Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/8feUWQV1sHsLHVmcE6d5gidNPSs.roa
File: 8feUWQV1sHsLHVmcE6d5gidNPSs.roa (raw, json)
Hash identifier: fVg2wNq4ytOF3YDNuwMviLInQEwjUV/13zltuessg9k=
Subject key identifier: F1:F7:94:59:05:75:B0:7B:0B:1D:59:9C:13:A7:79:82:27:4D:3D:2B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5FCC
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8feUWQV1sHsLHVmcE6d5gidNPSs.roa
Signing time: Tue 13 May 2025 13:10:21 +0000
ROA not before: Tue 13 May 2025 13:10:21 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24524 (0x5fcc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 13 13:10:21 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=F1F794590575B07B0B1D599C13A77982274D3D2B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:d1:04:8e:30:ea:3e:a4:b3:db:44:b5:8b:f3:
d9:ac:ec:c0:a2:3c:19:ab:6b:b5:72:29:e2:80:51:
e5:93:8f:c1:30:f6:21:cd:2a:4d:0b:ad:26:26:a3:
e4:93:5c:2d:6c:ac:1a:79:7c:02:a0:56:d4:35:8f:
96:e7:92:84:4f:e1:98:e1:12:2f:dc:42:d3:ae:47:
97:15:05:e2:dd:72:50:9c:ca:80:da:43:fc:c4:c8:
96:2a:d6:2c:84:a2:3a:af:c1:41:ff:da:f5:65:24:
35:cc:33:12:63:0e:d5:1c:25:a6:40:74:3f:ab:ff:
7a:0f:23:d7:63:2f:9a:aa:20:c2:e9:62:0c:9b:c1:
36:0c:8c:08:8d:bb:f9:0e:7a:95:0b:0d:49:27:6c:
22:aa:4a:0d:16:c3:7b:4a:41:33:27:9e:65:15:72:
e0:5c:a2:0a:4f:00:3e:4a:37:85:3f:be:03:94:6b:
89:1e:34:a0:8f:98:62:a3:de:cb:5b:47:bd:c9:96:
95:15:d4:76:b3:20:ef:c4:c4:51:c7:0a:d2:b3:4a:
00:b6:25:de:b6:de:34:d3:d8:36:ea:97:22:f9:97:
1f:53:43:43:64:52:7e:4e:cc:6b:e8:e0:f8:71:e7:
5f:40:73:6b:99:74:23:35:c4:3a:35:35:ac:f5:bc:
fb:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:F7:94:59:05:75:B0:7B:0B:1D:59:9C:13:A7:79:82:27:4D:3D:2B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8feUWQV1sHsLHVmcE6d5gidNPSs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
80:8f:25:bd:82:4b:c6:2e:23:c4:20:33:b1:c5:00:5d:81:d9:
b0:b5:62:64:33:8d:81:c0:39:ae:20:a4:bc:24:f1:ab:c6:12:
ea:7b:c8:96:08:c6:49:0c:c0:47:b8:c5:ee:42:d4:34:00:22:
e0:92:d3:71:63:0e:b5:59:7f:5b:8a:42:66:d9:ef:19:dd:5a:
5f:e1:66:86:f5:d6:a1:4b:a7:bc:4c:7b:7f:0d:05:81:30:2f:
bb:a3:3f:da:f8:fa:db:87:da:2e:5d:59:18:8d:41:ff:80:b7:
fa:e4:a6:de:c0:7b:5f:fc:df:92:91:29:75:90:56:83:3d:e9:
4f:e4:6c:df:32:70:74:8e:4e:65:12:4b:86:83:c1:66:13:ad:
34:d7:4f:5c:d8:8d:5d:05:12:80:e8:ed:7d:57:9b:55:b1:ce:
b4:49:09:3f:65:80:25:67:12:c1:73:17:15:29:bb:45:c3:44:
1b:34:54:4f:fa:f8:16:7d:41:99:71:70:fb:db:c5:f8:be:c9:
7d:af:7f:13:10:c5:56:88:3b:7d:4b:38:7a:bd:27:f9:b5:32:
76:a8:7e:01:97:ac:f1:d6:e3:60:5c:eb:31:49:fd:c7:32:43:
16:3f:f9:28:71:ba:ce:f8:6a:97:37:53:b6:e2:63:68:59:b7:
8e:99:31:34
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICX8wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTMx
MzEwMjFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEYxRjc5NDU5MDU3NUIw
N0IwQjFENTk5QzEzQTc3OTgyMjc0RDNEMkIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCr0QSOMOo+pLPbRLWL89ms7MCiPBmra7VyKeKAUeWTj8Ew9iHN
Kk0LrSYmo+STXC1srBp5fAKgVtQ1j5bnkoRP4ZjhEi/cQtOuR5cVBeLdclCcyoDa
Q/zEyJYq1iyEojqvwUH/2vVlJDXMMxJjDtUcJaZAdD+r/3oPI9djL5qqIMLpYgyb
wTYMjAiNu/kOepULDUknbCKqSg0Ww3tKQTMnnmUVcuBcogpPAD5KN4U/vgOUa4ke
NKCPmGKj3stbR73JlpUV1HazIO/ExFHHCtKzSgC2Jd623jTT2DbqlyL5lx9TQ0Nk
Un5OzGvo4Phx519Ac2uZdCM1xDo1Naz1vPttAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU8feUWQV1sHsLHVmcE6d5gidNPSswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzhmZVVXUVYxc0hzTEhW
bWNFNmQ1Z2lkTlBTcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCAjyW9
gkvGLiPEIDOxxQBdgdmwtWJkM42BwDmuIKS8JPGrxhLqe8iWCMZJDMBHuMXuQtQ0
ACLgktNxYw61WX9bikJm2e8Z3Vpf4WaG9dahS6e8THt/DQWBMC+7oz/a+Prbh9ou
XVkYjUH/gLf65KbewHtf/N+SkSl1kFaDPelP5GzfMnB0jk5lEkuGg8FmE600109c
2I1dBRKA6O19V5tVsc60SQk/ZYAlZxLBcxcVKbtFw0QbNFRP+vgWfUGZcXD728X4
vsl9r38TEMVWiDt9Szh6vSf5tTJ2qH4Bl6zx1uNgXOsxSf3HMkMWP/kocbrO+GqX
N1O24mNoWbeOmTE0
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:56:49 2025 by rpki-client