Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/-_yH7pL-KTF3bpbibSTu4n7dLXA.roa
File: -_yH7pL-KTF3bpbibSTu4n7dLXA.roa (raw, json)
Hash identifier: nUSIEbd2S/nYF4oqoaVfP6Q69iw7Hc4nUoA8U4FxqXc=
Subject key identifier: FB:FC:87:EE:92:FE:29:31:77:6E:96:E2:6D:24:EE:E2:7E:DD:2D:70
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 67DC
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-_yH7pL-KTF3bpbibSTu4n7dLXA.roa
Signing time: Wed 04 Jun 2025 01:11:43 +0000
ROA not before: Wed 04 Jun 2025 01:11:43 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26588 (0x67dc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 4 01:11:43 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=FBFC87EE92FE2931776E96E26D24EEE27EDD2D70
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:99:0e:25:19:80:df:d5:50:ed:a9:f8:72:e7:
96:a9:6c:49:be:7a:b5:14:73:0c:d0:2a:55:b1:13:
1a:5d:db:fa:33:39:94:1b:c6:91:0b:42:4b:cc:85:
9d:58:57:eb:ce:44:75:75:05:5f:e2:ee:f0:14:ba:
6f:d3:fb:9f:d8:63:da:03:3c:a6:e4:53:75:24:e6:
85:af:c5:8d:3f:1a:93:12:c6:15:58:3e:70:10:4e:
8d:d7:a3:c4:11:36:b3:9f:e2:8e:70:d7:2d:c6:d3:
86:a0:06:26:da:3c:e6:94:20:88:55:0a:e4:b6:89:
95:f1:e6:a3:03:d6:14:42:4b:73:5e:b7:b1:17:6c:
d6:37:72:b7:25:24:93:1a:5b:78:7b:82:41:71:2d:
c9:4e:f3:3e:df:a3:38:c5:99:53:1a:d2:8e:e0:ee:
21:4d:51:14:71:da:40:97:b7:71:73:e9:2d:fa:34:
48:c8:c7:ba:b1:2a:41:77:aa:da:18:5c:e6:73:91:
86:65:a5:88:b8:39:fa:86:4a:18:23:44:f0:6e:f2:
cb:84:77:46:3d:36:c7:63:1f:df:a8:33:cf:90:ac:
00:b3:d2:a2:f2:47:52:a9:e6:a0:0f:49:87:6e:0a:
aa:b0:ae:ff:5e:e7:00:b6:31:6e:60:fd:62:f9:4e:
41:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:FC:87:EE:92:FE:29:31:77:6E:96:E2:6D:24:EE:E2:7E:DD:2D:70
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-_yH7pL-KTF3bpbibSTu4n7dLXA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
80:3a:7e:4e:14:d3:bc:9a:5f:6b:85:17:26:82:3d:94:b1:69:
e1:5c:5d:2b:0b:3b:94:36:5f:e9:94:37:2d:33:d1:ca:60:fd:
42:61:63:b3:e6:ba:91:71:cc:75:aa:7a:06:ab:91:be:8f:bb:
cc:d5:5b:f7:e1:20:8c:25:fa:ee:51:58:55:f5:23:7f:45:06:
ca:ed:91:86:a2:9e:f2:6c:db:0b:d3:2b:cd:37:a8:aa:1d:36:
39:65:30:96:60:1a:31:87:b7:bd:c6:31:4f:65:55:dc:84:5f:
ff:8c:45:01:e1:29:a0:be:b1:5e:c8:c3:ed:be:76:3f:51:3b:
0d:f9:e8:1d:31:0a:62:90:c3:72:ac:15:4d:a8:c8:7e:9e:f0:
3c:9e:0f:a0:e7:f2:6c:34:ea:29:8b:29:fb:67:79:8a:3d:65:
fd:8b:56:ff:76:cc:9f:36:15:94:38:5e:96:6a:7a:7f:21:d8:
fe:bd:3f:9f:5b:c3:c9:23:07:aa:8b:c7:bc:a6:45:0f:d1:7b:
22:9f:b9:ba:26:eb:30:e8:db:86:18:cc:39:52:05:50:83:90:
32:8e:41:90:65:e4:3a:d2:6b:fc:f6:5a:3e:14:b3:d9:a1:1e:
4f:24:16:4b:13:5b:5d:0b:9d:a8:ac:8c:42:b0:c4:82:69:d5:
6e:6e:e2:b4
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZ9wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDQw
MTExNDNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEZCRkM4N0VFOTJGRTI5
MzE3NzZFOTZFMjZEMjRFRUUyN0VERDJENzAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDHmQ4lGYDf1VDtqfhy55apbEm+erUUcwzQKlWxExpd2/ozOZQb
xpELQkvMhZ1YV+vORHV1BV/i7vAUum/T+5/YY9oDPKbkU3Uk5oWvxY0/GpMSxhVY
PnAQTo3Xo8QRNrOf4o5w1y3G04agBibaPOaUIIhVCuS2iZXx5qMD1hRCS3Net7EX
bNY3crclJJMaW3h7gkFxLclO8z7fozjFmVMa0o7g7iFNURRx2kCXt3Fz6S36NEjI
x7qxKkF3qtoYXOZzkYZlpYi4OfqGShgjRPBu8suEd0Y9NsdjH9+oM8+QrACz0qLy
R1Kp5qAPSYduCqqwrv9e5wC2MW5g/WL5TkGHAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU+/yH7pL+KTF3bpbibSTu4n7dLXAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3Ly1feUg3cEwtS1RGM2Jw
YmliU1R1NG43ZExYQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCAOn5O
FNO8ml9rhRcmgj2UsWnhXF0rCzuUNl/plDctM9HKYP1CYWOz5rqRccx1qnoGq5G+
j7vM1Vv34SCMJfruUVhV9SN/RQbK7ZGGop7ybNsL0yvNN6iqHTY5ZTCWYBoxh7e9
xjFPZVXchF//jEUB4SmgvrFeyMPtvnY/UTsN+egdMQpikMNyrBVNqMh+nvA8ng+g
5/JsNOopiyn7Z3mKPWX9i1b/dsyfNhWUOF6Wanp/Idj+vT+fW8PJIweqi8e8pkUP
0Xsin7m6Jusw6NuGGMw5UgVQg5AyjkGQZeQ60mv89lo+FLPZoR5PJBZLE1tdC52o
rIxCsMSCadVubuK0
-----END CERTIFICATE-----
Generated at Sun Jun 22 17:59:51 2025 by rpki-client