Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/bFkTAIdvSHtw4enpp4JgL2xYI0g.roa
File: bFkTAIdvSHtw4enpp4JgL2xYI0g.roa (raw, json)
Hash identifier: 8X8XNt/FfGBe1islyNvS2lcGRZlpkpx8eEONwIG84iI=
Subject key identifier: 6C:59:13:00:87:6F:48:7B:70:E1:E9:E9:A7:82:60:2F:6C:58:23:48
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7294
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/bFkTAIdvSHtw4enpp4JgL2xYI0g.roa
Signing time: Wed 02 Jul 2025 20:44:54 +0000
ROA not before: Wed 02 Jul 2025 20:44:54 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29332 (0x7294)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 2 20:44:54 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=6C591300876F487B70E1E9E9A782602F6C582348
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:fc:51:96:1d:91:ac:df:90:82:37:f5:f9:4b:
4f:a5:f0:fb:3a:5a:6a:66:ea:88:ab:25:e6:f6:e7:
ff:c2:16:f4:8c:3e:a2:eb:88:af:df:25:d0:72:e7:
1f:d1:0d:51:4b:17:5f:b3:d6:7d:63:e1:fb:5e:89:
47:b1:30:11:a2:ed:2e:db:46:fc:ea:37:ff:33:9e:
ad:9b:8d:08:56:43:0f:1c:42:14:9d:21:7e:82:b1:
95:0d:b9:82:f3:d4:46:7e:98:da:c4:af:f8:72:b3:
8e:f7:a2:4a:7c:b8:8e:a7:27:50:fb:b1:6e:60:b7:
1c:60:4e:5d:5a:2d:46:22:33:09:71:84:38:39:cf:
70:38:47:f3:d1:8f:62:a4:f0:2c:30:4d:14:42:65:
4f:2e:da:8f:30:b6:48:2e:71:1d:50:ee:64:c1:66:
be:ca:fe:0e:8a:a4:8e:95:c8:89:a6:e0:63:03:54:
3e:cd:d3:aa:cf:3b:27:af:27:00:56:3d:39:3f:1f:
dc:7a:3e:db:5f:a7:ae:e7:4e:ce:ab:86:4c:bf:c2:
10:d4:c3:e7:b8:7e:27:e6:73:96:52:4c:bc:10:93:
13:7e:43:da:e8:fb:c0:5f:fb:ca:b9:db:4b:cf:d5:
00:2c:79:9c:bb:6c:e1:ea:be:3a:66:74:3e:61:3f:
df:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:59:13:00:87:6F:48:7B:70:E1:E9:E9:A7:82:60:2F:6C:58:23:48
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/bFkTAIdvSHtw4enpp4JgL2xYI0g.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
3b:3c:4f:0e:e5:1e:b4:ab:61:f8:3f:5d:39:05:04:d4:76:8c:
26:19:bd:35:71:71:22:e1:30:11:dc:5b:0b:2c:c9:eb:c9:7c:
39:89:85:a7:da:5b:35:0c:ab:b6:3b:06:0c:1a:57:a0:95:0d:
76:35:c1:ce:42:fb:f8:bd:af:5c:e9:98:10:b5:8a:02:06:be:
ff:a3:2c:58:80:8b:61:a2:73:35:52:5c:9c:a8:f8:d2:28:a9:
fc:d0:fb:77:13:fc:2d:af:7c:84:75:c5:f9:95:c1:29:8a:62:
8f:3b:ce:2f:d8:85:13:03:22:8e:6f:87:b0:e9:01:67:3c:43:
45:06:01:20:b9:b1:49:5e:d7:70:1c:d2:e3:13:64:47:af:5d:
09:de:7c:2d:68:d5:d9:03:84:24:ad:8a:ab:e9:8f:0f:a3:fe:
88:07:95:a9:26:a9:a1:af:77:9f:11:c9:7b:9f:00:7c:e4:2f:
f4:0b:87:a1:05:54:5f:fd:e2:21:60:00:29:65:2d:8c:c0:dc:
5f:9d:01:b4:31:85:62:7a:79:56:cb:63:20:be:fb:c6:45:83:
76:41:b3:d7:14:cb:4b:fc:6f:3a:13:68:bd:b9:78:9a:6f:e7:
cb:aa:53:55:9a:fe:c6:58:50:43:60:2b:ba:af:33:7a:52:fe:
87:14:c1:35
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcpQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDIy
MDQ0NTRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDZDNTkxMzAwODc2RjQ4
N0I3MEUxRTlFOUE3ODI2MDJGNkM1ODIzNDgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCw/FGWHZGs35CCN/X5S0+l8Ps6Wmpm6oirJeb25//CFvSMPqLr
iK/fJdBy5x/RDVFLF1+z1n1j4fteiUexMBGi7S7bRvzqN/8znq2bjQhWQw8cQhSd
IX6CsZUNuYLz1EZ+mNrEr/hys473okp8uI6nJ1D7sW5gtxxgTl1aLUYiMwlxhDg5
z3A4R/PRj2Kk8CwwTRRCZU8u2o8wtkgucR1Q7mTBZr7K/g6KpI6VyImm4GMDVD7N
06rPOyevJwBWPTk/H9x6Pttfp67nTs6rhky/whDUw+e4fifmc5ZSTLwQkxN+Q9ro
+8Bf+8q520vP1QAseZy7bOHqvjpmdD5hP98RAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUbFkTAIdvSHtw4enpp4JgL2xYI0gwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2JGa1RBSWR2U0h0dzRl
bnBwNEpnTDJ4WUkwZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA7PE8O
5R60q2H4P105BQTUdowmGb01cXEi4TAR3FsLLMnryXw5iYWn2ls1DKu2OwYMGleg
lQ12NcHOQvv4va9c6ZgQtYoCBr7/oyxYgIthonM1UlycqPjSKKn80Pt3E/wtr3yE
dcX5lcEpimKPO84v2IUTAyKOb4ew6QFnPENFBgEgubFJXtdwHNLjE2RHr10J3nwt
aNXZA4QkrYqr6Y8Po/6IB5WpJqmhr3efEcl7nwB85C/0C4ehBVRf/eIhYAApZS2M
wNxfnQG0MYVienlWy2MgvvvGRYN2QbPXFMtL/G86E2i9uXiab+fLqlNVmv7GWFBD
YCu6rzN6Uv6HFME1
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:43:19 2025 by rpki-client