Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/naiwCg_ZI04nhqIckpOuoe6eB9E.roa
File: naiwCg_ZI04nhqIckpOuoe6eB9E.roa (raw, json)
Hash identifier: 01QHkNI2eKZ4uNnmXsZbuZ1RwezimgdlOu6WQqfjnhc=
Subject key identifier: 9D:A8:B0:0A:0F:D9:23:4E:27:86:A2:1C:92:93:AE:A1:EE:9E:07:D1
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6FFE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/naiwCg_ZI04nhqIckpOuoe6eB9E.roa
Signing time: Wed 25 Jun 2025 23:14:38 +0000
ROA not before: Wed 25 Jun 2025 23:14:38 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28670 (0x6ffe)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 25 23:14:38 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=9DA8B00A0FD9234E2786A21C9293AEA1EE9E07D1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:b3:ac:8d:9f:86:39:8b:a6:b2:97:dc:58:d5:
0c:a7:09:7f:cd:d9:86:cc:66:1b:d3:9c:3e:73:57:
be:f2:8c:bd:e1:15:a9:ff:59:42:40:0f:19:7e:11:
52:0c:9c:ea:4f:56:f7:b2:71:56:35:0f:c9:94:b8:
f5:3f:6e:22:33:88:46:99:76:be:22:e3:9d:d7:c8:
e2:04:77:e0:1b:bf:1c:e8:15:b2:53:64:c1:44:13:
b2:78:67:7e:69:e0:95:85:53:8d:a0:fe:ef:49:40:
a5:74:8f:05:b4:66:19:6a:6f:19:1c:f2:5e:14:f2:
3d:38:a8:04:7c:e4:d4:bb:a0:b5:6e:6f:b7:a0:68:
74:41:12:90:1b:76:63:f1:55:2a:e1:f5:de:e6:4b:
fc:6c:cb:27:c9:42:7f:59:6b:94:48:5b:5f:0d:33:
33:f3:c2:4b:a0:e5:e4:b6:0c:48:86:02:88:8c:47:
62:c1:8c:24:3b:5d:7b:08:76:32:06:fb:04:e9:30:
9d:6a:f5:c0:cf:8e:f2:82:e1:4f:63:55:7a:c0:4c:
4c:a9:2b:2c:88:c8:1e:2a:cb:c4:06:2c:9b:06:da:
30:03:a3:9e:a9:d2:bb:02:97:55:21:c3:68:9d:70:
96:ae:1f:e4:72:e2:31:90:69:4c:53:02:da:2f:b4:
86:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:A8:B0:0A:0F:D9:23:4E:27:86:A2:1C:92:93:AE:A1:EE:9E:07:D1
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/naiwCg_ZI04nhqIckpOuoe6eB9E.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
80:79:08:e7:be:53:88:c1:0d:9d:97:dd:8f:68:59:2d:81:2b:
8b:74:e6:88:c1:0b:f6:19:09:43:04:74:8e:d9:3f:0c:29:71:
71:10:a8:61:2c:12:2f:09:01:84:71:95:de:c3:ad:17:79:d9:
ff:28:01:40:81:e7:02:2a:e9:d9:69:60:03:e7:66:d1:69:8a:
91:52:eb:bc:f2:3f:84:d0:74:7e:42:3a:8a:f8:66:9f:7c:47:
d5:7b:89:a3:e6:61:63:96:c7:b0:85:80:60:ec:34:d5:21:bc:
a2:71:9e:fe:df:6a:4d:b1:be:2b:54:9a:91:88:51:bb:d3:85:
88:ed:28:eb:b9:92:79:a7:c5:13:c2:ae:e8:c9:bf:f3:f5:13:
fe:3f:11:78:83:04:fc:17:47:8c:89:d6:e1:6e:58:44:c7:94:
7a:52:72:01:df:8d:77:3d:97:cd:d9:ea:16:e0:5d:16:69:ff:
3e:83:39:dc:9c:8e:59:61:5a:45:c3:cf:0b:66:64:8c:09:52:
c8:8b:1f:cb:68:18:97:fd:c4:f5:27:c6:93:63:95:7c:b7:2b:
a4:3d:c4:2d:88:9c:ca:13:0b:89:91:22:2a:2b:68:de:10:5a:
67:d6:56:e3:ab:fb:9d:8f:2c:83:25:7f:51:e8:8c:54:f9:b6:
f9:2a:86:c4
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICb/4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjUy
MzE0MzhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDlEQThCMDBBMEZEOTIz
NEUyNzg2QTIxQzkyOTNBRUExRUU5RTA3RDEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDPs6yNn4Y5i6ayl9xY1QynCX/N2YbMZhvTnD5zV77yjL3hFan/
WUJADxl+EVIMnOpPVveycVY1D8mUuPU/biIziEaZdr4i453XyOIEd+AbvxzoFbJT
ZMFEE7J4Z35p4JWFU42g/u9JQKV0jwW0Zhlqbxkc8l4U8j04qAR85NS7oLVub7eg
aHRBEpAbdmPxVSrh9d7mS/xsyyfJQn9Za5RIW18NMzPzwkug5eS2DEiGAoiMR2LB
jCQ7XXsIdjIG+wTpMJ1q9cDPjvKC4U9jVXrATEypKyyIyB4qy8QGLJsG2jADo56p
0rsCl1Uhw2idcJauH+Ry4jGQaUxTAtovtIa1AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUnaiwCg/ZI04nhqIckpOuoe6eB9EwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L25haXdDZ19aSTA0bmhx
SWNrcE91b2U2ZUI5RS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCAeQjn
vlOIwQ2dl92PaFktgSuLdOaIwQv2GQlDBHSO2T8MKXFxEKhhLBIvCQGEcZXew60X
edn/KAFAgecCKunZaWAD52bRaYqRUuu88j+E0HR+QjqK+GaffEfVe4mj5mFjlsew
hYBg7DTVIbyicZ7+32pNsb4rVJqRiFG704WI7SjruZJ5p8UTwq7oyb/z9RP+PxF4
gwT8F0eMidbhblhEx5R6UnIB3413PZfN2eoW4F0Waf8+gzncnI5ZYVpFw88LZmSM
CVLIix/LaBiX/cT1J8aTY5V8tyukPcQtiJzKEwuJkSIqK2jeEFpn1lbjq/udjyyD
JX9R6IxU+bb5KobE
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:40:01 2025 by rpki-client