Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/MLgfg5l9uI2D0aRt7q9ZMz1MzM0.roa
File: MLgfg5l9uI2D0aRt7q9ZMz1MzM0.roa (raw, json)
Hash identifier: 83xSncPE8fLISg+F+4wmGHlzpbQko1NhQ62GrutDZ44=
Subject key identifier: 30:B8:1F:83:99:7D:B8:8D:83:D1:A4:6D:EE:AF:59:33:3D:4C:CC:CD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6030
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MLgfg5l9uI2D0aRt7q9ZMz1MzM0.roa
Signing time: Wed 14 May 2025 14:10:25 +0000
ROA not before: Wed 14 May 2025 14:10:25 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24624 (0x6030)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 14 14:10:25 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=30B81F83997DB88D83D1A46DEEAF59333D4CCCCD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:50:04:fa:6a:4c:2c:89:c0:d1:ad:1e:2e:b9:
d3:61:ce:95:2e:9a:5e:6a:5c:21:d2:53:b3:b3:b8:
b4:ae:cd:aa:51:a6:df:b6:63:a2:20:f1:ee:fd:3d:
b9:f4:4d:ed:19:17:37:db:25:0c:68:ce:f1:2a:e7:
27:ae:70:75:42:e5:71:12:9c:86:58:e8:72:ac:e8:
4e:0e:2c:ba:84:38:3f:c2:e8:85:e5:e8:07:c4:10:
1d:98:06:b8:30:76:85:63:82:a6:74:4d:57:57:d2:
ae:d1:6c:6f:6c:c2:ee:94:65:fd:de:80:bb:72:85:
34:81:d3:5e:77:ab:bb:f2:e9:a2:89:d2:8b:c0:bf:
ec:27:c0:4c:e4:f4:ce:2b:95:f3:04:f4:61:fa:2e:
9c:1f:67:7e:20:8d:46:2c:25:96:4c:6e:ee:e3:4c:
0e:03:1c:e7:7e:7f:e9:c7:cc:34:0d:af:2d:b2:cf:
d0:b7:bc:f5:e3:0c:d4:b9:6a:5a:0a:65:15:ae:8c:
39:a7:f6:3b:fe:95:42:b9:8c:7a:a8:06:6c:59:0f:
e9:64:f0:3c:68:51:71:8d:1b:28:4f:17:af:db:3e:
b3:f0:e1:07:2a:7c:42:0f:ad:3b:01:df:db:fc:79:
65:db:c4:a0:4e:19:4c:f7:1f:73:bb:2f:7b:08:f0:
b0:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:B8:1F:83:99:7D:B8:8D:83:D1:A4:6D:EE:AF:59:33:3D:4C:CC:CD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MLgfg5l9uI2D0aRt7q9ZMz1MzM0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
04:b5:e2:7c:9a:fd:c7:66:47:c8:dd:fe:f8:d9:9b:84:65:48:
0d:19:8a:ad:60:c4:18:4a:75:c9:0a:80:8a:11:0e:3f:e4:f0:
51:f7:cd:05:11:03:1a:f1:df:47:83:25:06:73:5d:2b:2d:43:
8e:0b:d2:a7:42:46:21:e9:d0:d4:3b:8b:ad:a8:0e:79:59:d9:
9d:ba:86:a6:56:7b:b1:6f:c2:d0:15:d1:f3:99:93:fc:51:23:
cd:13:8c:85:b2:03:f8:32:ca:b9:65:71:c2:ae:91:34:e2:ec:
32:67:c4:01:1c:9a:5c:a8:97:62:b2:7a:8b:a7:ec:35:f0:8e:
69:63:4b:34:29:0a:9d:a8:ad:09:ad:41:3c:63:c2:8c:91:ae:
fc:55:4c:cb:2b:7c:cc:8d:c5:ac:20:c4:45:98:d0:d3:01:7c:
73:5f:ec:40:9f:45:3f:ba:ec:32:f9:b6:5c:03:b0:d8:6e:86:
82:3a:01:8e:40:38:b7:85:ec:36:75:04:b4:a3:cb:b8:28:07:
03:ab:8d:5a:e6:e7:b0:e2:be:a3:aa:a1:c9:32:e4:75:6c:4a:
6c:c4:11:6b:8b:f3:71:ab:2c:49:ed:91:63:c3:56:0a:28:ed:
6b:d6:c5:a9:cf:e3:6e:55:1b:09:14:d0:30:72:b8:bf:93:11:
c5:50:c6:61
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYDAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTQx
NDEwMjVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDMwQjgxRjgzOTk3REI4
OEQ4M0QxQTQ2REVFQUY1OTMzM0Q0Q0NDQ0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCbUAT6akwsicDRrR4uudNhzpUuml5qXCHSU7OzuLSuzapRpt+2
Y6Ig8e79Pbn0Te0ZFzfbJQxozvEq5yeucHVC5XESnIZY6HKs6E4OLLqEOD/C6IXl
6AfEEB2YBrgwdoVjgqZ0TVdX0q7RbG9swu6UZf3egLtyhTSB0153q7vy6aKJ0ovA
v+wnwEzk9M4rlfME9GH6LpwfZ34gjUYsJZZMbu7jTA4DHOd+f+nHzDQNry2yz9C3
vPXjDNS5aloKZRWujDmn9jv+lUK5jHqoBmxZD+lk8DxoUXGNGyhPF6/bPrPw4Qcq
fEIPrTsB39v8eWXbxKBOGUz3H3O7L3sI8LB/AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUMLgfg5l9uI2D0aRt7q9ZMz1MzM0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L01MZ2ZnNWw5dUkyRDBh
UnQ3cTlaTXoxTXpNMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAEteJ8
mv3HZkfI3f742ZuEZUgNGYqtYMQYSnXJCoCKEQ4/5PBR980FEQMa8d9HgyUGc10r
LUOOC9KnQkYh6dDUO4utqA55WdmduoamVnuxb8LQFdHzmZP8USPNE4yFsgP4Msq5
ZXHCrpE04uwyZ8QBHJpcqJdisnqLp+w18I5pY0s0KQqdqK0JrUE8Y8KMka78VUzL
K3zMjcWsIMRFmNDTAXxzX+xAn0U/uuwy+bZcA7DYboaCOgGOQDi3hew2dQS0o8u4
KAcDq41a5uew4r6jqqHJMuR1bEpsxBFri/NxqyxJ7ZFjw1YKKO1r1sWpz+NuVRsJ
FNAwcri/kxHFUMZh
-----END CERTIFICATE-----
Generated at Sat May 17 19:38:57 2025 by rpki-client