Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/3fkX7SFu1ihRv7CeMKH2W6h65PQ.roa
File: 3fkX7SFu1ihRv7CeMKH2W6h65PQ.roa (raw, json)
Hash identifier: xsJuXs9qf2xx5SLU5PjCtCXQunKelDIrli+pHc0rPmU=
Subject key identifier: DD:F9:17:ED:21:6E:D6:28:51:BF:B0:9E:30:A1:F6:5B:A8:7A:E4:F4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6AB4
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3fkX7SFu1ihRv7CeMKH2W6h65PQ.roa
Signing time: Wed 11 Jun 2025 15:12:21 +0000
ROA not before: Wed 11 Jun 2025 15:12:21 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27316 (0x6ab4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 11 15:12:21 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=DDF917ED216ED62851BFB09E30A1F65BA87AE4F4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:5b:b5:61:d7:2c:bc:90:2d:1a:fe:c4:9c:f5:
a6:86:c7:1a:3c:7a:f0:9f:ab:ff:66:df:68:8e:68:
e6:bb:09:3e:7b:de:44:b5:91:d9:b4:49:64:bb:72:
e7:0e:7d:27:ab:e3:80:b2:ec:25:91:a4:d1:5c:dc:
79:34:34:2e:5e:ce:61:4f:cb:b6:20:f0:7d:9f:48:
d2:33:e0:06:c7:ff:47:cb:66:c2:46:d3:7d:16:f5:
3c:58:1e:04:b4:b9:95:c0:2f:cd:e6:94:4f:c6:e5:
17:97:c9:d3:9a:cf:95:8e:12:f7:e9:a1:86:09:89:
05:65:ce:9f:b2:00:2c:45:05:b9:cd:15:e5:97:c0:
bb:fe:30:56:4b:04:6d:9e:69:a1:ac:cc:30:31:2d:
c8:98:1a:84:dd:d1:4c:a8:65:01:df:40:f5:a3:fa:
39:14:a1:04:a6:87:3f:8e:2b:df:e6:d0:6a:57:b8:
1c:03:d3:2c:9a:91:7b:e2:3f:6e:f9:28:91:5c:c0:
38:a8:1d:e3:37:c8:ce:f0:d3:1a:38:ab:a5:82:9d:
fc:67:10:60:08:b3:e0:9a:64:22:08:53:27:cb:1c:
0d:b5:96:f7:b8:f4:29:fc:42:a2:8d:3f:7f:ae:e6:
08:b5:c0:84:75:38:b5:76:32:4c:37:06:95:12:d3:
b2:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:F9:17:ED:21:6E:D6:28:51:BF:B0:9E:30:A1:F6:5B:A8:7A:E4:F4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/3fkX7SFu1ihRv7CeMKH2W6h65PQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
a2:02:43:a2:7b:e1:5f:fe:33:7d:21:e3:7d:fc:ed:84:28:dc:
bd:f6:54:89:2b:44:84:81:2e:99:49:28:0e:96:20:26:fc:59:
de:a6:d4:d9:d6:85:96:d7:d0:63:c9:82:67:77:c6:97:b0:23:
f5:e8:4c:8d:66:a1:3b:ba:49:f3:1c:3a:0e:73:45:d8:fe:e0:
56:94:a1:6d:55:5e:64:28:a5:7e:d2:38:71:26:89:00:25:a6:
87:23:de:67:b3:98:b1:be:22:19:22:81:77:cb:86:87:e5:9f:
38:af:cf:2a:6f:80:32:43:3e:36:6b:6e:c4:38:6b:20:7b:50:
0e:5b:a8:55:cb:98:d6:f3:c1:5f:ae:3c:95:a7:6e:13:17:5b:
a5:39:d0:52:48:ba:3d:32:08:9a:cc:bb:1f:80:a5:5d:a6:3f:
3a:97:54:9b:fc:60:39:e0:dd:31:1b:fc:7c:11:ff:8d:cd:c7:
a5:3b:96:ad:a1:05:32:e8:92:d0:6b:44:86:24:43:dd:93:3c:
80:9c:0c:78:dd:45:14:ba:96:a6:4c:22:0c:49:dd:60:0a:e6:
2e:72:de:e9:24:16:37:ab:a5:68:64:12:27:62:a0:42:bf:c5:
55:d4:a0:19:91:35:09:26:f2:c2:70:0e:23:66:d7:ce:2b:36:
ce:a5:5a:c2
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICarQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTEx
NTEyMjFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKERERjkxN0VEMjE2RUQ2
Mjg1MUJGQjA5RTMwQTFGNjVCQTg3QUU0RjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDsW7Vh1yy8kC0a/sSc9aaGxxo8evCfq/9m32iOaOa7CT573kS1
kdm0SWS7cucOfSer44Cy7CWRpNFc3Hk0NC5ezmFPy7Yg8H2fSNIz4AbH/0fLZsJG
030W9TxYHgS0uZXAL83mlE/G5ReXydOaz5WOEvfpoYYJiQVlzp+yACxFBbnNFeWX
wLv+MFZLBG2eaaGszDAxLciYGoTd0UyoZQHfQPWj+jkUoQSmhz+OK9/m0GpXuBwD
0yyakXviP275KJFcwDioHeM3yM7w0xo4q6WCnfxnEGAIs+CaZCIIUyfLHA21lve4
9Cn8QqKNP3+u5gi1wIR1OLV2Mkw3BpUS07KVAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU3fkX7SFu1ihRv7CeMKH2W6h65PQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzNma1g3U0Z1MWloUnY3
Q2VNS0gyVzZoNjVQUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCiAkOi
e+Ff/jN9IeN9/O2EKNy99lSJK0SEgS6ZSSgOliAm/FneptTZ1oWW19BjyYJnd8aX
sCP16EyNZqE7uknzHDoOc0XY/uBWlKFtVV5kKKV+0jhxJokAJaaHI95ns5ixviIZ
IoF3y4aH5Z84r88qb4AyQz42a27EOGsge1AOW6hVy5jW88FfrjyVp24TF1ulOdBS
SLo9MgiazLsfgKVdpj86l1Sb/GA54N0xG/x8Ef+NzcelO5atoQUy6JLQa0SGJEPd
kzyAnAx43UUUupamTCIMSd1gCuYuct7pJBY3q6VoZBInYqBCv8VV1KAZkTUJJvLC
cA4jZtfOKzbOpVrC
-----END CERTIFICATE-----
Generated at Sat Jun 21 20:25:41 2025 by rpki-client