Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/x_npV7cEivXeQlN9bqTFCK4ymvE.roa
File: x_npV7cEivXeQlN9bqTFCK4ymvE.roa (raw, json)
Hash identifier: 1KEkoWygfntEa8Y9/JoUp+Q5BxtQFdY6VWzUbeCw0lM=
Subject key identifier: C7:F9:E9:57:B7:04:8A:F5:DE:42:53:7D:6E:A4:C5:08:AE:32:9A:F1
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 61EC
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/x_npV7cEivXeQlN9bqTFCK4ymvE.roa
Signing time: Mon 19 May 2025 05:10:47 +0000
ROA not before: Mon 19 May 2025 05:10:47 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25068 (0x61ec)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 19 05:10:47 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=C7F9E957B7048AF5DE42537D6EA4C508AE329AF1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:8a:29:c1:77:f9:aa:41:44:c8:ec:a4:f9:44:
7a:74:dd:bb:0f:9f:b4:b7:fa:6e:53:d3:63:c2:fc:
56:a8:31:53:9b:ee:5a:93:d8:f4:c6:1b:5a:25:19:
77:7c:0d:58:b2:ed:9b:f1:b7:a9:00:03:23:25:6d:
88:c4:e0:f6:2d:8c:c7:51:4d:5a:86:7d:f6:ad:40:
b7:36:38:6a:b4:e3:1e:20:5f:3c:d1:b8:36:7b:bd:
ef:07:92:e8:01:ec:de:ad:8f:64:22:67:95:c2:19:
af:c3:c3:e5:0d:6a:d0:98:4a:a0:7b:7c:72:b0:56:
c0:ac:86:a6:9c:44:f7:7c:07:de:b7:5c:55:2f:eb:
dd:32:d5:84:a2:b7:55:74:bb:d0:ef:5c:2b:2e:a3:
99:9a:5d:ad:c5:f6:97:db:90:4c:b5:8a:a2:16:e4:
b4:9c:d4:fa:6a:bd:47:5b:bb:24:7a:5d:48:f7:5e:
8b:c6:a1:bc:ca:c6:bc:3c:39:0b:a4:9f:d9:3f:23:
22:79:3b:86:b0:8b:2c:4b:be:d7:6d:04:c6:6d:ed:
1e:ba:82:14:67:f8:e1:c6:bc:14:9f:46:fe:e7:7d:
93:cd:40:49:98:0b:95:6e:0a:01:8c:d9:f1:f6:b4:
e0:19:11:56:1c:f7:43:d5:b9:51:e7:f5:90:c9:d2:
85:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:F9:E9:57:B7:04:8A:F5:DE:42:53:7D:6E:A4:C5:08:AE:32:9A:F1
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/x_npV7cEivXeQlN9bqTFCK4ymvE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
bc:76:ed:c4:ac:a3:1d:22:18:54:02:ed:21:0a:f9:c4:b9:c5:
e5:74:21:b5:27:62:c3:60:8f:1f:fc:f8:3a:2e:4e:bf:21:ea:
72:fa:21:5a:c8:8f:58:30:9b:3b:89:3c:08:79:75:fc:1d:b0:
56:0f:2e:41:43:9e:ec:9f:56:ac:88:35:67:9b:3e:0f:b1:79:
7e:c5:10:9e:49:31:1a:e8:71:04:dc:90:24:ff:75:69:94:bb:
7e:3e:c8:47:e0:31:ff:3b:f6:1e:3c:b5:78:d2:4c:33:19:74:
12:ca:5b:20:13:6a:18:3d:bc:cd:ea:f4:62:41:57:05:57:f1:
2a:d7:6f:f8:de:3d:6c:e5:54:25:f4:11:a7:b8:10:3e:7a:83:
54:c6:6a:72:ed:31:ed:28:97:3b:10:45:03:ac:39:96:ab:c2:
e4:99:2b:f1:54:59:5b:59:b8:31:30:64:e4:22:a5:3e:db:3d:
bc:ae:c8:5d:b2:d3:a0:51:a4:04:ba:1c:ad:93:d8:1d:70:7b:
cb:89:8f:c2:4f:f2:95:22:05:37:11:0e:58:e1:10:f4:ca:2f:
a9:19:dd:b4:65:7d:06:cb:53:4f:2a:d8:7c:15:5d:41:e6:0a:
9d:ac:d1:0e:f8:4e:1d:18:87:d3:5b:fb:16:ea:e0:7c:6b:09:
bb:80:1c:65
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYewwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTkw
NTEwNDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEM3RjlFOTU3QjcwNDhB
RjVERTQyNTM3RDZFQTRDNTA4QUUzMjlBRjEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDViinBd/mqQUTI7KT5RHp03bsPn7S3+m5T02PC/FaoMVOb7lqT
2PTGG1olGXd8DViy7Zvxt6kAAyMlbYjE4PYtjMdRTVqGffatQLc2OGq04x4gXzzR
uDZ7ve8HkugB7N6tj2QiZ5XCGa/Dw+UNatCYSqB7fHKwVsCshqacRPd8B963XFUv
690y1YSit1V0u9DvXCsuo5maXa3F9pfbkEy1iqIW5LSc1PpqvUdbuyR6XUj3XovG
obzKxrw8OQukn9k/IyJ5O4awiyxLvtdtBMZt7R66ghRn+OHGvBSfRv7nfZPNQEmY
C5VuCgGM2fH2tOAZEVYc90PVuVHn9ZDJ0oWzAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUx/npV7cEivXeQlN9bqTFCK4ymvEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3hfbnBWN2NFaXZYZVFs
TjlicVRGQ0s0eW12RS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQC8du3E
rKMdIhhUAu0hCvnEucXldCG1J2LDYI8f/Pg6Lk6/Iepy+iFayI9YMJs7iTwIeXX8
HbBWDy5BQ57sn1asiDVnmz4PsXl+xRCeSTEa6HEE3JAk/3VplLt+PshH4DH/O/Ye
PLV40kwzGXQSylsgE2oYPbzN6vRiQVcFV/Eq12/43j1s5VQl9BGnuBA+eoNUxmpy
7THtKJc7EEUDrDmWq8LkmSvxVFlbWbgxMGTkIqU+2z28rshdstOgUaQEuhytk9gd
cHvLiY/CT/KVIgU3EQ5Y4RD0yi+pGd20ZX0Gy1NPKth8FV1B5gqdrNEO+E4dGIfT
W/sW6uB8awm7gBxl
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:12:19 2025 by rpki-client