Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/nzdMn-tTg4sQdBB3yFf3uAbP6Ws.roa
File: nzdMn-tTg4sQdBB3yFf3uAbP6Ws.roa (raw, json)
Hash identifier: z2JR4IM/FQDzjLudzFnKcJDvrYrSf0lvxt/iyfgVaXQ=
Subject key identifier: 9F:37:4C:9F:EB:53:83:8B:10:74:10:77:C8:57:F7:B8:06:CF:E9:6B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6CCA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/nzdMn-tTg4sQdBB3yFf3uAbP6Ws.roa
Signing time: Tue 17 Jun 2025 04:42:30 +0000
ROA not before: Tue 17 Jun 2025 04:42:30 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27850 (0x6cca)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 17 04:42:30 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=9F374C9FEB53838B10741077C857F7B806CFE96B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:3a:a6:16:db:3f:7c:dc:00:92:56:84:4c:e1:
aa:8b:01:9a:e2:4b:81:3a:81:f0:c9:92:a0:a5:3f:
65:b7:62:cf:83:59:94:32:33:35:1f:f3:9e:41:64:
95:8f:70:a4:49:98:de:49:b3:ca:98:b3:24:10:0f:
08:1d:0c:cc:d5:ea:4e:77:49:7d:49:d3:d6:be:6e:
40:d1:3d:0f:a4:f7:74:66:fe:92:92:be:51:99:c7:
79:fc:e2:34:94:7e:f4:bb:85:f4:4d:2c:56:e6:98:
e5:39:30:a3:7e:87:9a:cc:bf:a9:ab:0e:3b:7f:10:
af:50:42:52:2e:59:d1:57:63:f6:ff:e8:ce:ab:f5:
df:e2:81:d7:1e:97:1f:50:6b:4e:93:3c:f2:fd:0d:
4f:c7:75:54:89:d5:35:eb:ec:20:51:55:3d:19:d6:
e1:19:24:5c:87:59:00:a1:c3:db:94:db:59:85:6d:
c2:c6:86:a7:f3:bb:6f:07:fb:0d:e6:7c:f0:28:a3:
7b:fd:7b:ee:4d:23:35:7f:43:e7:c2:98:5a:3a:2a:
5c:84:f9:89:39:15:9c:bc:95:f4:50:1c:fb:89:e1:
a6:6b:6a:c7:aa:1e:60:5a:a8:64:0e:17:8b:92:70:
90:80:c0:1d:de:bb:60:c7:8d:f4:26:1e:c7:fa:5f:
bd:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:37:4C:9F:EB:53:83:8B:10:74:10:77:C8:57:F7:B8:06:CF:E9:6B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/nzdMn-tTg4sQdBB3yFf3uAbP6Ws.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
51:a3:60:b8:69:38:c6:9f:d7:ac:2f:a0:07:38:ee:39:07:be:
c9:64:e8:d3:20:c1:cf:a6:08:de:3c:c1:0b:77:dd:59:18:72:
68:cd:51:7b:b1:51:6c:16:a7:71:5d:fd:14:38:0a:47:5e:41:
d8:d1:75:4c:e1:de:7a:8c:17:82:23:db:41:1b:5f:95:b9:27:
5c:12:02:6b:ed:2a:b9:50:83:c5:3a:ea:7b:01:7e:c2:02:f2:
8f:00:a7:6e:22:e1:32:b3:84:6b:71:dc:21:54:4c:aa:88:01:
e0:7d:5d:d3:0c:b7:0e:8f:df:7f:2f:c2:5c:54:c9:45:31:f6:
69:31:3f:07:e5:7b:6d:7e:ef:ba:4e:13:f4:e5:1e:cc:e0:35:
51:a5:a9:ca:73:ea:8d:2f:a0:10:ca:f1:db:68:91:ad:cd:42:
45:be:3a:55:76:e9:c7:57:6a:cb:6e:e7:3a:bb:43:ec:eb:4e:
71:b7:7c:dc:a6:e4:a6:6d:07:7a:a9:9d:ed:1e:2e:23:fc:71:
55:c4:82:da:26:e9:21:5e:c2:67:18:bd:7d:ec:ec:45:d2:81:
c7:3f:0f:7b:8f:5b:f9:79:a3:20:be:6f:f1:6e:a3:54:4c:f1:
fd:70:e6:27:7f:a9:01:68:c1:0d:5d:68:e4:1a:83:02:6f:ee:
0c:21:49:87
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbMowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTcw
NDQyMzBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDlGMzc0QzlGRUI1Mzgz
OEIxMDc0MTA3N0M4NTdGN0I4MDZDRkU5NkIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC3OqYW2z983ACSVoRM4aqLAZriS4E6gfDJkqClP2W3Ys+DWZQy
MzUf855BZJWPcKRJmN5Js8qYsyQQDwgdDMzV6k53SX1J09a+bkDRPQ+k93Rm/pKS
vlGZx3n84jSUfvS7hfRNLFbmmOU5MKN+h5rMv6mrDjt/EK9QQlIuWdFXY/b/6M6r
9d/igdcelx9Qa06TPPL9DU/HdVSJ1TXr7CBRVT0Z1uEZJFyHWQChw9uU21mFbcLG
hqfzu28H+w3mfPAoo3v9e+5NIzV/Q+fCmFo6KlyE+Yk5FZy8lfRQHPuJ4aZraseq
HmBaqGQOF4uScJCAwB3eu2DHjfQmHsf6X72DAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUnzdMn+tTg4sQdBB3yFf3uAbP6WswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L256ZE1uLXRUZzRzUWRC
QjN5RmYzdUFiUDZXcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBRo2C4
aTjGn9esL6AHOO45B77JZOjTIMHPpgjePMELd91ZGHJozVF7sVFsFqdxXf0UOApH
XkHY0XVM4d56jBeCI9tBG1+VuSdcEgJr7Sq5UIPFOup7AX7CAvKPAKduIuEys4Rr
cdwhVEyqiAHgfV3TDLcOj99/L8JcVMlFMfZpMT8H5Xttfu+6ThP05R7M4DVRpanK
c+qNL6AQyvHbaJGtzUJFvjpVdunHV2rLbuc6u0Ps605xt3zcpuSmbQd6qZ3tHi4j
/HFVxILaJukhXsJnGL197OxF0oHHPw97j1v5eaMgvm/xbqNUTPH9cOYnf6kBaMEN
XWjkGoMCb+4MIUmH
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:51:18 2025 by rpki-client