Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/FSVKQEseQGPFku6gaa5wd0zBdO0.roa
File: FSVKQEseQGPFku6gaa5wd0zBdO0.roa (raw, json)
Hash identifier: fphwJ4yzoCjoCC14Gvodg5bGeKyBsuhIwoC5ScAU3h8=
Subject key identifier: 15:25:4A:40:4B:1E:40:63:C5:92:EE:A0:69:AE:70:77:4C:C1:74:ED
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 749C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/FSVKQEseQGPFku6gaa5wd0zBdO0.roa
Signing time: Tue 08 Jul 2025 06:44:59 +0000
ROA not before: Tue 08 Jul 2025 06:44:59 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29852 (0x749c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 8 06:44:59 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=15254A404B1E4063C592EEA069AE70774CC174ED
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:ea:f2:04:93:9d:2d:b0:5d:a7:4d:41:75:5a:
a1:80:b2:c3:ae:1c:9e:bc:8e:f7:e5:44:b0:e5:f9:
4b:bd:53:88:3a:e3:00:7b:92:d6:04:68:38:36:37:
40:f9:8e:6f:e9:42:0a:93:93:c4:ff:36:61:70:b6:
81:3f:2d:a1:af:2f:74:26:04:e8:60:30:4e:f4:46:
32:b7:c1:9e:57:03:86:15:45:3a:bc:e0:7a:67:e9:
79:7e:a7:db:34:6d:ba:3d:cb:83:e7:a0:c7:7f:9f:
b1:ba:a3:92:e3:39:45:0b:fa:23:60:29:6f:82:14:
07:5b:09:07:82:38:df:2f:fe:25:e7:c4:3d:5f:2d:
9a:01:bd:3f:b2:02:54:88:bc:55:38:d8:4c:0f:72:
e5:4c:5e:54:b3:6c:a5:ac:b1:f7:02:b6:9c:1d:bf:
74:5c:bd:79:e7:d5:d2:cc:9f:e7:80:b9:85:df:d2:
3b:45:06:b6:61:bd:0f:db:c8:9e:40:89:2d:49:c9:
f6:28:4e:65:9b:d8:ed:1f:3e:f1:cb:64:d3:24:07:
78:a6:d5:ee:bd:58:d2:b5:2a:0b:69:08:5c:11:64:
bb:6d:6d:e7:e2:10:f2:4b:28:87:c1:82:ca:eb:98:
d2:9d:77:f7:96:37:66:55:a6:f8:97:50:88:a5:01:
99:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
15:25:4A:40:4B:1E:40:63:C5:92:EE:A0:69:AE:70:77:4C:C1:74:ED
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/FSVKQEseQGPFku6gaa5wd0zBdO0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
17:66:d8:47:77:af:29:f6:b2:27:4a:b2:f6:bb:c5:cb:70:c9:
47:70:03:57:78:33:ec:ef:e5:f6:3a:c2:52:9a:27:99:0e:0d:
61:65:80:0a:12:e6:70:14:28:b7:2b:07:19:f9:d8:3f:c2:06:
35:7a:8f:f2:dc:3d:f5:18:f6:b5:dc:4a:7a:4a:88:38:45:95:
bd:d9:31:08:9d:a0:13:e7:2c:28:2f:4d:b6:ee:4e:96:60:fc:
96:c5:19:59:e7:e6:c9:d0:ac:ed:3a:87:d0:72:ca:2e:0b:f5:
b4:25:a6:e9:59:d1:1e:5f:51:81:25:31:db:33:99:c1:11:29:
86:7d:9c:53:4f:8d:c0:75:fd:a0:63:11:f3:49:4c:4f:23:b2:
f5:7e:3c:f8:95:73:6b:40:89:cf:fc:a0:5d:0e:85:56:39:9e:
9c:7a:21:be:96:36:62:21:08:ad:02:56:31:d8:c1:10:c6:f5:
a6:43:98:fe:dd:13:cc:77:32:be:86:ae:7a:b5:8f:7f:cf:e3:
98:64:e4:0c:b1:e0:8e:f9:c2:3d:41:cd:ff:ee:6a:57:42:1d:
a1:c1:69:49:a2:75:15:d0:8d:fd:68:0d:81:ad:3e:dd:62:e8:
0d:03:83:c3:12:e2:80:cc:23:23:87:16:23:48:31:dc:a4:0b:
12:e5:61:92
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdJwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDgw
NjQ0NTlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDE1MjU0QTQwNEIxRTQw
NjNDNTkyRUVBMDY5QUU3MDc3NENDMTc0RUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDm6vIEk50tsF2nTUF1WqGAssOuHJ68jvflRLDl+Uu9U4g64wB7
ktYEaDg2N0D5jm/pQgqTk8T/NmFwtoE/LaGvL3QmBOhgME70RjK3wZ5XA4YVRTq8
4Hpn6Xl+p9s0bbo9y4PnoMd/n7G6o5LjOUUL+iNgKW+CFAdbCQeCON8v/iXnxD1f
LZoBvT+yAlSIvFU42EwPcuVMXlSzbKWssfcCtpwdv3RcvXnn1dLMn+eAuYXf0jtF
BrZhvQ/byJ5AiS1JyfYoTmWb2O0fPvHLZNMkB3im1e69WNK1KgtpCFwRZLttbefi
EPJLKIfBgsrrmNKdd/eWN2ZVpviXUIilAZkTAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUFSVKQEseQGPFku6gaa5wd0zBdO0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0ZTVktRRXNlUUdQRmt1
NmdhYTV3ZDB6QmRPMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAXZthH
d68p9rInSrL2u8XLcMlHcANXeDPs7+X2OsJSmieZDg1hZYAKEuZwFCi3KwcZ+dg/
wgY1eo/y3D31GPa13Ep6Sog4RZW92TEInaAT5ywoL0227k6WYPyWxRlZ5+bJ0Kzt
OofQcsouC/W0JabpWdEeX1GBJTHbM5nBESmGfZxTT43Adf2gYxHzSUxPI7L1fjz4
lXNrQInP/KBdDoVWOZ6ceiG+ljZiIQitAlYx2MEQxvWmQ5j+3RPMdzK+hq56tY9/
z+OYZOQMseCO+cI9Qc3/7mpXQh2hwWlJonUV0I39aA2BrT7dYugNA4PDEuKAzCMj
hxYjSDHcpAsS5WGS
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:44:07 2025 by rpki-client