Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/FnSVsNNnJKpjGvWjegQcmWZh35c.roa
File: FnSVsNNnJKpjGvWjegQcmWZh35c.roa (raw, json)
Hash identifier: kUyCIw4booYG7xfTbl6wC8KGtgbwbezf4VG/U5fRwII=
Subject key identifier: 16:74:95:B0:D3:67:24:AA:63:1A:F5:A3:7A:04:1C:99:66:61:DF:97
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7538
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/FnSVsNNnJKpjGvWjegQcmWZh35c.roa
Signing time: Wed 09 Jul 2025 21:45:23 +0000
ROA not before: Wed 09 Jul 2025 21:45:23 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30008 (0x7538)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 9 21:45:23 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=167495B0D36724AA631AF5A37A041C996661DF97
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:ec:98:f0:76:5f:7e:1b:25:56:e1:a0:7e:8a:
a7:b1:6c:92:d6:d3:af:8f:d9:18:51:e1:a3:5b:2d:
de:1e:ba:cc:d6:ef:bd:72:45:3f:45:1b:92:ea:92:
7f:18:09:3a:d4:9f:9d:37:98:86:9c:e2:11:80:03:
e2:de:18:29:0a:b8:1d:43:66:72:ce:5e:66:d7:93:
42:bd:df:04:9b:55:f8:19:a7:d3:86:e3:19:b1:61:
f7:5c:30:32:cd:6c:8b:cb:af:55:0e:a9:67:2a:ed:
3d:ea:c5:52:74:fa:35:80:cf:f0:28:df:f3:12:33:
49:ff:5e:78:eb:95:a5:4a:3f:70:a2:74:1f:2c:f3:
b3:da:02:d5:97:53:6d:8f:3d:47:34:9d:71:bd:2e:
ed:a7:70:a9:19:27:75:88:e3:7b:f1:f3:55:59:ab:
20:3e:e1:0a:c2:a5:9d:f5:92:29:03:67:ed:4e:a3:
a0:81:4b:40:0d:5f:9b:8a:e1:31:1b:dd:20:69:0d:
51:69:e8:67:3e:9b:02:24:e2:39:7e:ae:77:82:a8:
ef:4d:53:67:c2:7a:b9:7a:fe:68:97:b5:0d:17:ac:
24:66:b3:f1:55:1b:f0:68:3a:a5:00:b6:ea:44:5b:
df:3f:05:a8:fa:b3:c6:57:85:6c:82:e6:2d:c1:c9:
0e:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:74:95:B0:D3:67:24:AA:63:1A:F5:A3:7A:04:1C:99:66:61:DF:97
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/FnSVsNNnJKpjGvWjegQcmWZh35c.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
4c:7a:0b:6a:3b:21:8f:8e:31:5b:ee:73:d8:23:3c:a1:1b:a3:
1b:22:1d:e8:2e:b1:b1:6c:b1:46:ee:0e:5f:66:34:65:12:28:
c9:2c:f4:f4:8c:8d:d8:d2:8c:27:c2:86:fa:a5:c5:30:54:fc:
52:fa:f9:d2:bb:b7:1c:c5:7a:3e:b2:84:c4:97:eb:e2:74:49:
34:21:88:6b:f4:1d:5a:ed:c7:51:16:8e:84:0f:86:09:a4:04:
d1:8c:5e:36:16:85:da:de:6e:8a:9d:0e:dc:63:e2:36:24:6b:
4d:72:64:0a:7c:28:d8:e8:86:0e:36:9c:d2:38:38:41:44:f3:
23:bf:ea:95:ff:e5:ca:d9:fa:07:fb:49:25:f6:ff:ed:b6:80:
d3:fa:50:6b:66:9a:43:42:02:5a:f4:ab:0d:74:13:b8:53:32:
ed:1a:e1:ac:43:cd:28:7d:5c:44:79:65:e2:b3:38:81:f9:f5:
17:bf:f6:3b:f8:34:2c:e2:84:ef:00:3a:4d:32:3b:31:fe:0f:
f7:03:28:9b:61:22:b6:51:72:dc:c4:d7:5d:84:91:86:45:73:
b0:dd:77:42:a6:59:c0:52:99:47:bf:0b:d5:00:f4:3b:75:d3:
41:40:30:26:68:63:af:db:74:8f:b6:2d:7a:f9:43:2b:87:56:
16:05:d3:9d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdTgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDky
MTQ1MjNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDE2NzQ5NUIwRDM2NzI0
QUE2MzFBRjVBMzdBMDQxQzk5NjY2MURGOTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDB7Jjwdl9+GyVW4aB+iqexbJLW06+P2RhR4aNbLd4euszW771y
RT9FG5Lqkn8YCTrUn503mIac4hGAA+LeGCkKuB1DZnLOXmbXk0K93wSbVfgZp9OG
4xmxYfdcMDLNbIvLr1UOqWcq7T3qxVJ0+jWAz/Ao3/MSM0n/XnjrlaVKP3CidB8s
87PaAtWXU22PPUc0nXG9Lu2ncKkZJ3WI43vx81VZqyA+4QrCpZ31kikDZ+1Oo6CB
S0ANX5uK4TEb3SBpDVFp6Gc+mwIk4jl+rneCqO9NU2fCerl6/miXtQ0XrCRms/FV
G/BoOqUAtupEW98/Baj6s8ZXhWyC5i3ByQ7TAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUFnSVsNNnJKpjGvWjegQcmWZh35cwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0ZuU1ZzTk5uSktwakd2
V2plZ1FjbVdaaDM1Yy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBMegtq
OyGPjjFb7nPYIzyhG6MbIh3oLrGxbLFG7g5fZjRlEijJLPT0jI3Y0ownwob6pcUw
VPxS+vnSu7ccxXo+soTEl+vidEk0IYhr9B1a7cdRFo6ED4YJpATRjF42FoXa3m6K
nQ7cY+I2JGtNcmQKfCjY6IYONpzSODhBRPMjv+qV/+XK2foH+0kl9v/ttoDT+lBr
ZppDQgJa9KsNdBO4UzLtGuGsQ80ofVxEeWXisziB+fUXv/Y7+DQs4oTvADpNMjsx
/g/3AyibYSK2UXLcxNddhJGGRXOw3XdCplnAUplHvwvVAPQ7ddNBQDAmaGOv23SP
ti16+UMrh1YWBdOd
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:38:43 2025 by rpki-client