Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/F46G29Is51UvBVePoMtHQaeVwRA.roa
File: F46G29Is51UvBVePoMtHQaeVwRA.roa (raw, json)
Hash identifier: ddkibBOl7jx2pa4iaoSBzwvtbJRq+LcWa0KWOZBGudU=
Subject key identifier: 17:8E:86:DB:D2:2C:E7:55:2F:05:57:8F:A0:CB:47:41:A7:95:C1:10
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 67EE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/F46G29Is51UvBVePoMtHQaeVwRA.roa
Signing time: Wed 04 Jun 2025 05:41:57 +0000
ROA not before: Wed 04 Jun 2025 05:41:57 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26606 (0x67ee)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 4 05:41:57 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=178E86DBD22CE7552F05578FA0CB4741A795C110
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:e9:08:d9:86:c6:07:61:54:da:c4:ce:e4:4c:
ee:77:40:43:67:b9:60:dc:65:e6:a3:cd:53:04:fc:
8d:59:85:b8:67:e5:6c:2d:93:8f:4e:51:f6:7c:53:
ac:a8:7d:56:42:cf:b9:fe:76:e4:64:83:9d:22:d6:
2c:89:af:88:21:1e:8a:8a:72:21:23:75:8d:cd:3c:
4e:9f:68:98:f2:4e:1a:39:32:a1:65:21:ed:27:6e:
6b:80:52:d9:78:97:34:63:80:b0:1f:4c:49:3a:70:
69:d2:75:9d:3e:23:36:8e:b0:29:76:11:76:d2:01:
52:6b:57:d3:6c:b3:71:17:bc:48:46:a6:cb:c5:8d:
38:99:12:ce:f8:08:b1:23:d6:07:2d:82:fb:1a:f5:
a8:e6:27:6d:f0:59:6e:2b:76:e4:b4:87:dc:11:b7:
77:77:37:7c:5f:2a:29:9a:88:05:7a:ec:ac:77:36:
7c:b6:a6:7b:f9:33:8a:a7:0e:01:7b:07:ab:8e:1a:
28:d2:69:3b:13:1b:7a:74:29:a0:6b:69:57:ea:2d:
05:e7:74:44:b0:32:2d:9f:46:31:0d:23:2e:39:cb:
45:e9:52:e3:fd:4c:9b:b2:17:d4:35:2a:23:34:b9:
fa:50:65:2c:14:4a:91:46:26:c0:98:f2:ee:db:4c:
e9:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
17:8E:86:DB:D2:2C:E7:55:2F:05:57:8F:A0:CB:47:41:A7:95:C1:10
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/F46G29Is51UvBVePoMtHQaeVwRA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
7b:91:2a:04:7c:51:db:72:9e:2a:f6:70:a8:a7:30:1c:67:bc:
82:0d:93:0d:3f:9b:b3:6b:c6:14:ec:aa:d9:ee:fb:94:6c:1f:
5b:a2:b1:2c:0b:83:b4:87:c1:de:2e:6e:19:4b:9d:1c:d6:cc:
d8:5c:86:7b:c4:df:a1:7a:db:d3:82:06:6d:5d:81:21:bd:2b:
d2:1b:1c:33:cf:4e:ed:c2:a6:22:5c:33:8f:bb:ae:0e:08:a0:
26:a3:3b:07:dd:da:57:8c:0f:52:c8:3a:03:d1:8c:27:76:8b:
23:50:30:0c:a8:80:a7:af:5c:e7:03:d3:5a:fa:5c:ba:dd:08:
d3:00:bc:37:bd:19:d3:88:eb:aa:99:bd:df:c9:8b:9d:f3:30:
e7:fe:0a:fe:c7:c7:f8:4f:3d:ba:07:29:7c:cb:9b:ff:e9:2f:
1f:68:4e:c0:85:f8:36:6d:c8:b6:2e:69:ce:78:9a:52:8b:b9:
4a:32:77:db:35:05:f7:83:b5:ad:63:3d:30:da:13:b3:43:de:
ed:60:52:29:97:ee:b6:e8:83:e7:d2:11:3e:f0:1a:41:ed:fb:
2e:f0:e5:06:95:6b:38:42:99:84:b3:cc:47:31:03:d2:62:31:
c3:4e:70:6e:f5:cb:dd:69:08:22:87:8a:18:05:f5:c7:b4:00:
ed:e5:d8:57
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZ+4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDQw
NTQxNTdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDE3OEU4NkRCRDIyQ0U3
NTUyRjA1NTc4RkEwQ0I0NzQxQTc5NUMxMTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC86QjZhsYHYVTaxM7kTO53QENnuWDcZeajzVME/I1Zhbhn5Wwt
k49OUfZ8U6yofVZCz7n+duRkg50i1iyJr4ghHoqKciEjdY3NPE6faJjyTho5MqFl
Ie0nbmuAUtl4lzRjgLAfTEk6cGnSdZ0+IzaOsCl2EXbSAVJrV9Nss3EXvEhGpsvF
jTiZEs74CLEj1gctgvsa9ajmJ23wWW4rduS0h9wRt3d3N3xfKimaiAV67Kx3Nny2
pnv5M4qnDgF7B6uOGijSaTsTG3p0KaBraVfqLQXndESwMi2fRjENIy45y0XpUuP9
TJuyF9Q1KiM0ufpQZSwUSpFGJsCY8u7bTOm3AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUF46G29Is51UvBVePoMtHQaeVwRAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0Y0NkcyOUlzNTFVdkJW
ZVBvTXRIUWFlVndSQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB7kSoE
fFHbcp4q9nCopzAcZ7yCDZMNP5uza8YU7KrZ7vuUbB9borEsC4O0h8HeLm4ZS50c
1szYXIZ7xN+hetvTggZtXYEhvSvSGxwzz07twqYiXDOPu64OCKAmozsH3dpXjA9S
yDoD0YwndosjUDAMqICnr1znA9Na+ly63QjTALw3vRnTiOuqmb3fyYud8zDn/gr+
x8f4Tz26Byl8y5v/6S8faE7Ahfg2bci2LmnOeJpSi7lKMnfbNQX3g7WtYz0w2hOz
Q97tYFIpl+626IPn0hE+8BpB7fsu8OUGlWs4QpmEs8xHMQPSYjHDTnBu9cvdaQgi
h4oYBfXHtADt5dhX
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:41:14 2025 by rpki-client