ad:96:5e:4a:29:66:74:
be:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:F3:FE:7E:13:72:9E:09:10:57:02:AC:3D:4D:20:CF:93:C3:75:E0
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/nPP-fhNyngkQVwKsPU0gz5PDdeA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
1f:7c:de:48:c1:00:91:ce:2b:a9:db:b9:84:90:ae:56:f7:ad:
06:9e:1d:8c:b0:0c:b2:2c:68:8a:b4:aa:5d:25:22:6e:a6:14:
80:7a:28:c6:c3:f4:7a:e2:61:fe:56:76:5c:d1:3d:02:c7:cd:
3a:e7:69:d0:ca:dd:8b:ba:43:60:54:29:d9:4e:86:2a:6a:50:
7e:97:06:2a:85:49:14:d4:31:13:a4:fe:fb:91:8a:db:5f:78:
f1:94:bf:be:cf:81:07:07:76:84:81:d6:ff:72:91:9e:3c:9e:
87:3f:87:9f:f2:87:ef:ca:42:e3:4a:71:2b:13:c3:fa:4d:3e:
7e:3b:84:01:d4:c4:62:30:86:1d:0c:8d:8c:2c:f1:93:bf:dc:
21:67:ab:44:7d:db:0f:16:34:ae:66:b8:2c:76:13:72:f4:b9:
c0:cd:42:67:fb:d5:2a:fb:81:63:b1:af:bc:91:85:98:d6:55:
03:6e:63:2f:37:65:4c:2c:60:41:21:ee:49:f2:37:37:0b:17:
45:f3:57:0f:fa:65:42:71:91:dd:c3:5b:98:f8:31:a0:9c:01:
55:25:27:06:5f:15:d7:45:8b:c4:f3:8b:5c:34:bb:bc:df:6f:
e0:85:fa:60:5b:51:c0:06:58:54:5b:0b:2c:0b:74:8a:55:7d:
55:24:9f:8f
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdagwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTEw
MTQ1MDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDlDRjNGRTdFMTM3MjlF
MDkxMDU3MDJBQzNENEQyMENGOTNDMzc1RTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCVbQBulQJABRQFxLvX5K0dFfAaHbyjJRenTzTRrXqWnMBZoyXW
27mLT/abMe/IQoYMc3D2xKi5WVmHTOVNHXKcwJ/b5HJ1sluSHRNTMPL+4HY4baJ+
S52FfV+QOak+Q9M1u4xadPZ1PwvLKFtgrKfeDvRPJWSa7+wYD0V1q6gYPiE4CLyP
yPCcF10EWbsepxtB7xaMtr1cqRlTWoH2RaFiYCMRgA/Cp9C/xh//MOUCchaJToGM
2OJ9vjmn8+R2rY0ji9zDreIcjCqeZACQGDNJSG44XjCDJtVk6f15FsuswW1U3/Hg
0GGGhNbFMh0LE1H0HuoOhQemrZZeSilmdL7RAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUnPP+fhNyngkQVwKsPU0gz5PDdeAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L25QUC1maE55bmdrUVZ3
S3NQVTBnejVQRGRlQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAffN5I
wQCRziup27mEkK5W960Gnh2MsAyyLGiKtKpdJSJuphSAeijGw/R64mH+VnZc0T0C
x80652nQyt2LukNgVCnZToYqalB+lwYqhUkU1DETpP77kYrbX3jxlL++z4EHB3aE
gdb/cpGePJ6HP4ef8ofvykLjSnErE8P6TT5+O4QB1MRiMIYdDI2MLPGTv9whZ6tE
fdsPFjSuZrgsdhNy9LnAzUJn+9Uq+4Fjsa+8kYWY1lUDbmMvN2VMLGBBIe5J8jc3
CxdF81cP+mVCcZHdw1uY+DGgnAFVJScGXxXXRYvE84tcNLu832/ghfpgW1HABlhU
WwssC3SKVX1VJJ+P
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:49:49 2025 by rpki-client