Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/vgMKNTGnmk4A9e4S8cTosxDvl8g.roa
File: vgMKNTGnmk4A9e4S8cTosxDvl8g.roa (raw, json)
Hash identifier: z71oi7QYWK2tj9RdDJRPZOFfmj/tbJmbQt+Pxv8cdeE=
Subject key identifier: BE:03:0A:35:31:A7:9A:4E:00:F5:EE:12:F1:C4:E8:B3:10:EF:97:C8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 610A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vgMKNTGnmk4A9e4S8cTosxDvl8g.roa
Signing time: Fri 16 May 2025 20:40:34 +0000
ROA not before: Fri 16 May 2025 20:40:34 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24842 (0x610a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 16 20:40:34 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=BE030A3531A79A4E00F5EE12F1C4E8B310EF97C8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:4d:b1:ed:81:81:6d:d2:b3:96:fd:84:58:96:
e5:89:6b:ab:66:c1:13:24:61:0b:26:46:10:31:99:
ee:3f:5f:ef:9c:0c:de:9d:80:eb:e3:8d:5a:f9:83:
aa:50:03:1c:6f:38:95:23:ad:5b:84:b2:89:6c:67:
5c:16:ea:f1:ea:d4:ec:2c:d3:b2:cf:4e:c2:74:e6:
f9:ee:61:35:2d:a9:c5:3a:14:89:30:5b:93:41:54:
05:27:4e:06:77:bf:f2:10:27:55:25:26:92:5c:6a:
86:5f:b1:3f:d9:82:b5:38:70:6b:ab:63:b2:1d:3f:
6b:8b:b2:bb:92:be:f3:aa:48:e9:23:9b:ec:4d:40:
88:69:30:64:ef:1a:07:87:e2:8f:99:f8:6f:f4:80:
89:20:f2:58:9c:df:9f:9c:91:d5:91:50:74:d9:4b:
c3:65:0e:56:fa:83:98:91:fc:e0:c2:e7:74:96:6c:
50:27:a5:ea:cc:d1:a4:10:33:7e:24:bb:0e:79:65:
86:f4:47:b1:0f:f0:d7:04:42:a8:39:e2:5f:4a:c1:
17:a0:ce:4c:16:a4:83:8a:65:9d:b7:a2:37:05:f3:
2c:fc:79:14:e7:e1:a2:a9:f5:f3:04:76:a6:3c:ca:
d9:0c:0a:32:52:fb:6b:69:87:98:87:82:f3:01:6f:
ae:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BE:03:0A:35:31:A7:9A:4E:00:F5:EE:12:F1:C4:E8:B3:10:EF:97:C8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vgMKNTGnmk4A9e4S8cTosxDvl8g.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
7d:bf:46:39:da:96:ea:77:41:96:eb:15:c9:95:a9:16:16:4d:
c7:15:37:d0:02:1c:49:fd:49:0a:86:25:6d:5e:60:90:27:07:
74:7b:51:a8:b1:ad:3e:1f:c6:f7:08:af:79:6e:51:36:c0:c7:
f9:39:e3:d1:a1:ee:8a:ef:62:77:c2:28:aa:d5:69:c4:82:25:
f3:12:7d:9e:d8:74:36:37:e4:96:09:b2:f4:8e:94:f8:f5:d7:
ca:20:05:88:bc:13:23:97:a7:e5:c2:de:f6:0f:41:2c:44:29:
2f:37:f5:07:83:c5:91:fe:fa:93:7f:0f:5b:2a:5d:60:6f:45:
9a:24:61:a5:b7:e6:80:d9:5b:86:fb:b4:0b:87:92:37:69:38:
97:c5:22:c1:25:b7:56:b6:90:a2:0d:16:ef:8f:06:32:b2:4d:
33:2d:1b:70:73:7c:70:66:3f:67:71:29:f7:54:55:5b:01:37:
b8:79:b5:9b:4c:f5:89:22:64:84:f3:0b:87:b3:cd:e4:28:6c:
fe:ec:7d:11:80:9a:91:5b:c6:23:cd:36:62:27:62:f6:fe:40:
7c:c7:16:35:c4:72:b9:2d:0d:d1:62:71:eb:ec:e6:36:c2:9e:
3d:de:cf:04:da:bd:0f:18:eb:0d:23:34:5c:11:ba:66:70:42:
a3:b1:7d:5e
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYQowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTYy
MDQwMzRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEJFMDMwQTM1MzFBNzlB
NEUwMEY1RUUxMkYxQzRFOEIzMTBFRjk3QzgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDRTbHtgYFt0rOW/YRYluWJa6tmwRMkYQsmRhAxme4/X++cDN6d
gOvjjVr5g6pQAxxvOJUjrVuEsolsZ1wW6vHq1Ows07LPTsJ05vnuYTUtqcU6FIkw
W5NBVAUnTgZ3v/IQJ1UlJpJcaoZfsT/ZgrU4cGurY7IdP2uLsruSvvOqSOkjm+xN
QIhpMGTvGgeH4o+Z+G/0gIkg8lic35+ckdWRUHTZS8NlDlb6g5iR/ODC53SWbFAn
perM0aQQM34kuw55ZYb0R7EP8NcEQqg54l9KwRegzkwWpIOKZZ23ojcF8yz8eRTn
4aKp9fMEdqY8ytkMCjJS+2tph5iHgvMBb64DAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUvgMKNTGnmk4A9e4S8cTosxDvl8gwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3ZnTUtOVEdubWs0QTll
NFM4Y1Rvc3hEdmw4Zy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB9v0Y5
2pbqd0GW6xXJlakWFk3HFTfQAhxJ/UkKhiVtXmCQJwd0e1Gosa0+H8b3CK95blE2
wMf5OePRoe6K72J3wiiq1WnEgiXzEn2e2HQ2N+SWCbL0jpT49dfKIAWIvBMjl6fl
wt72D0EsRCkvN/UHg8WR/vqTfw9bKl1gb0WaJGGlt+aA2VuG+7QLh5I3aTiXxSLB
JbdWtpCiDRbvjwYysk0zLRtwc3xwZj9ncSn3VFVbATe4ebWbTPWJImSE8wuHs83k
KGz+7H0RgJqRW8YjzTZiJ2L2/kB8xxY1xHK5LQ3RYnHr7OY2wp493s8E2r0PGOsN
IzRcEbpmcEKjsX1e
-----END CERTIFICATE-----
Generated at Sun May 18 02:02:58 2025 by rpki-client