Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/wMS-id1IyqXmeQDW4xUQ8Q1mHNI.roa
File: wMS-id1IyqXmeQDW4xUQ8Q1mHNI.roa (raw, json)
Hash identifier: adjrbQzQj9OVNz61PUYpTe3CV0z2I69S8e3ut9TiWQ0=
Subject key identifier: C0:C4:BE:89:DD:48:CA:A5:E6:79:00:D6:E3:15:10:F1:0D:66:1C:D2
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6D18
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/wMS-id1IyqXmeQDW4xUQ8Q1mHNI.roa
Signing time: Wed 18 Jun 2025 00:12:23 +0000
ROA not before: Wed 18 Jun 2025 00:12:23 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27928 (0x6d18)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 18 00:12:23 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=C0C4BE89DD48CAA5E67900D6E31510F10D661CD2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:22:98:0f:26:f4:2b:f0:ee:63:d7:15:2b:b4:
b6:6c:b7:12:5f:df:f7:94:fe:1b:17:76:e7:b3:4d:
03:fb:a8:68:93:91:e5:a5:63:91:7b:3c:e3:ba:94:
a1:2a:0b:75:07:9b:bc:ca:8e:f0:6e:4d:f4:f2:87:
4e:20:62:a0:46:17:1e:d6:94:71:12:5c:30:a7:c4:
9f:b3:7d:15:3a:f2:8d:59:05:0b:77:2f:22:01:8d:
28:35:85:90:7f:cb:fc:04:e9:18:d6:a8:eb:e8:84:
5e:89:c2:16:ca:09:22:ac:0d:2e:d0:63:60:a7:3d:
c2:8c:67:87:c3:08:09:98:60:01:4c:dc:ff:6b:f1:
b0:68:f7:40:d3:0c:34:6e:5e:00:cd:0a:f1:9c:00:
95:fe:ff:87:c4:80:44:a8:fb:39:a1:4d:5a:47:9e:
68:b0:f5:44:f5:88:c5:33:a5:3e:13:45:4e:ba:a7:
f2:de:b7:37:87:b3:6e:e1:42:d8:e5:f6:90:15:17:
f6:c3:e6:52:6b:cb:ea:3f:5c:b2:3b:cf:a4:b2:77:
ab:9b:92:a1:56:fa:7d:f6:94:e2:bf:db:37:ae:90:
3e:93:0c:49:79:49:58:7e:a6:0f:ca:bc:21:86:1d:
25:dd:61:ca:79:03:d8:9e:1f:83:06:3e:fc:2c:a0:
ae:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C0:C4:BE:89:DD:48:CA:A5:E6:79:00:D6:E3:15:10:F1:0D:66:1C:D2
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/wMS-id1IyqXmeQDW4xUQ8Q1mHNI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
75:76:79:7b:e2:b7:50:a6:35:00:6a:f0:e8:a8:2e:48:55:16:
f6:89:b2:14:c3:16:e6:35:80:da:7d:15:a6:e9:ec:fa:0f:6a:
91:c4:15:e5:3b:cc:ee:90:38:2d:36:e8:fc:d5:52:18:82:a2:
b9:e6:23:d2:2f:ee:65:76:9a:9b:25:b7:da:76:aa:c5:05:a9:
39:d4:e9:5d:29:cd:42:d0:c4:e7:a1:45:d2:e7:07:4b:80:2c:
8b:61:78:d3:e1:65:ce:09:62:08:90:8d:f5:a9:d2:61:4b:37:
66:ae:2f:d0:02:e0:e7:2c:4c:ba:5a:e5:ac:ae:b4:ab:ff:5f:
45:01:f1:26:08:e8:bc:ad:97:db:a8:ed:d7:fc:16:b6:23:4b:
db:0d:b6:ce:34:34:14:db:b0:6e:9e:e0:22:0c:3f:69:ce:8d:
47:e5:8f:a4:93:de:5a:05:b1:ce:e9:78:c9:9d:c5:fc:af:c7:
ab:2b:f6:2a:1f:39:65:83:c2:d8:bd:31:77:b2:8c:5f:b6:14:
0d:41:e2:92:66:1f:68:11:1c:96:d5:79:7b:d6:6c:f9:44:6e:
f4:e2:19:e8:c0:30:9b:e4:f6:b6:c9:16:81:45:35:65:65:73:
66:cf:3c:82:ff:60:e0:1e:3f:ff:f6:86:ea:0a:5b:0d:ea:5d:
8f:e8:53:d4
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbRgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTgw
MDEyMjNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEMwQzRCRTg5REQ0OENB
QTVFNjc5MDBENkUzMTUxMEYxMEQ2NjFDRDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC2IpgPJvQr8O5j1xUrtLZstxJf3/eU/hsXduezTQP7qGiTkeWl
Y5F7POO6lKEqC3UHm7zKjvBuTfTyh04gYqBGFx7WlHESXDCnxJ+zfRU68o1ZBQt3
LyIBjSg1hZB/y/wE6RjWqOvohF6JwhbKCSKsDS7QY2CnPcKMZ4fDCAmYYAFM3P9r
8bBo90DTDDRuXgDNCvGcAJX+/4fEgESo+zmhTVpHnmiw9UT1iMUzpT4TRU66p/Le
tzeHs27hQtjl9pAVF/bD5lJry+o/XLI7z6Syd6ubkqFW+n32lOK/2zeukD6TDEl5
SVh+pg/KvCGGHSXdYcp5A9ieH4MGPvwsoK4RAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUwMS+id1IyqXmeQDW4xUQ8Q1mHNIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3dNUy1pZDFJeXFYbWVR
RFc0eFVROFExbUhOSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB1dnl7
4rdQpjUAavDoqC5IVRb2ibIUwxbmNYDafRWm6ez6D2qRxBXlO8zukDgtNuj81VIY
gqK55iPSL+5ldpqbJbfadqrFBak51OldKc1C0MTnoUXS5wdLgCyLYXjT4WXOCWII
kI31qdJhSzdmri/QAuDnLEy6WuWsrrSr/19FAfEmCOi8rZfbqO3X/Ba2I0vbDbbO
NDQU27BunuAiDD9pzo1H5Y+kk95aBbHO6XjJncX8r8erK/YqHzllg8LYvTF3soxf
thQNQeKSZh9oERyW1Xl71mz5RG704hnowDCb5Pa2yRaBRTVlZXNmzzyC/2DgHj//
9obqClsN6l2P6FPU
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:41:55 2025 by rpki-client