Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/KfPHfPe2v685hAzp_czGvJZpIgU.roa
File: KfPHfPe2v685hAzp_czGvJZpIgU.roa (raw, json)
Hash identifier: GCR63FdhXewyoXOjrABnPYmmoYtSKb7TKXLQpQ8aqeM=
Subject key identifier: 29:F3:C7:7C:F7:B6:BF:AF:39:84:0C:E9:FD:CC:C6:BC:96:69:22:05
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7322
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/KfPHfPe2v685hAzp_czGvJZpIgU.roa
Signing time: Fri 04 Jul 2025 08:14:57 +0000
ROA not before: Fri 04 Jul 2025 08:14:57 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29474 (0x7322)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 4 08:14:57 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=29F3C77CF7B6BFAF39840CE9FDCCC6BC96692205
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:7c:84:d4:9f:3f:9f:f1:a9:3b:49:10:12:8a:
a8:ae:60:d6:a1:1f:22:82:52:94:18:f2:79:36:9f:
3d:84:bd:94:37:ce:2e:67:f2:ed:91:11:0f:45:a0:
d3:e3:87:30:3c:6d:07:d9:e2:d2:b5:c2:50:23:6f:
60:65:f1:44:f4:96:17:f8:b0:e6:a5:d0:74:c6:aa:
7e:62:34:c2:6a:68:f2:4b:5e:f1:3a:0a:a5:81:bd:
89:82:89:c3:64:8a:96:b2:7f:8d:8c:18:23:16:c3:
fc:d6:62:c5:98:d2:ef:0a:1c:80:ab:57:8f:3b:50:
1c:33:17:28:f0:65:f9:a2:bc:f4:76:ff:52:4d:65:
15:1c:79:dd:fa:60:54:af:90:0b:a4:96:b3:71:05:
65:8d:a0:dd:a5:b3:9a:0c:61:2b:ce:8a:17:f7:1a:
9b:11:c1:26:6a:a3:4c:30:52:26:47:7a:dc:57:a2:
4f:ce:c5:b0:87:21:8b:6a:a0:d9:3b:c2:52:73:52:
3f:aa:0b:39:98:67:f9:cf:db:f6:31:40:2c:16:e5:
96:98:1f:31:81:3f:ac:87:c0:e2:01:1c:d6:78:42:
b2:5c:c0:55:d6:31:a7:82:55:ea:c3:26:3c:64:6d:
3a:36:af:6c:4b:de:b6:46:b5:2a:95:f9:62:0c:0b:
71:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:F3:C7:7C:F7:B6:BF:AF:39:84:0C:E9:FD:CC:C6:BC:96:69:22:05
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/KfPHfPe2v685hAzp_czGvJZpIgU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
7b:ba:fb:96:ca:ea:31:29:2b:93:55:be:1c:96:fb:88:51:00:
29:58:91:ab:53:02:50:01:02:4e:a7:5a:67:da:b3:55:55:a6:
75:de:5b:ca:47:57:f0:9a:06:cf:97:7a:dd:21:5d:8a:c0:58:
c8:cd:78:bf:16:7d:9a:48:8f:a4:33:76:7e:ab:92:4d:48:e9:
2c:04:a5:ed:19:12:3f:bf:6e:58:4f:f8:be:c6:16:70:d7:1b:
60:58:45:da:4b:53:b1:dd:4e:8c:65:ec:52:50:9c:b4:3f:32:
15:6a:c9:c6:8e:9f:57:d9:9c:55:b0:29:9c:6b:f5:81:56:53:
2a:fd:19:58:6b:09:c4:73:f4:7b:5b:54:d6:c2:5a:4b:23:2c:
10:34:d5:31:95:2a:d4:2e:c3:f2:1c:a2:a1:f2:f4:b8:33:23:
45:5c:5f:3b:7a:ca:7c:72:4b:32:44:14:10:81:6b:2d:15:5d:
7d:c6:19:94:ca:26:ba:74:4d:a1:a5:08:ed:5c:a9:3e:58:07:
ce:8e:bc:51:c4:51:50:aa:e3:83:8e:72:ab:9e:24:7f:17:9c:
c0:70:50:45:0e:97:d2:25:4b:5c:17:c9:03:ec:e7:8c:ef:1e:
7b:75:9a:2e:65:d0:cf:84:97:5e:68:23:d1:e1:0c:72:54:34:
30:83:19:d4
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcyIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDQw
ODE0NTdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDI5RjNDNzdDRjdCNkJG
QUYzOTg0MENFOUZEQ0NDNkJDOTY2OTIyMDUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQChfITUnz+f8ak7SRASiqiuYNahHyKCUpQY8nk2nz2EvZQ3zi5n
8u2REQ9FoNPjhzA8bQfZ4tK1wlAjb2Bl8UT0lhf4sOal0HTGqn5iNMJqaPJLXvE6
CqWBvYmCicNkipayf42MGCMWw/zWYsWY0u8KHICrV487UBwzFyjwZfmivPR2/1JN
ZRUced36YFSvkAuklrNxBWWNoN2ls5oMYSvOihf3GpsRwSZqo0wwUiZHetxXok/O
xbCHIYtqoNk7wlJzUj+qCzmYZ/nP2/YxQCwW5ZaYHzGBP6yHwOIBHNZ4QrJcwFXW
MaeCVerDJjxkbTo2r2xL3rZGtSqV+WIMC3EvAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUKfPHfPe2v685hAzp/czGvJZpIgUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0tmUEhmUGUydjY4NWhB
enBfY3pHdkpacElnVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB7uvuW
yuoxKSuTVb4clvuIUQApWJGrUwJQAQJOp1pn2rNVVaZ13lvKR1fwmgbPl3rdIV2K
wFjIzXi/Fn2aSI+kM3Z+q5JNSOksBKXtGRI/v25YT/i+xhZw1xtgWEXaS1Ox3U6M
ZexSUJy0PzIVasnGjp9X2ZxVsCmca/WBVlMq/RlYawnEc/R7W1TWwlpLIywQNNUx
lSrULsPyHKKh8vS4MyNFXF87esp8cksyRBQQgWstFV19xhmUyia6dE2hpQjtXKk+
WAfOjrxRxFFQquODjnKrniR/F5zAcFBFDpfSJUtcF8kD7OeM7x57dZouZdDPhJde
aCPR4QxyVDQwgxnU
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:33:53 2025 by rpki-client