Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/SfzNGWT9oMerIhK1s4VUUB0Xhtg.roa
File: SfzNGWT9oMerIhK1s4VUUB0Xhtg.roa (raw, json)
Hash identifier: Zaa2MdHSouzWPs50XksqcDnUnFBBgSlYZwTeR46ppYk=
Subject key identifier: 49:FC:CD:19:64:FD:A0:C7:AB:22:12:B5:B3:85:54:50:1D:17:86:D8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 669E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/SfzNGWT9oMerIhK1s4VUUB0Xhtg.roa
Signing time: Sat 31 May 2025 17:42:46 +0000
ROA not before: Sat 31 May 2025 17:42:46 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26270 (0x669e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 31 17:42:46 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=49FCCD1964FDA0C7AB2212B5B38554501D1786D8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:3f:42:69:bc:22:dc:7f:3d:fe:1d:5f:5a:a6:
b2:50:89:3b:ef:5c:89:e6:65:77:15:93:be:4a:90:
75:d1:00:ba:69:80:f8:85:01:29:c5:e6:b1:4b:ca:
03:32:08:98:08:00:8f:56:6d:ff:57:56:b1:c3:e5:
5c:98:00:87:03:90:eb:7a:d4:f2:b0:33:6e:3f:9d:
40:56:fd:e8:78:3a:c7:b9:60:b3:3f:2c:de:2b:93:
8a:11:a4:18:8d:9a:2c:e6:98:ee:7d:fe:16:54:6c:
84:9a:e0:62:16:9d:36:2d:3b:29:58:29:8b:a7:46:
b7:2b:f2:73:91:62:3e:db:a1:df:8c:96:c8:a6:e7:
a0:47:22:32:75:e5:e3:e9:b1:81:96:00:5b:66:e2:
a9:c0:7a:70:33:a1:92:45:57:75:7f:cc:ca:2e:ba:
a1:e5:94:1e:fc:eb:5a:eb:80:f9:53:ee:1f:c1:6c:
fa:15:d2:40:c6:b9:09:26:c7:ed:47:e2:12:55:00:
7e:42:be:87:59:ff:cb:2b:50:66:93:6b:8b:6d:42:
98:fa:bb:f0:d9:6f:85:88:ed:b4:6b:61:7b:e5:ef:
3c:3c:9d:02:79:f6:13:49:ec:f8:81:6d:7a:36:29:
7a:62:81:71:bd:45:fc:08:16:bf:13:02:50:aa:e2:
63:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
49:FC:CD:19:64:FD:A0:C7:AB:22:12:B5:B3:85:54:50:1D:17:86:D8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/SfzNGWT9oMerIhK1s4VUUB0Xhtg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
60:93:67:6e:4f:6b:ca:ad:3a:f6:77:67:d7:39:07:f8:34:5a:
0b:d2:e8:50:e6:58:c6:26:1f:d0:2e:7d:24:fc:ca:6d:b8:93:
ae:5a:fe:ea:6d:ab:50:18:36:83:e9:90:d9:a0:c3:92:4a:22:
2c:75:a5:c5:3b:73:01:cc:9d:71:a4:24:dd:69:8d:46:fe:28:
bc:b6:46:16:c3:b6:ea:4b:82:67:e7:0c:fa:2d:ca:26:a3:ee:
27:c6:0d:91:e9:c2:3d:9c:7d:74:b4:73:3d:bc:c5:a7:bb:10:
5e:48:b9:23:b1:42:37:d1:72:b0:6a:a7:71:5f:6c:31:c7:c7:
a4:bb:d3:03:21:95:95:d8:e1:e0:13:f2:3b:46:95:81:84:a4:
7d:cd:65:d2:41:00:1d:6b:51:ce:2d:2f:44:ca:b4:3a:c6:39:
60:ad:90:ff:cb:33:0c:ac:98:32:fd:d7:52:d7:08:e5:bd:a2:
bb:87:4b:e2:06:ef:88:4e:1c:19:78:35:d0:b4:a1:db:aa:7d:
0e:68:03:60:95:1f:26:39:86:eb:ab:35:26:8e:73:af:a3:23:
4e:da:54:08:14:45:39:8c:9d:98:ed:45:8b:03:39:d4:4c:cc:
9f:25:7e:8f:93:d2:67:5d:81:1a:94:b5:95:fe:89:99:a0:3c:
1f:e2:7d:48
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZp4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MzEx
NzQyNDZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDQ5RkNDRDE5NjRGREEw
QzdBQjIyMTJCNUIzODU1NDUwMUQxNzg2RDgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/P0JpvCLcfz3+HV9aprJQiTvvXInmZXcVk75KkHXRALppgPiF
ASnF5rFLygMyCJgIAI9Wbf9XVrHD5VyYAIcDkOt61PKwM24/nUBW/eh4Ose5YLM/
LN4rk4oRpBiNmizmmO59/hZUbISa4GIWnTYtOylYKYunRrcr8nORYj7bod+Mlsim
56BHIjJ15ePpsYGWAFtm4qnAenAzoZJFV3V/zMouuqHllB7861rrgPlT7h/BbPoV
0kDGuQkmx+1H4hJVAH5CvodZ/8srUGaTa4ttQpj6u/DZb4WI7bRrYXvl7zw8nQJ5
9hNJ7PiBbXo2KXpigXG9RfwIFr8TAlCq4mPvAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUSfzNGWT9oMerIhK1s4VUUB0XhtgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1Nmek5HV1Q5b01lcklo
SzFzNFZVVUIwWGh0Zy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBgk2du
T2vKrTr2d2fXOQf4NFoL0uhQ5ljGJh/QLn0k/MptuJOuWv7qbatQGDaD6ZDZoMOS
SiIsdaXFO3MBzJ1xpCTdaY1G/ii8tkYWw7bqS4Jn5wz6Lcomo+4nxg2R6cI9nH10
tHM9vMWnuxBeSLkjsUI30XKwaqdxX2wxx8eku9MDIZWV2OHgE/I7RpWBhKR9zWXS
QQAda1HOLS9EyrQ6xjlgrZD/yzMMrJgy/ddS1wjlvaK7h0viBu+IThwZeDXQtKHb
qn0OaANglR8mOYbrqzUmjnOvoyNO2lQIFEU5jJ2Y7UWLAznUTMyfJX6Pk9JnXYEa
lLWV/omZoDwf4n1I
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:06:13 2025 by rpki-client