Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/_kgHoflyPf9DCTtHg4HdUnCuXSA.roa
File: _kgHoflyPf9DCTtHg4HdUnCuXSA.roa (raw, json)
Hash identifier: GEWNDvw9OdPT+dNgZDQxKZ8NadQmvXIqov0s/qVqdbg=
Subject key identifier: FE:48:07:A1:F9:72:3D:FF:43:09:3B:47:83:81:DD:52:70:AE:5D:20
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 62EE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_kgHoflyPf9DCTtHg4HdUnCuXSA.roa
Signing time: Wed 21 May 2025 21:40:54 +0000
ROA not before: Wed 21 May 2025 21:40:54 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25326 (0x62ee)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 21 21:40:54 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=FE4807A1F9723DFF43093B478381DD5270AE5D20
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:61:25:1a:e8:8d:c1:5f:05:d3:fe:2e:5b:12:
45:24:8d:99:9c:3e:f9:2f:bc:ad:d2:50:58:9d:d8:
8e:f4:cf:0c:34:1b:73:f8:24:03:79:0c:a6:91:30:
88:8c:eb:3e:b5:80:10:bb:7a:12:b8:ba:ac:33:30:
b1:1c:d7:85:90:1f:2a:9d:e8:5c:08:cf:82:58:71:
97:48:63:59:84:53:21:48:6d:dd:df:6b:9b:2d:05:
6e:14:03:a6:6f:17:13:f0:af:11:eb:97:71:84:f9:
18:03:31:cd:31:14:a5:dc:ad:16:fb:bd:9d:d0:41:
60:74:81:31:19:35:1f:cb:43:6b:77:1b:02:1c:b2:
b4:3b:83:90:ab:1f:fb:eb:73:8f:4d:a0:6c:fa:d3:
80:c2:c8:6d:3d:8e:c5:81:d7:09:5f:67:84:a1:63:
c7:61:94:a9:70:14:03:1e:27:71:1f:a7:1a:cc:e9:
c4:23:37:c6:48:a0:f1:ba:e5:e0:de:98:71:76:7e:
c5:b7:b3:d4:44:ec:fb:19:95:e5:f4:a4:16:95:65:
71:65:3f:5b:b0:00:17:11:c2:66:0f:fd:22:94:27:
c8:97:d2:42:02:ea:65:00:5e:59:e1:f5:aa:96:a1:
38:35:67:a7:d7:91:18:02:cb:c6:62:49:a9:1a:f1:
f1:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FE:48:07:A1:F9:72:3D:FF:43:09:3B:47:83:81:DD:52:70:AE:5D:20
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_kgHoflyPf9DCTtHg4HdUnCuXSA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
4d:9d:c2:1f:98:0a:13:f1:a9:83:14:7d:3e:cc:58:88:e6:b7:
ef:b6:44:2c:f7:72:8b:c7:c0:76:fa:de:77:79:7a:58:2b:c0:
13:9a:42:df:64:4f:f6:09:d8:2d:81:a6:d8:37:88:80:00:67:
e6:33:f9:d8:e2:70:74:45:bc:23:a3:59:53:50:c1:1b:c4:93:
b0:e9:e0:c7:fa:a5:66:d8:39:18:db:ee:e8:ad:42:5b:ae:77:
08:de:e4:36:5f:7b:95:12:dc:0b:b0:4b:05:c4:8b:68:fc:4a:
5c:6f:ad:97:fd:08:fd:cf:9d:ea:ef:cd:95:47:e2:03:05:c9:
84:96:7a:e3:cd:9c:cd:f8:df:df:4f:11:fb:18:2e:4d:41:39:
cf:ab:ae:8d:17:45:ba:12:7b:b7:73:f7:1a:60:09:b2:40:48:
72:b4:f8:ed:ee:6b:02:40:08:53:5e:75:bd:ed:76:48:28:eb:
43:2c:9d:5a:62:f1:68:ba:e5:3f:74:0a:5c:3b:e9:a3:06:d3:
d9:46:4e:40:a8:dd:bb:0c:2e:68:07:14:9c:7c:05:1c:5f:7f:
3f:ef:9a:09:58:a6:c1:09:77:c0:6f:23:e1:32:ad:5a:1e:d9:
04:d0:52:80:0a:02:e8:f1:95:37:4a:de:1d:d4:25:03:d3:1a:
da:06:27:7a
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYu4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjEy
MTQwNTRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEZFNDgwN0ExRjk3MjNE
RkY0MzA5M0I0NzgzODFERDUyNzBBRTVEMjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDYYSUa6I3BXwXT/i5bEkUkjZmcPvkvvK3SUFid2I70zww0G3P4
JAN5DKaRMIiM6z61gBC7ehK4uqwzMLEc14WQHyqd6FwIz4JYcZdIY1mEUyFIbd3f
a5stBW4UA6ZvFxPwrxHrl3GE+RgDMc0xFKXcrRb7vZ3QQWB0gTEZNR/LQ2t3GwIc
srQ7g5CrH/vrc49NoGz604DCyG09jsWB1wlfZ4ShY8dhlKlwFAMeJ3EfpxrM6cQj
N8ZIoPG65eDemHF2fsW3s9RE7PsZleX0pBaVZXFlP1uwABcRwmYP/SKUJ8iX0kIC
6mUAXlnh9aqWoTg1Z6fXkRgCy8ZiSaka8fFvAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU/kgHoflyPf9DCTtHg4HdUnCuXSAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L19rZ0hvZmx5UGY5RENU
dEhnNEhkVW5DdVhTQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBNncIf
mAoT8amDFH0+zFiI5rfvtkQs93KLx8B2+t53eXpYK8ATmkLfZE/2CdgtgabYN4iA
AGfmM/nY4nB0Rbwjo1lTUMEbxJOw6eDH+qVm2DkY2+7orUJbrncI3uQ2X3uVEtwL
sEsFxIto/Epcb62X/Qj9z53q782VR+IDBcmElnrjzZzN+N/fTxH7GC5NQTnPq66N
F0W6Enu3c/caYAmyQEhytPjt7msCQAhTXnW97XZIKOtDLJ1aYvFouuU/dApcO+mj
BtPZRk5AqN27DC5oBxScfAUcX38/75oJWKbBCXfAbyPhMq1aHtkE0FKACgLo8ZU3
St4d1CUD0xraBid6
-----END CERTIFICATE-----
Generated at Fri Jun 20 22:47:56 2025 by rpki-client