Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/7fR5F5aRXVvDRvpL13FvubANuDY.roa
File: 7fR5F5aRXVvDRvpL13FvubANuDY.roa (raw, json)
Hash identifier: MKh24rMChh2fwFTYFf8lsoBivGF8jFKPiQEMaSZwZI0=
Subject key identifier: ED:F4:79:17:96:91:5D:5B:C3:46:FA:4B:D7:71:6F:B9:B0:0D:B8:36
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 635C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/7fR5F5aRXVvDRvpL13FvubANuDY.roa
Signing time: Fri 23 May 2025 01:10:50 +0000
ROA not before: Fri 23 May 2025 01:10:50 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25436 (0x635c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 23 01:10:50 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=EDF4791796915D5BC346FA4BD7716FB9B00DB836
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:e1:61:2c:93:59:62:b3:b9:c3:67:bc:e4:77:
e8:f5:10:f7:a1:9c:6c:9c:62:1d:1a:85:8b:52:fa:
ae:83:73:61:8d:66:da:37:07:15:cc:08:cc:5c:b5:
2e:bc:fa:ba:51:5f:7b:dd:bb:3c:6c:ef:10:6d:91:
db:99:88:48:ff:39:c7:70:99:45:70:2e:fa:04:2e:
4b:1f:64:8d:6d:1a:40:07:3f:3f:dc:01:1f:af:24:
64:e2:99:e0:e5:08:55:c2:1a:24:f9:c4:4b:dd:77:
d2:e8:23:63:87:84:01:80:31:ae:71:b8:e5:ca:7b:
36:3d:25:34:c3:59:08:fc:00:d3:cb:68:69:53:61:
d3:a9:e8:ce:67:20:88:73:08:1a:9c:47:5f:48:f1:
7c:fe:95:49:e1:3f:3a:54:47:d1:90:75:c2:2c:76:
94:d1:df:81:15:1d:fa:bc:a2:23:3f:7c:fc:57:72:
b5:b5:30:4c:b0:b0:1e:ee:d5:90:cd:fd:e2:5b:18:
61:8d:4d:87:09:fe:bc:32:c8:f1:e2:e3:60:de:97:
6e:0e:33:70:6d:a4:d1:09:c1:4c:ed:9a:3f:f2:28:
75:42:f4:b5:eb:db:44:19:65:78:71:0f:9c:07:48:
67:ae:25:8f:cb:71:cd:10:e3:b9:56:45:8c:51:50:
03:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:F4:79:17:96:91:5D:5B:C3:46:FA:4B:D7:71:6F:B9:B0:0D:B8:36
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/7fR5F5aRXVvDRvpL13FvubANuDY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
21:8e:62:89:1f:00:a8:ca:99:bd:27:26:63:0a:e4:b7:98:71:
00:fe:08:db:42:81:16:23:35:df:eb:39:8d:9c:5d:a1:cb:10:
1d:82:69:2c:e2:42:5d:9a:62:e0:fa:93:38:03:76:6c:cd:d2:
2a:31:ad:b9:70:7f:3d:61:3a:2a:1d:7f:f2:19:c7:4c:bd:2a:
9f:2a:51:e1:14:aa:08:29:72:b0:5e:4f:f8:df:e2:d0:75:45:
24:6b:b7:d3:96:fb:a2:47:98:9a:b4:53:56:95:ae:41:3b:95:
c0:ae:f1:b5:7f:28:ba:82:ec:d5:4b:ec:ba:ee:31:e5:9b:43:
f4:8c:75:88:f4:dd:1e:bc:a0:5b:52:91:2f:dd:ad:2c:9e:65:
83:e2:63:44:d4:04:5f:5e:3f:59:ed:f4:b5:4d:6b:7f:9b:80:
63:9c:15:41:fc:4e:ef:dc:36:24:8c:78:c2:3c:6f:1c:d2:e6:
93:f6:4e:8d:bc:ff:b9:f6:5e:11:19:af:d2:b5:0b:24:14:8d:
8d:39:55:b6:54:62:cb:b8:f6:e5:73:8b:f4:30:64:66:81:c0:
83:33:16:e8:1e:b9:50:3a:5a:54:42:f1:da:6f:db:b5:ca:8e:
86:44:7e:d9:a2:de:17:55:1b:69:49:d9:a9:b2:fa:82:98:79:
75:9d:c3:e1
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICY1wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjMw
MTEwNTBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEVERjQ3OTE3OTY5MTVE
NUJDMzQ2RkE0QkQ3NzE2RkI5QjAwREI4MzYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDf4WEsk1lis7nDZ7zkd+j1EPehnGycYh0ahYtS+q6Dc2GNZto3
BxXMCMxctS68+rpRX3vduzxs7xBtkduZiEj/OcdwmUVwLvoELksfZI1tGkAHPz/c
AR+vJGTimeDlCFXCGiT5xEvdd9LoI2OHhAGAMa5xuOXKezY9JTTDWQj8ANPLaGlT
YdOp6M5nIIhzCBqcR19I8Xz+lUnhPzpUR9GQdcIsdpTR34EVHfq8oiM/fPxXcrW1
MEywsB7u1ZDN/eJbGGGNTYcJ/rwyyPHi42Del24OM3BtpNEJwUztmj/yKHVC9LXr
20QZZXhxD5wHSGeuJY/Lcc0Q47lWRYxRUAOdAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU7fR5F5aRXVvDRvpL13FvubANuDYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzdmUjVGNWFSWFZ2RFJ2
cEwxM0Z2dWJBTnVEWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAhjmKJ
HwCoypm9JyZjCuS3mHEA/gjbQoEWIzXf6zmNnF2hyxAdgmks4kJdmmLg+pM4A3Zs
zdIqMa25cH89YToqHX/yGcdMvSqfKlHhFKoIKXKwXk/43+LQdUUka7fTlvuiR5ia
tFNWla5BO5XArvG1fyi6guzVS+y67jHlm0P0jHWI9N0evKBbUpEv3a0snmWD4mNE
1ARfXj9Z7fS1TWt/m4BjnBVB/E7v3DYkjHjCPG8c0uaT9k6NvP+59l4RGa/StQsk
FI2NOVW2VGLLuPblc4v0MGRmgcCDMxboHrlQOlpUQvHab9u1yo6GRH7Zot4XVRtp
SdmpsvqCmHl1ncPh
-----END CERTIFICATE-----
Generated at Wed Jun 4 02:39:57 2025 by rpki-client