Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/nv-8kQ9RxPvWmIkgWJGZT5v29ls.roa
File: nv-8kQ9RxPvWmIkgWJGZT5v29ls.roa (raw, json)
Hash identifier: ud+k1kE3NMltSjZKcO9Nm9n00CkHhd3rHPljEZgs2AQ=
Subject key identifier: 9E:FF:BC:91:0F:51:C4:FB:D6:98:89:20:58:91:99:4F:9B:F6:F6:5B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7534
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/nv-8kQ9RxPvWmIkgWJGZT5v29ls.roa
Signing time: Wed 09 Jul 2025 20:45:21 +0000
ROA not before: Wed 09 Jul 2025 20:45:21 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30004 (0x7534)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 9 20:45:21 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=9EFFBC910F51C4FBD69889205891994F9BF6F65B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:ad:9f:95:d5:04:1d:c1:f0:e2:bc:1b:37:af:
43:99:cb:20:31:9b:67:85:dc:bd:cf:f4:e6:bb:4b:
d9:18:1a:9b:45:7c:7a:67:4a:46:6f:51:5e:ec:b4:
4b:f9:ae:4f:6b:b0:35:78:eb:0d:c3:93:f8:bf:13:
b3:e0:86:61:00:7f:c0:cc:3a:c0:1b:de:7b:bd:90:
86:67:56:20:39:2d:c5:14:eb:65:80:0c:79:a6:31:
cf:e7:9e:38:60:93:69:2e:84:dc:9d:c0:4d:8e:66:
ea:6b:c7:db:00:30:a9:15:22:7e:06:3f:0a:c4:c7:
a6:7e:41:28:ac:ed:dc:79:4d:a2:0d:b6:4d:97:1a:
51:44:a8:88:39:2d:04:7d:67:d7:6a:c3:b1:f1:bf:
e9:59:70:6d:cf:aa:53:81:31:b5:f2:87:32:d3:fa:
72:e6:c6:d2:c1:e7:cb:41:5b:39:31:51:17:54:52:
75:ea:83:6a:69:8d:1e:97:1d:d5:94:08:68:0d:74:
23:e0:98:a3:f2:f6:42:47:6c:79:4b:7e:dd:1b:9b:
27:23:d0:42:8f:4d:21:39:a0:48:2c:44:3e:96:b3:
a0:06:66:f0:d5:2c:46:f6:de:6b:e2:98:c2:36:1e:
f2:d7:f2:0f:a1:6b:05:28:6f:d9:1d:f6:a5:a6:22:
99:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:FF:BC:91:0F:51:C4:FB:D6:98:89:20:58:91:99:4F:9B:F6:F6:5B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/nv-8kQ9RxPvWmIkgWJGZT5v29ls.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
3c:3a:77:45:a2:de:9b:cd:40:38:c1:58:04:67:33:62:9c:63:
f3:cb:15:5f:84:c7:a9:bf:1a:67:12:d9:da:ff:69:93:40:8c:
9c:5a:0f:2b:f5:1c:a1:31:11:df:1b:ee:33:a6:db:b5:f2:b4:
de:ce:2e:68:e6:f4:22:c3:69:e3:e1:b1:9d:71:76:82:62:30:
f3:20:6a:69:16:77:ab:16:8e:d4:66:01:aa:02:38:a7:d0:6d:
63:ed:f4:3c:01:68:93:98:8b:2e:ba:0c:89:40:63:42:11:22:
e6:62:5d:06:a5:5d:b8:d1:9e:ee:74:a0:7f:b4:8c:cc:75:b1:
70:56:11:cb:f5:b8:fb:bf:54:12:f3:9f:8d:dd:a8:9b:96:e6:
b7:60:67:12:fd:19:73:70:21:5e:4e:d8:6d:7a:ac:ee:6b:b4:
fe:09:c3:f9:24:6b:70:79:c2:30:7b:f7:64:6a:74:e6:03:ec:
79:89:8d:b1:43:e1:f6:65:60:91:06:05:8e:ed:1b:38:d4:25:
bc:59:d7:a3:09:de:1e:38:3e:06:fe:2d:ae:bd:ec:e1:ed:50:
3e:a2:3b:fa:59:2a:e4:f6:8d:68:88:f6:91:f0:b8:51:86:c5:
f7:4a:dd:1b:ce:8a:37:b5:71:d5:b8:ac:b6:dd:68:17:32:fc:
f6:53:d2:19
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdTQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDky
MDQ1MjFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDlFRkZCQzkxMEY1MUM0
RkJENjk4ODkyMDU4OTE5OTRGOUJGNkY2NUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDFrZ+V1QQdwfDivBs3r0OZyyAxm2eF3L3P9Oa7S9kYGptFfHpn
SkZvUV7stEv5rk9rsDV46w3Dk/i/E7PghmEAf8DMOsAb3nu9kIZnViA5LcUU62WA
DHmmMc/nnjhgk2kuhNydwE2OZuprx9sAMKkVIn4GPwrEx6Z+QSis7dx5TaINtk2X
GlFEqIg5LQR9Z9dqw7Hxv+lZcG3PqlOBMbXyhzLT+nLmxtLB58tBWzkxURdUUnXq
g2ppjR6XHdWUCGgNdCPgmKPy9kJHbHlLft0bmycj0EKPTSE5oEgsRD6Ws6AGZvDV
LEb23mvimMI2HvLX8g+hawUob9kd9qWmIplDAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUnv+8kQ9RxPvWmIkgWJGZT5v29lswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L252LThrUTlSeFB2V21J
a2dXSkdaVDV2Mjlscy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA8OndF
ot6bzUA4wVgEZzNinGPzyxVfhMepvxpnEtna/2mTQIycWg8r9RyhMRHfG+4zptu1
8rTezi5o5vQiw2nj4bGdcXaCYjDzIGppFnerFo7UZgGqAjin0G1j7fQ8AWiTmIsu
ugyJQGNCESLmYl0GpV240Z7udKB/tIzMdbFwVhHL9bj7v1QS85+N3aiblua3YGcS
/RlzcCFeTthteqzua7T+CcP5JGtwecIwe/dkanTmA+x5iY2xQ+H2ZWCRBgWO7Rs4
1CW8WdejCd4eOD4G/i2uvezh7VA+ojv6WSrk9o1oiPaR8LhRhsX3St0bzoo3tXHV
uKy23WgXMvz2U9IZ
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:52:21 2025 by rpki-client