Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Ficjay-t5D3Lqc5FGEodSrow0gI.roa
File: Ficjay-t5D3Lqc5FGEodSrow0gI.roa (raw, json)
Hash identifier: LY1JZib3zJQ3pbokgPWANM1RxSJcoiHhX+5JF0lcAUM=
Subject key identifier: 16:27:23:6B:2F:AD:E4:3D:CB:A9:CE:45:18:4A:1D:4A:BA:30:D2:02
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6494
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Ficjay-t5D3Lqc5FGEodSrow0gI.roa
Signing time: Mon 26 May 2025 07:11:59 +0000
ROA not before: Mon 26 May 2025 07:11:59 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25748 (0x6494)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 26 07:11:59 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=1627236B2FADE43DCBA9CE45184A1D4ABA30D202
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:d1:4f:8f:c4:29:88:b9:60:45:e8:91:d2:1f:
55:59:5f:f4:f8:30:a7:09:c0:1f:3d:bb:ec:07:13:
ae:53:51:11:37:e9:a5:f4:99:2d:80:ec:87:0b:b5:
41:62:29:16:a0:b8:41:da:45:74:42:f4:7c:3e:73:
5c:bb:bd:af:63:64:25:8c:d8:65:fb:b2:19:c3:a7:
9f:77:47:39:5e:43:5f:8c:86:b1:f2:f6:1c:c3:b4:
33:43:7a:1a:c9:8b:73:90:9b:16:b9:96:8b:f3:e4:
6a:31:37:e0:a8:85:11:d1:87:9a:81:2c:7f:ef:00:
86:21:48:4e:32:29:68:9e:9d:ce:ea:cc:e8:60:51:
86:55:a6:cd:e1:0d:44:2c:d1:28:01:1b:4d:e1:82:
7d:83:b2:01:6e:cc:6d:0c:59:ae:b2:fc:66:75:9c:
87:50:be:72:64:e5:cc:8f:8a:e9:2c:b5:4b:f6:ca:
a9:f2:71:bb:c3:dd:b7:03:ec:ef:c1:81:9f:2f:60:
29:24:62:aa:66:db:08:01:6d:ec:e6:62:55:97:5a:
0a:bf:6f:8d:10:68:e3:e2:ad:f8:3d:8d:22:f6:3c:
f4:3b:9f:f3:16:27:53:c8:68:c2:29:6d:85:41:7b:
1f:94:91:9a:9e:24:eb:e2:35:17:cc:ed:13:b3:de:
d7:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:27:23:6B:2F:AD:E4:3D:CB:A9:CE:45:18:4A:1D:4A:BA:30:D2:02
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Ficjay-t5D3Lqc5FGEodSrow0gI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
10:6a:33:79:63:dc:7c:93:85:97:72:68:f8:6c:ea:5a:a0:48:
7c:ea:d3:86:68:b3:4d:2c:ca:20:ed:81:0a:5a:67:40:1e:c0:
49:62:3b:e0:19:08:5c:02:af:db:22:17:d0:46:37:81:5e:41:
23:51:3b:2d:67:c7:08:41:df:a8:24:b5:20:4a:b6:e0:ff:c9:
b0:af:4f:c9:94:d8:e7:0d:f4:f3:f1:2a:2d:ea:7a:f2:f9:e9:
8c:56:37:8e:ab:fa:d1:43:ea:95:42:6e:61:1b:1e:85:9c:a5:
db:fc:ec:6c:5c:6d:2c:eb:6f:c3:69:78:8e:83:6e:03:04:f0:
11:ff:07:36:06:f8:22:ee:90:d5:1f:d8:22:7f:41:76:ac:41:
82:0b:1a:45:4c:82:2f:18:e2:55:d3:9e:5f:0a:2f:bf:6e:f1:
ad:84:57:07:2a:b0:fa:cc:31:34:cd:7c:a4:cd:14:6b:9b:e0:
89:c8:7e:ce:77:67:a1:30:81:aa:8c:1b:46:27:d0:5d:15:ec:
03:3f:75:45:f2:e7:2e:9f:5b:3f:91:ad:ea:df:fe:80:b3:1b:
a3:d4:2a:74:f2:d8:49:61:42:27:f2:7f:38:24:15:3c:71:bc:
64:1b:1e:98:98:d3:cc:be:03:43:aa:dc:dc:4c:98:01:af:95:
61:bd:4c:ca
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZJQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjYw
NzExNTlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDE2MjcyMzZCMkZBREU0
M0RDQkE5Q0U0NTE4NEExRDRBQkEzMEQyMDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDF0U+PxCmIuWBF6JHSH1VZX/T4MKcJwB89u+wHE65TURE36aX0
mS2A7IcLtUFiKRaguEHaRXRC9Hw+c1y7va9jZCWM2GX7shnDp593RzleQ1+MhrHy
9hzDtDNDehrJi3OQmxa5lovz5GoxN+CohRHRh5qBLH/vAIYhSE4yKWienc7qzOhg
UYZVps3hDUQs0SgBG03hgn2DsgFuzG0MWa6y/GZ1nIdQvnJk5cyPiukstUv2yqny
cbvD3bcD7O/BgZ8vYCkkYqpm2wgBbezmYlWXWgq/b40QaOPirfg9jSL2PPQ7n/MW
J1PIaMIpbYVBex+UkZqeJOviNRfM7ROz3tdJAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUFicjay+t5D3Lqc5FGEodSrow0gIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0ZpY2pheS10NUQzTHFj
NUZHRW9kU3JvdzBnSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAQajN5
Y9x8k4WXcmj4bOpaoEh86tOGaLNNLMog7YEKWmdAHsBJYjvgGQhcAq/bIhfQRjeB
XkEjUTstZ8cIQd+oJLUgSrbg/8mwr0/JlNjnDfTz8Sot6nry+emMVjeOq/rRQ+qV
Qm5hGx6FnKXb/OxsXG0s62/DaXiOg24DBPAR/wc2Bvgi7pDVH9gif0F2rEGCCxpF
TIIvGOJV055fCi+/bvGthFcHKrD6zDE0zXykzRRrm+CJyH7Od2ehMIGqjBtGJ9Bd
FewDP3VF8ucun1s/ka3q3/6Asxuj1Cp08thJYUIn8n84JBU8cbxkGx6YmNPMvgND
qtzcTJgBr5VhvUzK
-----END CERTIFICATE-----
Generated at Fri Jun 20 16:29:37 2025 by rpki-client