Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/FfPpju5uhnLwtiNPrqXwn79IHSo.roa
File: FfPpju5uhnLwtiNPrqXwn79IHSo.roa (raw, json)
Hash identifier: CtwyMmoFDLVvpZj/hiGJMEKh6gmnPHjDGy/CMANRnOY=
Subject key identifier: 15:F3:E9:8E:EE:6E:86:72:F0:B6:23:4F:AE:A5:F0:9F:BF:48:1D:2A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 70B6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/FfPpju5uhnLwtiNPrqXwn79IHSo.roa
Signing time: Fri 27 Jun 2025 21:14:36 +0000
ROA not before: Fri 27 Jun 2025 21:14:36 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28854 (0x70b6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 27 21:14:36 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=15F3E98EEE6E8672F0B6234FAEA5F09FBF481D2A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:fe:58:89:42:59:74:ba:10:35:5f:8d:36:d6:
8a:9a:7a:97:d0:41:f0:b2:17:08:1e:af:a6:80:36:
73:03:14:f1:fb:27:f4:8d:67:b9:3b:62:4e:d1:5d:
50:3a:ba:e8:08:98:e9:8c:f4:d7:56:81:53:15:87:
e6:4e:04:0e:78:e3:8a:55:df:09:03:f5:2f:d8:3d:
c0:dc:60:a1:47:41:68:a8:f4:53:df:f9:e4:d0:03:
0a:2f:c3:a7:0f:63:45:8e:53:33:41:d4:66:18:a0:
bc:bf:e1:8a:8a:f0:47:7a:3f:ae:94:a2:b9:d7:bf:
b4:c0:96:ed:8f:ef:a3:a7:4c:91:e8:57:ac:d8:ef:
98:26:67:9a:fa:ab:b5:70:10:f1:03:8c:ad:a3:74:
a7:42:73:cf:ee:f8:c8:f9:1f:06:ba:25:98:a1:96:
8f:6c:a5:03:5f:65:c1:e8:93:31:29:d3:4e:b8:c5:
38:50:23:94:3d:2a:df:62:c9:7e:15:bd:91:bc:0c:
a1:fe:12:fd:0f:5d:c8:da:e3:9d:4b:e7:1c:2b:f0:
60:f5:de:6f:fd:89:a3:51:fb:b0:7d:21:cc:37:dd:
8a:af:94:50:24:25:05:6c:06:d8:dc:90:f3:38:bb:
ce:ee:d5:e7:4b:65:5a:95:3a:d0:1b:d9:6c:a8:0b:
f7:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
15:F3:E9:8E:EE:6E:86:72:F0:B6:23:4F:AE:A5:F0:9F:BF:48:1D:2A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/FfPpju5uhnLwtiNPrqXwn79IHSo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
94:6e:0c:6c:a4:94:00:22:50:0a:97:d9:ff:80:ed:19:9f:fa:
df:1a:bf:80:eb:71:ec:c6:91:9c:55:97:c5:18:03:6f:52:b0:
9b:e1:78:9e:a4:e2:4a:9e:5a:4a:56:d3:30:24:4f:28:46:1c:
2f:f3:33:8c:e1:2c:ae:ff:b1:26:7c:28:86:5a:7c:cd:4a:4e:
2b:10:69:91:60:ee:b1:41:86:96:ff:fc:42:31:ee:31:d1:ae:
e4:fe:3d:ea:96:5c:29:eb:2d:b1:d1:8c:f9:53:c9:6f:c6:7d:
c3:c5:9c:af:c8:89:39:16:64:8b:46:95:e2:ae:b3:cb:30:78:
f8:c4:95:ca:80:d0:de:43:82:45:c3:58:9a:f0:a5:91:1a:75:
09:62:41:92:8b:35:a4:8c:61:2b:f7:eb:d9:b0:ca:ef:46:ed:
44:97:de:db:4a:67:f4:5f:14:5d:19:6b:53:33:bd:a9:94:ae:
13:d4:ec:ec:4b:07:16:95:76:29:9d:0d:7d:de:f5:4d:01:8d:
1c:6e:1b:fb:a8:dd:0c:a0:8f:8b:5e:b8:ca:fe:c0:c7:80:7c:
c3:05:56:75:bf:37:56:f2:7c:d8:9c:f6:c6:a0:09:35:8a:78:
d6:4f:44:08:a6:60:dd:bc:03:73:60:9b:88:9a:a5:2d:6f:1e:
0d:86:ce:bd
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcLYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2Mjcy
MTE0MzZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDE1RjNFOThFRUU2RTg2
NzJGMEI2MjM0RkFFQTVGMDlGQkY0ODFEMkEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDS/liJQll0uhA1X4021oqaepfQQfCyFwger6aANnMDFPH7J/SN
Z7k7Yk7RXVA6uugImOmM9NdWgVMVh+ZOBA5444pV3wkD9S/YPcDcYKFHQWio9FPf
+eTQAwovw6cPY0WOUzNB1GYYoLy/4YqK8Ed6P66UornXv7TAlu2P76OnTJHoV6zY
75gmZ5r6q7VwEPEDjK2jdKdCc8/u+Mj5Hwa6JZihlo9spQNfZcHokzEp0064xThQ
I5Q9Kt9iyX4VvZG8DKH+Ev0PXcja451L5xwr8GD13m/9iaNR+7B9Icw33YqvlFAk
JQVsBtjckPM4u87u1edLZVqVOtAb2WyoC/cNAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUFfPpju5uhnLwtiNPrqXwn79IHSowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0ZmUHBqdTV1aG5Md3Rp
TlBycVh3bjc5SUhTby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCUbgxs
pJQAIlAKl9n/gO0Zn/rfGr+A63HsxpGcVZfFGANvUrCb4XiepOJKnlpKVtMwJE8o
Rhwv8zOM4Syu/7EmfCiGWnzNSk4rEGmRYO6xQYaW//xCMe4x0a7k/j3qllwp6y2x
0Yz5U8lvxn3DxZyvyIk5FmSLRpXirrPLMHj4xJXKgNDeQ4JFw1ia8KWRGnUJYkGS
izWkjGEr9+vZsMrvRu1El97bSmf0XxRdGWtTM72plK4T1OzsSwcWlXYpnQ193vVN
AY0cbhv7qN0MoI+LXrjK/sDHgHzDBVZ1vzdW8nzYnPbGoAk1injWT0QIpmDdvANz
YJuImqUtbx4Nhs69
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:55:45 2025 by rpki-client