Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/8_FD5brmWpgmqG3QM4fM6HZpbbU.roa
File: 8_FD5brmWpgmqG3QM4fM6HZpbbU.roa (raw, json)
Hash identifier: 4hFf1HXEYt02mGShEZNk9bXlrzOnhHrmC/WleDrnIMg=
Subject key identifier: F3:F1:43:E5:BA:E6:5A:98:26:A8:6D:D0:33:87:CC:E8:76:69:6D:B5
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 764A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8_FD5brmWpgmqG3QM4fM6HZpbbU.roa
Signing time: Sat 12 Jul 2025 18:41:43 +0000
ROA not before: Sat 12 Jul 2025 18:41:43 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30282 (0x764a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 12 18:41:43 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=F3F143E5BAE65A9826A86DD03387CCE876696DB5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:d3:1a:16:1c:8b:43:9e:4a:6b:80:d4:ea:9f:
58:33:8d:8e:06:0a:e7:d1:41:35:fc:d1:30:02:7a:
dd:3d:e7:08:28:e4:70:13:bc:19:f8:84:85:0b:2c:
04:de:83:a3:94:93:65:ba:8b:75:42:e3:f0:b4:a8:
7d:d6:4c:5f:71:07:c2:96:98:f3:34:15:b1:60:96:
14:27:4b:20:45:55:7f:d6:c3:c3:28:55:08:9b:ad:
af:16:59:13:b9:34:09:da:08:69:76:fc:7b:c9:56:
cb:fb:63:e8:5c:1d:3f:3f:7c:83:0c:a5:8c:e7:45:
3a:49:1c:34:06:5e:ea:27:9c:b2:7a:10:ff:1e:6a:
6e:7d:e4:fb:07:70:c4:f5:80:e8:30:2d:c7:df:b7:
c8:bb:86:dd:2f:b9:f8:db:08:28:99:7e:e5:46:5e:
e2:ca:43:9d:67:85:35:f5:e4:00:f8:8c:d6:3f:b7:
03:67:00:1c:eb:b5:29:76:68:50:f2:1a:46:3c:2a:
65:5e:b7:eb:39:7e:aa:32:dd:1a:a2:a2:b3:5d:c3:
80:75:1c:b7:f7:50:d1:e5:ac:58:da:67:0a:a6:74:
26:2b:9b:b0:f5:d9:84:66:ac:e4:7f:a8:f7:e5:6f:
47:0f:db:a9:46:e8:5f:af:06:f4:62:c9:62:e9:89:
b8:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:F1:43:E5:BA:E6:5A:98:26:A8:6D:D0:33:87:CC:E8:76:69:6D:B5
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8_FD5brmWpgmqG3QM4fM6HZpbbU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
31:9f:c0:d5:07:e3:4f:0e:b8:78:1b:d0:b4:c4:f6:23:b3:e6:
37:df:81:b3:07:52:c8:19:3b:9f:2c:fc:c6:af:33:0f:4d:12:
2e:e9:08:6d:1f:4c:e9:93:98:1d:a0:36:8d:40:25:81:b5:d4:
68:a4:cd:e0:a4:4e:51:b7:f2:cb:e8:95:ad:12:42:90:ff:40:
e7:89:58:98:a4:a5:7a:fd:b7:a2:96:cd:63:bc:21:40:b1:91:
52:02:75:71:d5:c0:8b:19:fc:ce:98:5c:cc:99:1c:f7:b0:b1:
15:04:38:a7:8a:a5:11:34:cd:4a:5b:16:af:47:eb:89:f0:fe:
2b:56:0a:b4:ef:04:7c:4e:d9:c1:bd:ad:e4:4e:86:e2:6d:0b:
9c:1b:34:51:de:f3:58:e1:46:e8:c9:a5:fb:83:d8:d6:12:2f:
a6:4c:3b:bb:71:ba:bd:9b:49:e7:33:49:0b:84:bd:7c:f2:83:
15:7e:dd:26:3d:ca:20:39:4c:21:f0:12:57:d7:c8:d5:f9:35:
1e:e1:f6:b1:1b:02:59:2c:9f:c8:dc:08:7c:f0:27:28:b6:23:
60:d5:31:f8:d3:e1:f4:08:19:07:54:72:a5:b2:2d:53:ae:63:
4b:3a:38:07:f8:2e:5c:81:e3:0b:05:80:08:51:39:aa:5e:0e:
38:47:63:91
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdkowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTIx
ODQxNDNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEYzRjE0M0U1QkFFNjVB
OTgyNkE4NkREMDMzODdDQ0U4NzY2OTZEQjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDO0xoWHItDnkprgNTqn1gzjY4GCufRQTX80TACet095wgo5HAT
vBn4hIULLATeg6OUk2W6i3VC4/C0qH3WTF9xB8KWmPM0FbFglhQnSyBFVX/Ww8Mo
VQibra8WWRO5NAnaCGl2/HvJVsv7Y+hcHT8/fIMMpYznRTpJHDQGXuonnLJ6EP8e
am595PsHcMT1gOgwLcfft8i7ht0vufjbCCiZfuVGXuLKQ51nhTX15AD4jNY/twNn
ABzrtSl2aFDyGkY8KmVet+s5fqoy3RqiorNdw4B1HLf3UNHlrFjaZwqmdCYrm7D1
2YRmrOR/qPflb0cP26lG6F+vBvRiyWLpibgFAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU8/FD5brmWpgmqG3QM4fM6HZpbbUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzhfRkQ1YnJtV3BnbXFH
M1FNNGZNNkhacGJiVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAxn8DV
B+NPDrh4G9C0xPYjs+Y334GzB1LIGTufLPzGrzMPTRIu6QhtH0zpk5gdoDaNQCWB
tdRopM3gpE5Rt/LL6JWtEkKQ/0DniViYpKV6/beils1jvCFAsZFSAnVx1cCLGfzO
mFzMmRz3sLEVBDiniqURNM1KWxavR+uJ8P4rVgq07wR8TtnBva3kTobibQucGzRR
3vNY4UboyaX7g9jWEi+mTDu7cbq9m0nnM0kLhL188oMVft0mPcogOUwh8BJX18jV
+TUe4faxGwJZLJ/I3Ah88CcotiNg1TH40+H0CBkHVHKlsi1TrmNLOjgH+C5cgeML
BYAIUTmqXg44R2OR
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:32:06 2025 by rpki-client