Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/F1YNo9MAnC1JFwBdFBt1QwiQ7ww.roa
File: F1YNo9MAnC1JFwBdFBt1QwiQ7ww.roa (raw, json)
Hash identifier: rEtMRc5QJJrUH8pZ0OLJ0D6/ag1hXmed13OvaJEYt80=
Subject key identifier: 17:56:0D:A3:D3:00:9C:2D:49:17:00:5D:14:1B:75:43:08:90:EF:0C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 723C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/F1YNo9MAnC1JFwBdFBt1QwiQ7ww.roa
Signing time: Tue 01 Jul 2025 22:44:44 +0000
ROA not before: Tue 01 Jul 2025 22:44:44 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29244 (0x723c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 1 22:44:44 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=17560DA3D3009C2D4917005D141B75430890EF0C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:57:23:8b:bf:fd:bd:e9:b2:dc:5e:60:f5:bd:
22:c5:16:93:8c:bf:02:d5:22:fb:de:0b:97:d6:d7:
99:d6:50:29:ff:e8:69:5c:41:52:a0:95:39:37:9f:
83:06:20:02:54:87:b2:77:13:65:c2:8b:42:2e:f1:
66:20:84:79:91:5b:5d:d7:ef:df:fa:47:60:8c:c2:
24:85:22:ef:af:59:c9:ba:75:33:83:e5:78:92:6f:
5f:8f:67:02:34:81:0a:b5:22:31:ed:f1:d4:75:98:
69:4f:fb:34:9c:eb:81:ec:c1:53:e9:47:5d:5e:45:
ac:46:76:8a:74:24:b0:f9:62:6e:5c:00:47:d8:11:
bf:ac:63:d7:07:27:a8:a0:8d:89:69:6e:e3:67:b0:
70:b9:95:f6:0c:38:47:af:3b:8b:81:b2:5d:b0:c9:
d3:db:3c:62:f9:5c:92:d9:4e:0a:6d:08:bd:be:a9:
84:c9:05:9c:f5:fb:4f:ae:94:1c:41:ba:92:40:2c:
de:00:9c:28:08:6f:ec:74:03:59:66:07:f2:b9:01:
52:9f:9f:a1:76:7d:b9:58:62:89:78:88:e7:a7:15:
a9:38:b4:92:03:0a:de:23:01:b6:8d:ad:b6:f6:d4:
e6:1a:05:90:b1:82:b3:b4:fc:03:90:71:0a:8a:07:
2e:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
17:56:0D:A3:D3:00:9C:2D:49:17:00:5D:14:1B:75:43:08:90:EF:0C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/F1YNo9MAnC1JFwBdFBt1QwiQ7ww.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
6c:af:81:8f:f0:4c:f5:f5:d3:2b:20:d7:aa:fe:1e:c5:a4:15:
e6:77:bd:f7:9f:d5:bf:3a:78:ce:91:38:c3:c8:c3:ef:54:bc:
03:11:bd:8e:b9:2d:4f:2f:27:5b:22:4d:34:cf:ea:93:84:e8:
27:45:24:0d:cd:7b:0c:88:9e:4d:75:52:cb:b4:c4:86:98:6d:
22:da:4c:4a:65:f1:b5:d8:f4:a8:6f:8e:fa:a7:95:33:7f:b0:
50:b2:18:90:5d:80:e5:c7:8e:54:c3:e5:c5:e4:58:a1:ba:10:
cc:38:89:3f:fa:bc:06:50:d1:c0:ac:98:86:1e:e4:a1:2b:76:
16:be:d5:57:c3:b4:1f:e1:22:13:33:80:7a:19:de:7b:61:6e:
a5:f0:ce:ca:25:b3:47:04:da:09:f9:aa:d5:fc:67:fc:37:dc:
c7:50:f6:6a:7d:88:a9:8d:eb:76:bd:c2:71:5b:ae:21:20:7b:
6c:8c:3e:10:fa:53:b2:03:ab:73:f2:e5:6a:4d:79:2d:85:53:
2b:12:c3:80:09:b3:e5:76:99:4e:1a:26:5d:e2:23:0b:db:00:
fa:84:98:27:99:50:99:60:50:cd:0e:dc:e8:aa:7a:3f:7f:df:
4d:8a:af:84:f9:57:bf:4c:39:6b:f9:2f:0d:5a:2e:a3:1c:87:
02:df:71:8a
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcjwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDEy
MjQ0NDRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDE3NTYwREEzRDMwMDlD
MkQ0OTE3MDA1RDE0MUI3NTQzMDg5MEVGMEMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDbVyOLv/296bLcXmD1vSLFFpOMvwLVIvveC5fW15nWUCn/6Glc
QVKglTk3n4MGIAJUh7J3E2XCi0Iu8WYghHmRW13X79/6R2CMwiSFIu+vWcm6dTOD
5XiSb1+PZwI0gQq1IjHt8dR1mGlP+zSc64HswVPpR11eRaxGdop0JLD5Ym5cAEfY
Eb+sY9cHJ6igjYlpbuNnsHC5lfYMOEevO4uBsl2wydPbPGL5XJLZTgptCL2+qYTJ
BZz1+0+ulBxBupJALN4AnCgIb+x0A1lmB/K5AVKfn6F2fblYYol4iOenFak4tJID
Ct4jAbaNrbb21OYaBZCxgrO0/AOQcQqKBy41AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUF1YNo9MAnC1JFwBdFBt1QwiQ7wwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0YxWU5vOU1BbkMxSkZ3
QmRGQnQxUXdpUTd3dy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBsr4GP
8Ez19dMrINeq/h7FpBXmd733n9W/OnjOkTjDyMPvVLwDEb2OuS1PLydbIk00z+qT
hOgnRSQNzXsMiJ5NdVLLtMSGmG0i2kxKZfG12PSob476p5Uzf7BQshiQXYDlx45U
w+XF5FihuhDMOIk/+rwGUNHArJiGHuShK3YWvtVXw7Qf4SITM4B6Gd57YW6l8M7K
JbNHBNoJ+arV/Gf8N9zHUPZqfYipjet2vcJxW64hIHtsjD4Q+lOyA6tz8uVqTXkt
hVMrEsOACbPldplOGiZd4iML2wD6hJgnmVCZYFDNDtzoqno/f99Niq+E+Ve/TDlr
+S8NWi6jHIcC33GK
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:53:14 2025 by rpki-client