Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/f3JUKflfOEXEG2XVNTLJ2hgZEJg.roa
File: f3JUKflfOEXEG2XVNTLJ2hgZEJg.roa (raw, json)
Hash identifier: RtFZcO3EEcRlYQQOONpFGQKPFsZLkTF5fvthX+0ZkPQ=
Subject key identifier: 7F:72:54:29:F9:5F:38:45:C4:1B:65:D5:35:32:C9:DA:18:19:10:98
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6AA2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/f3JUKflfOEXEG2XVNTLJ2hgZEJg.roa
Signing time: Wed 11 Jun 2025 10:42:18 +0000
ROA not before: Wed 11 Jun 2025 10:42:18 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27298 (0x6aa2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 11 10:42:18 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=7F725429F95F3845C41B65D53532C9DA18191098
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:0d:27:c9:6f:aa:1e:e8:0f:d1:23:0b:b9:20:
87:b6:3b:20:85:6b:f6:33:7b:11:0b:80:d5:08:e9:
ab:b7:4e:1f:a4:19:41:f9:6c:31:0e:fb:3f:33:7a:
de:b6:63:f2:7e:9a:f0:04:47:9d:cd:5a:5e:f4:3f:
73:19:0e:ac:9a:ea:11:83:92:47:e0:eb:d0:d2:8f:
98:63:c8:b9:05:80:9f:91:3e:af:07:32:67:33:8f:
60:b8:6f:85:bc:ac:91:f1:30:f0:7e:96:14:5c:16:
4c:84:f6:65:43:45:0d:51:32:ff:81:d9:d3:86:af:
77:a1:0b:46:52:bf:79:09:68:a8:c2:25:1c:8b:d1:
cc:9d:0c:3c:c5:fa:0a:29:fd:be:40:c5:5b:ee:20:
3e:a7:36:21:18:98:f0:bc:e8:91:eb:64:e6:3f:f5:
70:4f:6f:18:b9:b2:5a:f9:7d:95:c0:cf:0c:88:85:
88:0b:cf:c4:7e:75:9f:68:54:0f:4d:4c:55:5a:0a:
6d:b0:26:37:02:a7:9a:ee:8e:63:fb:88:9f:31:96:
64:ff:3f:ac:ad:b4:4d:20:d2:11:12:b3:af:55:e7:
4a:74:a7:d7:3e:af:23:b3:7d:e9:37:e1:7a:1e:96:
d4:bd:5d:bd:80:1c:0a:1a:f2:86:b7:25:9b:73:a4:
0a:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:72:54:29:F9:5F:38:45:C4:1B:65:D5:35:32:C9:DA:18:19:10:98
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/f3JUKflfOEXEG2XVNTLJ2hgZEJg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
01:c3:b9:76:74:54:17:0d:d6:ee:31:01:9b:b6:fa:fe:2c:0b:
a6:42:40:ab:d5:a6:63:e5:92:7a:e6:22:7a:09:12:31:62:77:
24:ca:08:f9:cb:c3:70:65:23:b4:a7:a7:02:0b:0a:49:a2:f6:
9d:f5:3b:d2:9f:76:cd:7a:80:52:67:39:b2:50:4c:71:ba:11:
a2:3d:71:49:14:14:cf:a2:f9:b7:4f:6f:77:ca:c8:ea:f6:78:
49:33:c3:89:63:54:5c:3a:a4:02:b5:f0:69:ff:44:1d:2c:04:
e5:81:ef:44:60:f5:a5:7f:58:33:24:72:c1:46:b8:5a:9d:4f:
7f:fb:04:ce:17:f0:8a:10:79:c4:e4:71:27:7d:df:90:45:8b:
5c:24:89:5d:2e:e5:90:59:d1:1d:48:11:37:9e:49:5e:95:f4:
27:8e:8d:b6:0a:ee:20:37:05:3d:8b:8b:ef:ba:b3:5b:67:96:
4a:55:91:e6:92:45:bf:ec:66:63:cb:0b:40:40:2c:16:41:29:
1f:af:6f:9c:f6:1c:bc:d6:0c:cb:b2:cc:ac:1d:89:2c:fb:6e:
ed:b1:d9:ea:b0:e4:8d:75:0c:26:a9:29:e8:59:64:9d:98:7b:
c2:2f:90:b8:54:ed:6e:ee:05:f3:51:33:a2:f4:81:1a:d5:5e:
18:14:26:4b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICaqIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTEx
MDQyMThaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDdGNzI1NDI5Rjk1RjM4
NDVDNDFCNjVENTM1MzJDOURBMTgxOTEwOTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC8DSfJb6oe6A/RIwu5IIe2OyCFa/YzexELgNUI6au3Th+kGUH5
bDEO+z8zet62Y/J+mvAER53NWl70P3MZDqya6hGDkkfg69DSj5hjyLkFgJ+RPq8H
Mmczj2C4b4W8rJHxMPB+lhRcFkyE9mVDRQ1RMv+B2dOGr3ehC0ZSv3kJaKjCJRyL
0cydDDzF+gop/b5AxVvuID6nNiEYmPC86JHrZOY/9XBPbxi5slr5fZXAzwyIhYgL
z8R+dZ9oVA9NTFVaCm2wJjcCp5rujmP7iJ8xlmT/P6yttE0g0hESs69V50p0p9c+
ryOzfek34XoeltS9Xb2AHAoa8oa3JZtzpArHAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUf3JUKflfOEXEG2XVNTLJ2hgZEJgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2YzSlVLZmxmT0VYRUcy
WFZOVExKMmhnWkVKZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQABw7l2
dFQXDdbuMQGbtvr+LAumQkCr1aZj5ZJ65iJ6CRIxYnckygj5y8NwZSO0p6cCCwpJ
ovad9TvSn3bNeoBSZzmyUExxuhGiPXFJFBTPovm3T293ysjq9nhJM8OJY1RcOqQC
tfBp/0QdLATlge9EYPWlf1gzJHLBRrhanU9/+wTOF/CKEHnE5HEnfd+QRYtcJIld
LuWQWdEdSBE3nklelfQnjo22Cu4gNwU9i4vvurNbZ5ZKVZHmkkW/7GZjywtAQCwW
QSkfr2+c9hy81gzLssysHYks+27tsdnqsOSNdQwmqSnoWWSdmHvCL5C4VO1u7gXz
UTOi9IEa1V4YFCZL
-----END CERTIFICATE-----
Generated at Sun Jun 22 07:45:47 2025 by rpki-client