Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/MTHZEV7NXUW_H9ik_eXXSFlJClU.roa
File: MTHZEV7NXUW_H9ik_eXXSFlJClU.roa (raw, json)
Hash identifier: ZRfReVb7VXwTgHG/MVs1P8vRI0U4gIZ5an3FvSvJYZs=
Subject key identifier: 31:31:D9:11:5E:CD:5D:45:BF:1F:D8:A4:FD:E5:D7:48:59:49:0A:55
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6152
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MTHZEV7NXUW_H9ik_eXXSFlJClU.roa
Signing time: Sat 17 May 2025 14:40:34 +0000
ROA not before: Sat 17 May 2025 14:40:34 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24914 (0x6152)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 17 14:40:34 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=3131D9115ECD5D45BF1FD8A4FDE5D74859490A55
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:51:78:09:e0:e9:94:28:10:f5:a2:58:28:15:
d3:90:c5:f9:a8:0d:c5:9c:72:94:59:60:09:e9:29:
a8:fc:30:db:af:b6:0f:a0:ae:34:9c:c3:8d:cd:23:
87:ee:2f:14:fd:4a:b0:c5:ee:60:50:58:17:57:de:
72:71:4a:ec:b1:f5:ad:8c:af:43:42:8a:84:0c:07:
4b:4d:50:ff:11:16:aa:9b:f8:1d:77:a7:a0:ed:26:
a2:ae:f1:f5:65:bc:8a:df:fe:9d:a3:65:d2:a5:2a:
21:f8:b5:d8:89:4e:6b:4f:d5:ce:07:d1:d4:1a:bc:
95:40:73:42:be:dd:aa:5b:97:58:3a:d3:06:65:0a:
0b:9c:c1:c3:e3:9c:ad:31:a8:34:ef:41:bb:16:89:
4e:bc:01:a0:d6:79:a9:0c:b6:4e:42:b3:a6:1b:40:
7f:1b:2e:fd:a5:dc:1b:b5:83:46:e3:28:c5:b0:55:
05:6a:96:87:5c:f7:4b:58:d1:40:70:d2:39:a6:0a:
b0:7a:79:9c:02:3b:77:11:f5:28:ac:08:9c:f0:0a:
eb:ec:dd:03:a0:fd:20:3f:78:b5:7f:77:af:31:e3:
c2:8f:04:88:bd:c5:80:5d:ad:ff:1d:98:88:ce:10:
61:ba:58:95:0f:62:8c:e6:94:1b:c3:fd:20:a3:14:
20:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:31:D9:11:5E:CD:5D:45:BF:1F:D8:A4:FD:E5:D7:48:59:49:0A:55
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MTHZEV7NXUW_H9ik_eXXSFlJClU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
ba:fc:65:f9:76:07:25:a2:55:4a:f4:10:08:3d:7c:c3:ae:ad:
d5:12:bd:60:29:8f:47:fe:d5:2c:cf:86:0b:47:44:a3:ad:00:
01:76:17:de:67:30:d8:e0:14:46:16:de:d7:70:89:d5:00:21:
82:2b:e7:25:b3:f8:0a:65:f5:26:ab:33:e5:94:2f:ce:ab:a6:
f8:8c:ef:c6:3c:9e:79:81:45:6b:e5:78:a3:54:0e:17:4f:12:
6d:0d:16:ff:98:88:7e:e2:01:36:69:08:e5:e5:08:b2:f3:5a:
88:a0:31:71:28:5f:1c:96:5b:2a:d8:28:7e:77:53:42:d5:63:
d5:35:58:0e:bd:62:ca:8b:b9:d8:20:d1:6a:fa:28:0d:fb:63:
12:6d:93:31:5f:73:0c:cf:9a:80:fa:d5:48:43:2b:e7:3b:e1:
27:08:99:d2:6f:84:1e:42:dc:91:a2:99:28:5a:c0:f8:63:6e:
9f:34:1b:f7:0f:e1:a1:44:ad:f4:98:cd:eb:76:73:75:18:af:
df:d9:28:56:ee:00:ae:2c:4a:78:9a:c0:61:8e:59:e7:93:a5:
8f:23:3e:bf:eb:ff:0f:a0:65:28:21:16:21:22:96:17:d5:8a:
95:23:56:d2:90:49:15:31:6a:3e:de:eb:29:e9:cb:08:36:fa:
ba:b8:c8:7f
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYVIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTcx
NDQwMzRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDMxMzFEOTExNUVDRDVE
NDVCRjFGRDhBNEZERTVENzQ4NTk0OTBBNTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCVUXgJ4OmUKBD1olgoFdOQxfmoDcWccpRZYAnpKaj8MNuvtg+g
rjScw43NI4fuLxT9SrDF7mBQWBdX3nJxSuyx9a2Mr0NCioQMB0tNUP8RFqqb+B13
p6DtJqKu8fVlvIrf/p2jZdKlKiH4tdiJTmtP1c4H0dQavJVAc0K+3apbl1g60wZl
CgucwcPjnK0xqDTvQbsWiU68AaDWeakMtk5Cs6YbQH8bLv2l3Bu1g0bjKMWwVQVq
lodc90tY0UBw0jmmCrB6eZwCO3cR9SisCJzwCuvs3QOg/SA/eLV/d68x48KPBIi9
xYBdrf8dmIjOEGG6WJUPYozmlBvD/SCjFCCZAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUMTHZEV7NXUW/H9ik/eXXSFlJClUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L01USFpFVjdOWFVXX0g5
aWtfZVhYU0ZsSkNsVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQC6/GX5
dgclolVK9BAIPXzDrq3VEr1gKY9H/tUsz4YLR0SjrQABdhfeZzDY4BRGFt7XcInV
ACGCK+cls/gKZfUmqzPllC/Oq6b4jO/GPJ55gUVr5XijVA4XTxJtDRb/mIh+4gE2
aQjl5Qiy81qIoDFxKF8cllsq2Ch+d1NC1WPVNVgOvWLKi7nYINFq+igN+2MSbZMx
X3MMz5qA+tVIQyvnO+EnCJnSb4QeQtyRopkoWsD4Y26fNBv3D+GhRK30mM3rdnN1
GK/f2ShW7gCuLEp4msBhjlnnk6WPIz6/6/8PoGUoIRYhIpYX1YqVI1bSkEkVMWo+
3usp6csINvq6uMh/
-----END CERTIFICATE-----
Generated at Sat May 17 21:30:12 2025 by rpki-client