Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/f1I0tKAKokj1Mb1GtqQ6HH0oOuk.roa
File: f1I0tKAKokj1Mb1GtqQ6HH0oOuk.roa (raw, json)
Hash identifier: fzNMAzL+SAF0+xRYI0YKwToGofohK+xYJioeeu7cPr4=
Subject key identifier: 7F:52:34:B4:A0:0A:A2:48:F5:31:BD:46:B6:A4:3A:1C:7D:28:3A:E9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 64B2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/f1I0tKAKokj1Mb1GtqQ6HH0oOuk.roa
Signing time: Mon 26 May 2025 14:41:04 +0000
ROA not before: Mon 26 May 2025 14:41:04 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25778 (0x64b2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 26 14:41:04 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=7F5234B4A00AA248F531BD46B6A43A1C7D283AE9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:a6:fc:c2:86:8e:eb:2e:67:b1:73:82:b7:d1:
9a:de:2e:2e:ae:0e:b2:93:db:8a:7c:6b:4b:28:ba:
7f:6b:f5:45:0c:af:09:a2:67:b3:f9:c9:e7:15:fa:
92:96:d8:00:99:f7:ce:4d:ae:2a:4a:b4:d7:5f:49:
fa:91:fb:49:dc:e6:c7:cc:f7:0a:27:db:28:37:c9:
ab:19:c8:f4:8d:96:33:47:00:b8:68:2d:27:fd:fe:
f9:5b:c9:c3:ea:40:d4:11:35:88:82:65:ff:b4:3c:
9e:92:9f:6a:9a:1d:c7:29:cf:11:6f:0f:1b:11:57:
07:7b:3c:ca:f2:b8:07:86:18:c0:37:c9:9c:c6:53:
c1:1f:35:2b:ca:13:a9:e7:81:0c:9d:34:75:8b:b3:
56:c6:3b:d3:9f:16:cb:ca:df:85:fb:25:42:4b:6b:
5b:9c:79:6c:b4:f6:90:ad:d6:ea:07:06:bc:d9:84:
e7:fa:41:56:7b:05:d9:e0:dc:ee:4e:5c:7e:81:e3:
ce:f0:c3:34:1b:c2:e5:4d:64:b8:31:43:7a:12:c5:
f0:92:c0:b6:2a:4b:04:50:d1:3a:c3:84:52:22:bc:
b9:d2:42:d6:21:bd:a1:55:54:40:d3:8b:6a:f9:f4:
8e:f6:a6:53:bd:ec:90:9d:03:47:67:08:9f:74:47:
a4:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:52:34:B4:A0:0A:A2:48:F5:31:BD:46:B6:A4:3A:1C:7D:28:3A:E9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/f1I0tKAKokj1Mb1GtqQ6HH0oOuk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
19:2b:60:cc:59:92:0c:cf:a6:87:f7:80:05:64:b1:c5:10:5c:
94:74:e7:d6:38:1d:c3:5c:de:e4:20:7d:b5:cf:3a:b0:0e:b3:
e9:8b:15:d0:87:7b:0e:f4:32:7d:f5:bf:5a:7f:0e:98:dd:24:
73:ad:6d:ae:12:62:cf:0f:7f:4f:63:79:d0:3c:95:44:35:b3:
32:3c:44:7a:1b:e4:7e:23:80:5a:3c:85:50:b9:54:e7:79:b7:
87:34:cd:22:72:73:a3:15:33:97:18:2b:7f:c8:34:f8:e5:ad:
91:04:f6:ab:f9:26:3e:d0:c9:a4:d1:e1:93:cf:d9:d6:42:d0:
a3:54:ae:bd:06:c0:25:94:63:4d:40:70:a3:e1:2a:e7:60:75:
bd:6c:a2:48:04:4d:2b:8a:b7:15:8a:8b:b4:2b:e4:a2:c8:af:
25:dc:e4:fa:b0:10:15:d5:e8:09:99:d0:53:0e:17:b6:f2:1a:
81:3a:c5:61:e2:3a:50:73:47:e1:a7:ac:d6:ea:05:62:32:f0:
39:70:27:cb:7b:63:c1:b2:bd:02:3b:c3:b1:58:7d:0d:bd:3c:
08:30:fc:bc:7b:19:b7:b4:a5:65:a8:41:fe:8e:fa:f7:96:46:
f2:da:6e:1f:32:4e:b7:36:7c:3f:74:c7:bc:3a:13:48:29:cc:
92:46:91:03
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZLIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjYx
NDQxMDRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDdGNTIzNEI0QTAwQUEy
NDhGNTMxQkQ0NkI2QTQzQTFDN0QyODNBRTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDepvzCho7rLmexc4K30ZreLi6uDrKT24p8a0soun9r9UUMrwmi
Z7P5yecV+pKW2ACZ985NripKtNdfSfqR+0nc5sfM9won2yg3yasZyPSNljNHALho
LSf9/vlbycPqQNQRNYiCZf+0PJ6Sn2qaHccpzxFvDxsRVwd7PMryuAeGGMA3yZzG
U8EfNSvKE6nngQydNHWLs1bGO9OfFsvK34X7JUJLa1uceWy09pCt1uoHBrzZhOf6
QVZ7Bdng3O5OXH6B487wwzQbwuVNZLgxQ3oSxfCSwLYqSwRQ0TrDhFIivLnSQtYh
vaFVVEDTi2r59I72plO97JCdA0dnCJ90R6TzAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUf1I0tKAKokj1Mb1GtqQ6HH0oOukwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2YxSTB0S0FLb2tqMU1i
MUd0cVE2SEgwb091ay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAZK2DM
WZIMz6aH94AFZLHFEFyUdOfWOB3DXN7kIH21zzqwDrPpixXQh3sO9DJ99b9afw6Y
3SRzrW2uEmLPD39PY3nQPJVENbMyPER6G+R+I4BaPIVQuVTnebeHNM0icnOjFTOX
GCt/yDT45a2RBPar+SY+0Mmk0eGTz9nWQtCjVK69BsAllGNNQHCj4SrnYHW9bKJI
BE0rircViou0K+SiyK8l3OT6sBAV1egJmdBTDhe28hqBOsVh4jpQc0fhp6zW6gVi
MvA5cCfLe2PBsr0CO8OxWH0NvTwIMPy8exm3tKVlqEH+jvr3lkby2m4fMk63Nnw/
dMe8OhNIKcySRpED
-----END CERTIFICATE-----
Generated at Wed Jun 4 02:10:31 2025 by rpki-client