Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Fw0XFwKFIArRguLR5uPnvfs9wvc.roa
File: Fw0XFwKFIArRguLR5uPnvfs9wvc.roa (raw, json)
Hash identifier: a9ROmBcC+F/+7q2yuqP8Dt24aJgR5HfIHc1Ywt+4AV4=
Subject key identifier: 17:0D:17:17:02:85:20:0A:D1:82:E2:D1:E6:E3:E7:BD:FB:3D:C2:F7
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 614A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Fw0XFwKFIArRguLR5uPnvfs9wvc.roa
Signing time: Sat 17 May 2025 12:41:05 +0000
ROA not before: Sat 17 May 2025 12:41:05 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24906 (0x614a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 17 12:41:05 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=170D17170285200AD182E2D1E6E3E7BDFB3DC2F7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:fb:76:91:14:09:48:74:e3:f8:9f:4a:f2:5f:
52:41:13:f2:a9:73:36:93:13:57:f0:0c:ab:6a:79:
1b:a1:49:ee:a2:d8:9c:3c:df:2a:35:8a:e6:42:85:
42:f2:25:d6:75:79:44:2b:1e:6e:b3:f1:77:77:67:
0b:90:5e:18:54:37:76:7d:5c:03:64:27:a3:07:3d:
be:cc:22:f7:84:85:0e:ad:a1:33:4d:e4:11:dc:58:
9f:16:25:91:3e:af:0c:31:c1:fc:15:12:77:95:01:
2a:e7:40:d5:e2:b7:28:e3:fd:27:b3:9a:54:2a:a8:
92:4e:e1:63:8c:a6:b7:9d:50:75:ac:e9:cd:d9:dc:
f9:98:ef:8b:30:4f:66:6c:ae:23:1b:a2:80:54:51:
ba:ce:8b:3c:f7:9f:33:76:85:a4:4e:df:ac:42:51:
69:c5:fb:99:02:9c:3b:ac:f3:59:8b:7c:53:81:a9:
0f:d1:bc:08:9b:e6:84:ee:db:e3:e2:de:f7:60:27:
5a:1a:84:70:7c:49:92:c2:82:e5:16:ec:11:0f:03:
fc:4c:fb:da:d6:96:4c:1a:fb:f3:a2:5e:6a:03:3d:
86:54:c3:24:be:1e:0c:57:59:9b:fc:71:fe:40:25:
40:78:13:69:5d:13:7e:c6:a3:c0:fb:f5:32:57:16:
e3:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
17:0D:17:17:02:85:20:0A:D1:82:E2:D1:E6:E3:E7:BD:FB:3D:C2:F7
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Fw0XFwKFIArRguLR5uPnvfs9wvc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
47:16:84:83:60:46:c9:f0:32:c4:4c:3d:0a:ac:ab:c4:8f:8b:
2e:5f:bb:1d:d1:a4:7b:fb:fd:b0:11:7a:07:36:d5:6a:f0:e3:
b0:02:0d:a7:93:8c:c8:42:cc:30:67:1f:95:14:29:09:4e:ac:
46:81:79:c2:c0:c7:a8:0a:8b:76:fa:42:2a:64:ce:73:1f:8b:
a5:6d:49:2b:1b:09:f1:3a:3a:5f:30:10:3c:6e:73:11:9a:e4:
70:d3:a9:0d:b0:22:db:9e:54:4a:82:32:23:bf:b4:63:2d:db:
8e:01:e1:0d:06:9e:fe:fb:cc:cc:4c:99:51:ed:fe:74:e0:35:
c4:31:7a:ae:f0:30:04:3c:b0:74:b9:28:bf:29:78:41:1e:79:
a8:18:47:ee:14:ce:c1:10:f8:73:9f:02:64:4c:a9:11:ab:75:
67:27:76:92:50:30:82:0b:8a:3e:8b:94:b6:50:3f:32:c7:aa:
55:bb:6a:39:a4:8f:46:da:de:6a:82:e4:02:89:59:ec:83:fb:
a3:5c:29:4a:11:df:ec:e6:80:83:b2:59:56:a0:98:78:81:69:
4e:90:a3:42:41:a4:8e:40:cd:72:97:7a:33:11:ea:f5:fd:c1:
ec:86:3b:36:98:57:32:cf:97:95:b5:39:76:9b:9d:52:7d:08:
8e:74:30:e1
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYUowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTcx
MjQxMDVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDE3MEQxNzE3MDI4NTIw
MEFEMTgyRTJEMUU2RTNFN0JERkIzREMyRjcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC4+3aRFAlIdOP4n0ryX1JBE/KpczaTE1fwDKtqeRuhSe6i2Jw8
3yo1iuZChULyJdZ1eUQrHm6z8Xd3ZwuQXhhUN3Z9XANkJ6MHPb7MIveEhQ6toTNN
5BHcWJ8WJZE+rwwxwfwVEneVASrnQNXityjj/SezmlQqqJJO4WOMpredUHWs6c3Z
3PmY74swT2ZsriMbooBUUbrOizz3nzN2haRO36xCUWnF+5kCnDus81mLfFOBqQ/R
vAib5oTu2+Pi3vdgJ1oahHB8SZLCguUW7BEPA/xM+9rWlkwa+/OiXmoDPYZUwyS+
HgxXWZv8cf5AJUB4E2ldE37Go8D79TJXFuN3AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUFw0XFwKFIArRguLR5uPnvfs9wvcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0Z3MFhGd0tGSUFyUmd1
TFI1dVBudmZzOXd2Yy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBHFoSD
YEbJ8DLETD0KrKvEj4suX7sd0aR7+/2wEXoHNtVq8OOwAg2nk4zIQswwZx+VFCkJ
TqxGgXnCwMeoCot2+kIqZM5zH4ulbUkrGwnxOjpfMBA8bnMRmuRw06kNsCLbnlRK
gjIjv7RjLduOAeENBp7++8zMTJlR7f504DXEMXqu8DAEPLB0uSi/KXhBHnmoGEfu
FM7BEPhznwJkTKkRq3VnJ3aSUDCCC4o+i5S2UD8yx6pVu2o5pI9G2t5qguQCiVns
g/ujXClKEd/s5oCDsllWoJh4gWlOkKNCQaSOQM1yl3ozEer1/cHshjs2mFcyz5eV
tTl2m51SfQiOdDDh
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:21:57 2025 by rpki-client