Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/tfR48CNGMMzSzjyGOPAv2Ca9hm8.roa
File: tfR48CNGMMzSzjyGOPAv2Ca9hm8.roa (raw, json)
Hash identifier: M2GlBa55qsSUcBGqJiLt7XuwLsjYLlJBK1BwCEf4/WM=
Subject key identifier: B5:F4:78:F0:23:46:30:CC:D2:CE:3C:86:38:F0:2F:D8:26:BD:86:6F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 66A0
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tfR48CNGMMzSzjyGOPAv2Ca9hm8.roa
Signing time: Sat 31 May 2025 18:11:34 +0000
ROA not before: Sat 31 May 2025 18:11:34 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26272 (0x66a0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 31 18:11:34 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B5F478F0234630CCD2CE3C8638F02FD826BD866F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:75:b2:11:3c:88:84:ae:e5:30:f9:4f:ed:f7:
25:bf:41:6f:97:c3:6c:91:c6:6d:62:8d:2b:03:2e:
d8:92:ff:ab:76:aa:c8:cb:23:e0:00:21:12:c1:3a:
c2:c7:70:35:c0:30:3b:bb:68:89:f8:52:cf:7e:0a:
c6:ef:43:3f:51:fe:86:00:99:28:48:e8:06:68:23:
7b:78:1b:53:b8:fb:8d:77:ae:a3:1b:82:91:87:c3:
62:26:93:10:20:31:7c:d1:3b:1a:a5:77:f2:1d:c2:
28:ff:91:8d:f2:c7:42:36:48:f5:83:bb:97:46:b6:
96:5c:b2:7a:be:1b:24:5a:a7:f4:d1:bc:44:6e:85:
d0:26:cb:0c:0a:09:3a:e0:54:8f:43:77:40:c0:af:
30:2c:06:4a:83:d9:d8:fd:c1:53:f4:05:06:e5:46:
8b:67:fb:b4:30:b1:6d:5f:21:94:be:af:01:51:9c:
e6:7b:e0:49:47:32:77:13:82:4b:03:60:b4:a8:ba:
72:50:af:97:2b:b7:bf:46:a7:45:49:4e:38:fb:96:
40:87:49:07:3b:b9:bc:59:d1:56:cc:cb:4b:96:dd:
dd:e0:fa:b8:65:1e:a4:df:32:a0:36:05:1b:80:f6:
c7:70:b6:7f:aa:7e:42:e6:e7:02:2e:0f:51:81:c6:
1a:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:F4:78:F0:23:46:30:CC:D2:CE:3C:86:38:F0:2F:D8:26:BD:86:6F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tfR48CNGMMzSzjyGOPAv2Ca9hm8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
8f:f8:26:ff:ab:3c:06:c3:10:b1:e8:a0:d2:32:7d:13:64:20:
41:89:18:ab:12:c2:79:98:3f:d8:ca:8a:e2:ef:85:e1:b7:9c:
38:fc:4d:f7:6a:10:95:31:31:a5:5d:e9:64:8d:e0:2a:11:a8:
c7:fb:88:55:06:65:56:32:9d:be:06:c7:39:13:c3:b6:38:e0:
9d:5f:ee:cc:4a:17:a1:1a:c8:dc:98:0c:37:0e:86:85:e6:5f:
0a:4f:30:39:b0:18:10:14:f1:c9:2d:ce:18:1b:21:3e:7f:71:
5e:29:f4:6c:e3:2d:18:7d:fc:fb:0e:f6:e2:bf:a0:82:dd:46:
f3:fc:1a:e4:4c:ad:b1:5c:c6:3e:2c:a0:02:10:93:fc:20:97:
d1:e5:27:b0:ff:d0:29:f0:28:b5:60:47:cc:cb:36:b2:a8:dc:
03:19:9a:d7:ca:28:ea:19:58:9a:bc:18:ac:66:fd:dc:67:5e:
a4:74:80:3e:05:37:76:8c:ad:ee:a1:98:6b:c4:a9:46:55:aa:
ba:76:b6:c3:ad:5f:ba:60:fc:c1:f7:ce:de:17:b0:17:1f:fa:
6c:f9:89:e7:ca:4d:94:b1:98:e8:cd:2c:ba:a9:43:3e:9c:ac:
57:13:d2:ce:ef:65:75:94:22:4b:40:40:5d:ad:82:3a:52:d7:
5b:bf:ee:71
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZqAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MzEx
ODExMzRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEI1RjQ3OEYwMjM0NjMw
Q0NEMkNFM0M4NjM4RjAyRkQ4MjZCRDg2NkYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDBdbIRPIiEruUw+U/t9yW/QW+Xw2yRxm1ijSsDLtiS/6t2qsjL
I+AAIRLBOsLHcDXAMDu7aIn4Us9+CsbvQz9R/oYAmShI6AZoI3t4G1O4+413rqMb
gpGHw2ImkxAgMXzROxqld/Idwij/kY3yx0I2SPWDu5dGtpZcsnq+GyRap/TRvERu
hdAmywwKCTrgVI9Dd0DArzAsBkqD2dj9wVP0BQblRotn+7QwsW1fIZS+rwFRnOZ7
4ElHMncTgksDYLSounJQr5crt79Gp0VJTjj7lkCHSQc7ubxZ0VbMy0uW3d3g+rhl
HqTfMqA2BRuA9sdwtn+qfkLm5wIuD1GBxhp5AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUtfR48CNGMMzSzjyGOPAv2Ca9hm8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3RmUjQ4Q05HTU16U3pq
eUdPUEF2MkNhOWhtOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCP+Cb/
qzwGwxCx6KDSMn0TZCBBiRirEsJ5mD/Yyori74Xht5w4/E33ahCVMTGlXelkjeAq
EajH+4hVBmVWMp2+Bsc5E8O2OOCdX+7MShehGsjcmAw3DoaF5l8KTzA5sBgQFPHJ
Lc4YGyE+f3FeKfRs4y0Yffz7Dvbiv6CC3Ubz/BrkTK2xXMY+LKACEJP8IJfR5Sew
/9Ap8Ci1YEfMyzayqNwDGZrXyijqGViavBisZv3cZ16kdIA+BTd2jK3uoZhrxKlG
Vaq6drbDrV+6YPzB987eF7AXH/ps+Ynnyk2UsZjozSy6qUM+nKxXE9LO72V1lCJL
QEBdrYI6Utdbv+5x
-----END CERTIFICATE-----
Generated at Sat Jun 21 11:20:07 2025 by rpki-client