Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Ni8Sm3B0zUh-ilDlJGZe4d8XuyY.roa
File: Ni8Sm3B0zUh-ilDlJGZe4d8XuyY.roa (raw, json)
Hash identifier: EGs9VSOyGkMYSq8WRYJznRz3a//6IJvccVOHqGDF9UU=
Subject key identifier: 36:2F:12:9B:70:74:CD:48:7E:8A:50:E5:24:66:5E:E1:DF:17:BB:26
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 613E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Ni8Sm3B0zUh-ilDlJGZe4d8XuyY.roa
Signing time: Sat 17 May 2025 09:40:28 +0000
ROA not before: Sat 17 May 2025 09:40:28 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24894 (0x613e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 17 09:40:28 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=362F129B7074CD487E8A50E524665EE1DF17BB26
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:dd:6f:3c:51:11:28:fe:84:f0:cf:d8:3b:49:
c6:2b:0c:18:2a:1c:9c:98:52:4f:a1:e1:19:0c:07:
f4:d1:18:7d:62:fb:c1:28:f5:90:2d:5f:bf:eb:72:
36:a3:37:fc:3e:07:f3:18:f1:42:a6:c2:5a:1c:14:
5e:4a:04:04:90:9a:2e:fe:ce:5e:82:87:ae:9a:9a:
1f:d8:f7:e1:18:39:a0:2d:0a:88:c3:dd:d7:63:9d:
3c:57:8b:2c:1b:67:37:32:9c:83:80:10:3b:c7:af:
65:0b:00:bd:c1:ab:1e:da:73:84:10:06:6f:a3:07:
fc:f9:c0:f5:11:c0:b4:92:e1:3c:42:96:75:c3:4e:
7f:f7:e0:5d:ac:d7:af:2b:ef:ac:a8:b0:6d:8b:69:
9f:c5:b7:b9:67:e4:07:f0:14:dd:b9:25:ee:b2:64:
c6:50:28:4b:3a:55:c2:6e:e5:38:59:41:9b:0f:be:
45:80:9f:43:78:71:39:45:7b:a4:9c:00:55:d2:79:
d9:50:16:d5:ce:26:c8:e9:c8:2a:d5:05:ec:8e:ba:
0f:af:28:5f:bf:a5:a5:d1:ed:2f:d4:bd:42:88:4c:
1c:cf:6d:f7:bf:55:3e:47:02:0f:71:07:8b:9f:cf:
94:86:5e:99:ba:4d:c5:fd:d7:e1:6b:77:0a:3c:14:
90:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:2F:12:9B:70:74:CD:48:7E:8A:50:E5:24:66:5E:E1:DF:17:BB:26
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Ni8Sm3B0zUh-ilDlJGZe4d8XuyY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
7d:bc:a3:a3:90:d5:f7:91:3f:f9:ba:0f:c9:bd:fb:5d:14:04:
f2:c1:5a:f7:77:33:af:85:a2:05:93:cd:74:b4:18:bd:ab:88:
5a:f7:56:8f:fd:05:87:a7:7a:1a:09:45:00:da:4e:c0:3e:14:
ff:31:73:90:01:69:e0:c2:e9:2d:10:b8:3c:86:7c:30:f1:f2:
e9:b2:5b:9e:04:bf:e1:91:3b:1c:47:26:b9:1e:f9:17:d9:d9:
52:4e:85:0e:7c:ad:f6:fd:32:a3:dd:4c:37:b8:30:a2:f8:77:
3f:fa:27:67:4b:14:c0:58:e3:35:cb:eb:94:20:cf:28:d6:fd:
1a:1d:72:da:6c:a1:24:0c:64:c5:c2:76:e7:a2:44:2a:03:12:
bd:a5:87:0f:98:5a:03:f0:2f:cd:b8:5c:b0:38:9a:43:97:d3:
cc:ff:57:fc:be:2d:16:aa:90:da:2b:9e:38:30:34:41:79:48:
6b:bc:ce:06:f1:5c:98:a3:46:15:eb:15:98:2c:43:91:04:a9:
a4:13:0c:9f:74:62:90:c4:7e:7d:91:9d:e6:e9:79:05:e1:c5:
e7:57:58:e2:b2:29:a6:05:44:b0:88:81:7e:8d:44:7d:fb:0f:
a1:c9:2c:d6:65:3d:a3:74:6c:72:7b:03:c1:b6:60:47:99:4b:
9a:5c:27:8e
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYT4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTcw
OTQwMjhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM2MkYxMjlCNzA3NENE
NDg3RThBNTBFNTI0NjY1RUUxREYxN0JCMjYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDG3W88UREo/oTwz9g7ScYrDBgqHJyYUk+h4RkMB/TRGH1i+8Eo
9ZAtX7/rcjajN/w+B/MY8UKmwlocFF5KBASQmi7+zl6Ch66amh/Y9+EYOaAtCojD
3ddjnTxXiywbZzcynIOAEDvHr2ULAL3Bqx7ac4QQBm+jB/z5wPURwLSS4TxClnXD
Tn/34F2s168r76yosG2LaZ/Ft7ln5AfwFN25Je6yZMZQKEs6VcJu5ThZQZsPvkWA
n0N4cTlFe6ScAFXSedlQFtXOJsjpyCrVBeyOug+vKF+/paXR7S/UvUKITBzPbfe/
VT5HAg9xB4ufz5SGXpm6TcX91+Frdwo8FJAhAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUNi8Sm3B0zUh+ilDlJGZe4d8XuyYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L05pOFNtM0IwelVoLWls
RGxKR1plNGQ4WHV5WS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB9vKOj
kNX3kT/5ug/JvftdFATywVr3dzOvhaIFk810tBi9q4ha91aP/QWHp3oaCUUA2k7A
PhT/MXOQAWngwuktELg8hnww8fLpslueBL/hkTscRya5HvkX2dlSToUOfK32/TKj
3Uw3uDCi+Hc/+idnSxTAWOM1y+uUIM8o1v0aHXLabKEkDGTFwnbnokQqAxK9pYcP
mFoD8C/NuFywOJpDl9PM/1f8vi0WqpDaK544MDRBeUhrvM4G8VyYo0YV6xWYLEOR
BKmkEwyfdGKQxH59kZ3m6XkF4cXnV1jisimmBUSwiIF+jUR9+w+hySzWZT2jdGxy
ewPBtmBHmUuaXCeO
-----END CERTIFICATE-----
Generated at Sat May 17 21:32:24 2025 by rpki-client