Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/fTuQEaR427rzJeuhhrD7wYYj7ps.roa
File: fTuQEaR427rzJeuhhrD7wYYj7ps.roa (raw, json)
Hash identifier: zcpz49yfDgq6DKFTg0N7emjxftTBTMGL9mvwS4ZzgBw=
Subject key identifier: 7D:3B:90:11:A4:78:DB:BA:F3:25:EB:A1:86:B0:FB:C1:86:23:EE:9B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6B9E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fTuQEaR427rzJeuhhrD7wYYj7ps.roa
Signing time: Sat 14 Jun 2025 01:42:20 +0000
ROA not before: Sat 14 Jun 2025 01:42:20 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27550 (0x6b9e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 14 01:42:20 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=7D3B9011A478DBBAF325EBA186B0FBC18623EE9B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:f4:17:a1:96:8e:2d:3e:3f:21:76:a6:69:09:
bc:58:9f:38:73:15:33:d5:41:11:d5:f1:cf:6d:8d:
56:15:4b:f8:15:10:88:81:3e:40:94:7b:a1:63:b4:
e2:73:2b:cc:0b:d8:a5:32:54:46:91:c0:1c:00:06:
a1:4d:c2:a7:ab:cc:63:c6:f0:38:c4:55:36:db:ab:
84:af:2c:3d:ac:27:94:e5:d8:bd:0e:79:6a:08:4b:
32:ad:87:52:a2:91:a7:8b:97:65:22:97:8e:56:6c:
fb:4e:cb:8f:68:54:d1:60:f4:2a:83:6c:13:4f:ac:
7f:a8:b7:11:33:da:67:c6:84:10:2d:75:ae:b3:e3:
46:6e:ff:3c:1c:d6:4e:36:3b:be:6c:f4:c1:a6:0d:
3b:88:f4:ad:5d:ea:63:2b:43:d0:76:50:1b:d6:e7:
ee:1a:2e:ff:69:8c:b8:67:2e:11:c6:66:8a:9c:f2:
06:2e:85:1d:68:5e:c5:ff:51:58:04:74:81:87:0a:
e1:03:d3:df:3c:f7:65:ad:c3:cb:fc:eb:90:bd:73:
e9:cb:1e:ee:c4:d2:5c:b5:9d:da:e6:48:4d:f7:d0:
45:ed:4c:36:8c:e4:6d:f5:55:64:de:92:ea:94:a0:
27:b9:2b:68:61:7b:cc:be:93:d8:16:0c:ce:c0:2a:
65:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:3B:90:11:A4:78:DB:BA:F3:25:EB:A1:86:B0:FB:C1:86:23:EE:9B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fTuQEaR427rzJeuhhrD7wYYj7ps.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
06:0c:ac:45:94:34:0f:66:19:7b:46:49:3e:85:c2:4a:01:26:
de:55:e3:3e:7a:06:ed:b8:f2:35:35:45:30:62:bf:c0:a1:db:
0f:48:71:e8:46:b5:c7:0a:bd:06:03:9c:88:cf:81:96:bd:f0:
cc:5f:97:92:3b:22:1f:98:a6:11:e7:4e:52:41:7b:b4:bd:73:
23:1c:1e:ec:3f:93:9b:ff:96:d9:ee:46:81:eb:3b:62:2f:fe:
d6:08:63:86:91:84:2c:2b:94:80:84:98:f8:dc:a1:eb:b7:6f:
ca:c2:27:40:e4:be:02:55:3b:d0:f6:85:9d:1b:a2:03:67:7c:
3e:8c:6b:33:4e:c3:ea:d0:ad:74:da:12:34:03:df:51:4e:eb:
fe:d3:95:7f:b9:97:19:b5:c7:bc:d1:22:df:e6:50:7c:3c:cc:
ae:12:98:fb:a9:e0:56:33:9d:b8:86:3f:13:da:9d:d6:3a:14:
91:a5:2c:09:1b:f2:a0:cb:a3:b0:86:e8:ad:83:1b:8a:fa:ce:
74:fa:32:ce:b7:c8:c4:8c:80:6f:01:12:46:02:af:a0:47:e9:
e9:6e:ed:3a:a9:13:84:2a:f5:93:ca:4b:e4:6e:3a:ee:b2:02:
71:a6:e5:bd:1e:a4:d2:44:85:74:54:8f:26:98:25:56:d1:f2:
8b:f5:e5:bd
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICa54wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTQw
MTQyMjBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDdEM0I5MDExQTQ3OERC
QkFGMzI1RUJBMTg2QjBGQkMxODYyM0VFOUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDh9Behlo4tPj8hdqZpCbxYnzhzFTPVQRHV8c9tjVYVS/gVEIiB
PkCUe6FjtOJzK8wL2KUyVEaRwBwABqFNwqerzGPG8DjEVTbbq4SvLD2sJ5Tl2L0O
eWoISzKth1KikaeLl2Uil45WbPtOy49oVNFg9CqDbBNPrH+otxEz2mfGhBAtda6z
40Zu/zwc1k42O75s9MGmDTuI9K1d6mMrQ9B2UBvW5+4aLv9pjLhnLhHGZoqc8gYu
hR1oXsX/UVgEdIGHCuED098892Wtw8v865C9c+nLHu7E0ly1ndrmSE330EXtTDaM
5G31VWTekuqUoCe5K2hhe8y+k9gWDM7AKmV3AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUfTuQEaR427rzJeuhhrD7wYYj7pswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2ZUdVFFYVI0Mjdyekpl
dWhockQ3d1lZajdwcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAGDKxF
lDQPZhl7Rkk+hcJKASbeVeM+egbtuPI1NUUwYr/AodsPSHHoRrXHCr0GA5yIz4GW
vfDMX5eSOyIfmKYR505SQXu0vXMjHB7sP5Ob/5bZ7kaB6ztiL/7WCGOGkYQsK5SA
hJj43KHrt2/KwidA5L4CVTvQ9oWdG6IDZ3w+jGszTsPq0K102hI0A99RTuv+05V/
uZcZtce80SLf5lB8PMyuEpj7qeBWM524hj8T2p3WOhSRpSwJG/Kgy6OwhuitgxuK
+s50+jLOt8jEjIBvARJGAq+gR+npbu06qROEKvWTykvkbjrusgJxpuW9HqTSRIV0
VI8mmCVW0fKL9eW9
-----END CERTIFICATE-----
Generated at Sun Jun 22 05:30:46 2025 by rpki-client