Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/vNxFQHeInpO5EsDDv7mQ1ni2gv4.roa
File: vNxFQHeInpO5EsDDv7mQ1ni2gv4.roa (raw, json)
Hash identifier: L76v0prkZi+OOzDlOo20US/9UDtGfbJW+odEs3GOUvk=
Subject key identifier: BC:DC:45:40:77:88:9E:93:B9:12:C0:C3:BF:B9:90:D6:78:B6:82:FE
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 610E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vNxFQHeInpO5EsDDv7mQ1ni2gv4.roa
Signing time: Fri 16 May 2025 21:40:30 +0000
ROA not before: Fri 16 May 2025 21:40:30 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24846 (0x610e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 16 21:40:30 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=BCDC454077889E93B912C0C3BFB990D678B682FE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:1d:72:a7:ab:6f:4d:89:c8:71:08:03:6c:e2:
e7:0d:8b:a7:b7:13:f3:6a:33:ca:4a:23:84:37:45:
dc:81:0b:a2:09:a1:c3:c9:43:f3:95:0a:b0:21:e9:
cf:fb:39:26:c9:1f:7d:03:9a:ac:15:79:51:9b:ec:
f5:6a:a2:9e:2f:de:c7:cb:7d:04:00:a6:89:13:df:
be:08:2b:28:aa:8e:df:3e:88:c9:88:54:69:fb:64:
25:23:c7:0a:66:cd:57:a2:24:76:46:3b:cf:58:f1:
a9:02:85:a8:f9:e0:46:25:f5:4f:b4:2c:b8:ab:26:
1d:ac:cd:ea:73:95:f2:9b:04:50:fb:9d:f8:48:86:
69:db:da:4c:70:d7:ca:b1:14:22:3a:ec:f4:0e:21:
b3:3a:37:a0:96:a6:88:4a:31:58:ac:a7:fe:e8:11:
c9:55:fb:4f:f4:50:ad:07:b1:04:db:1e:cb:66:24:
61:33:21:c9:f7:60:63:bf:89:71:ea:c2:92:7f:c1:
d4:ed:c4:86:71:97:73:c7:59:de:f5:ae:39:3c:05:
f0:02:f6:ed:52:a5:ac:94:4a:67:46:83:7b:fd:ca:
73:f9:07:fd:32:4d:cc:45:67:60:3f:3c:40:6b:08:
4d:1a:f5:b3:b8:5d:7b:b3:94:c8:48:72:a6:67:94:
6a:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BC:DC:45:40:77:88:9E:93:B9:12:C0:C3:BF:B9:90:D6:78:B6:82:FE
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vNxFQHeInpO5EsDDv7mQ1ni2gv4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
1e:58:90:2a:f7:74:8a:3a:8c:8b:54:21:d1:f2:80:17:fd:ad:
35:ed:a1:d4:f7:41:29:72:ed:38:02:49:5d:a0:ce:6d:9d:bb:
8d:eb:4b:f5:00:51:e3:e4:e5:e0:04:4e:46:21:ce:cc:19:2b:
04:d5:de:e5:a0:5e:28:8a:79:2f:53:08:d2:e3:2e:e9:3b:af:
38:33:a4:6c:ca:42:b4:f0:16:be:44:f9:d7:22:9d:57:42:fe:
f5:9e:06:20:02:68:66:e5:03:a3:f0:8c:39:4b:e4:9f:6c:65:
51:60:13:35:a2:5f:c1:81:df:01:2c:95:2a:c8:c8:dc:82:fe:
97:9e:d7:62:1a:84:ae:fa:5a:0a:24:4c:d2:70:96:7c:b7:2e:
bc:2b:54:17:b7:22:bd:f3:4c:c1:44:a6:b3:40:22:2f:96:22:
30:dc:67:7f:79:cc:31:cf:29:b3:b2:ba:8f:ba:4c:2e:33:d5:
87:67:53:bf:70:8d:56:23:76:76:2c:20:30:2e:13:e3:04:7e:
00:53:fd:d2:df:13:b7:10:b4:a0:23:ad:51:f2:c1:4b:c3:99:
7b:f1:a0:2c:a2:82:a3:95:c7:35:17:12:f5:4a:01:f2:79:52:
65:98:c2:42:3a:37:66:81:a8:e9:05:9d:0b:3e:97:a6:66:bf:
37:b1:ec:c5
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYQ4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTYy
MTQwMzBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEJDREM0NTQwNzc4ODlF
OTNCOTEyQzBDM0JGQjk5MEQ2NzhCNjgyRkUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCkHXKnq29NichxCANs4ucNi6e3E/NqM8pKI4Q3RdyBC6IJocPJ
Q/OVCrAh6c/7OSbJH30DmqwVeVGb7PVqop4v3sfLfQQApokT374IKyiqjt8+iMmI
VGn7ZCUjxwpmzVeiJHZGO89Y8akChaj54EYl9U+0LLirJh2szepzlfKbBFD7nfhI
hmnb2kxw18qxFCI67PQOIbM6N6CWpohKMVisp/7oEclV+0/0UK0HsQTbHstmJGEz
Icn3YGO/iXHqwpJ/wdTtxIZxl3PHWd71rjk8BfAC9u1SpayUSmdGg3v9ynP5B/0y
TcxFZ2A/PEBrCE0a9bO4XXuzlMhIcqZnlGphAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUvNxFQHeInpO5EsDDv7mQ1ni2gv4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3ZOeEZRSGVJbnBPNUVz
RER2N21RMW5pMmd2NC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAeWJAq
93SKOoyLVCHR8oAX/a017aHU90Epcu04AkldoM5tnbuN60v1AFHj5OXgBE5GIc7M
GSsE1d7loF4oinkvUwjS4y7pO684M6RsykK08Ba+RPnXIp1XQv71ngYgAmhm5QOj
8Iw5S+SfbGVRYBM1ol/Bgd8BLJUqyMjcgv6XntdiGoSu+loKJEzScJZ8ty68K1QX
tyK980zBRKazQCIvliIw3Gd/ecwxzymzsrqPukwuM9WHZ1O/cI1WI3Z2LCAwLhPj
BH4AU/3S3xO3ELSgI61R8sFLw5l78aAsooKjlcc1FxL1SgHyeVJlmMJCOjdmgajp
BZ0LPpemZr83sezF
-----END CERTIFICATE-----
Generated at Sun May 18 04:51:01 2025 by rpki-client