Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/f3U8E7XgGtSHamm9_sXfNG9DdGE.roa
File: f3U8E7XgGtSHamm9_sXfNG9DdGE.roa (raw, json)
Hash identifier: 7buySWjYJDK1j+tunm7yg5aJv8gG2F+bSdZ6QtdW0Jc=
Subject key identifier: 7F:75:3C:13:B5:E0:1A:D4:87:6A:69:BD:FE:C5:DF:34:6F:43:74:61
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6DAC
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/f3U8E7XgGtSHamm9_sXfNG9DdGE.roa
Signing time: Thu 19 Jun 2025 22:04:53 +0000
ROA not before: Thu 19 Jun 2025 22:04:53 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28076 (0x6dac)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 19 22:04:53 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=7F753C13B5E01AD4876A69BDFEC5DF346F437461
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:65:e2:55:91:e9:ef:c2:bc:bd:41:37:6c:74:
4b:b6:bc:21:51:d9:c1:1b:63:86:80:b0:73:1a:da:
6e:9a:44:d5:d2:40:b3:84:31:cc:34:91:30:9e:c4:
f1:fb:21:83:6d:da:6b:94:8b:a9:71:93:84:3e:17:
57:88:01:24:a3:2d:75:7e:25:cc:b8:2b:cb:d5:cd:
64:48:aa:34:f7:1c:e6:55:8c:fa:60:c5:0e:64:6a:
b7:dc:54:f1:b5:a4:be:4d:ec:9c:cb:9d:20:bb:ff:
78:19:2f:b4:e9:6a:1c:c6:24:b0:fb:fb:3c:7f:89:
8c:66:f9:7b:af:b8:8e:b5:22:71:8d:8f:a4:f2:34:
96:37:bf:8f:e0:5d:34:24:0c:26:13:31:5d:81:0e:
65:4f:fd:9e:b1:6d:e8:fe:42:d9:fb:96:94:c6:f6:
53:9d:70:af:97:2f:98:10:10:bf:95:70:81:cc:f9:
0f:99:69:a6:46:0e:99:9d:c9:f5:7e:98:49:71:9e:
9c:8e:17:06:1f:ad:aa:c5:19:bc:ea:29:3b:bc:59:
c4:fa:03:b0:dd:31:14:36:1b:95:c4:ba:40:7e:c1:
6a:ef:7e:96:0e:ec:35:45:53:a1:e1:5c:8b:01:4c:
2f:f2:19:11:6a:53:05:3c:c2:d8:01:4d:cf:30:be:
a8:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:75:3C:13:B5:E0:1A:D4:87:6A:69:BD:FE:C5:DF:34:6F:43:74:61
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/f3U8E7XgGtSHamm9_sXfNG9DdGE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
3c:e3:f7:ca:d6:ab:fe:ae:62:45:6e:e7:46:35:d7:de:9a:09:
86:68:e0:c6:e7:49:67:b1:3d:3b:72:5b:4a:ea:c2:e8:82:c8:
16:5e:9d:89:d7:24:ba:ae:61:8b:34:89:fa:9f:8c:45:c1:0b:
62:8b:c7:e8:8e:0e:aa:c7:30:69:a8:f5:2f:53:0e:c8:96:9f:
0b:c8:3a:c0:6b:1a:e2:ca:5e:cc:b9:c4:ed:b0:00:0e:2f:03:
ba:b2:9f:45:02:11:0b:46:18:dd:39:57:45:c6:dd:2b:33:88:
bd:08:d6:cc:f9:d0:6a:1a:18:50:b6:02:81:77:98:2c:c7:5c:
d6:b7:b1:b4:20:15:2b:f7:60:06:a4:71:11:ef:d8:b8:1f:20:
89:77:f2:6a:e8:66:3a:6f:a7:61:3a:73:2b:84:d6:b0:40:ba:
c6:86:d5:41:43:c2:50:1f:cd:0d:4d:ec:9d:fc:66:4d:7e:68:
90:51:06:ec:77:40:cc:3e:f4:0e:9b:ab:c8:87:47:1a:39:7e:
08:e1:1f:9d:09:0d:78:4a:e3:f4:bd:23:d5:c2:1a:b5:d9:aa:
1b:4f:e7:6c:5d:6e:dd:e6:07:a3:1e:3b:d0:8f:fe:b6:20:60:
8a:9a:18:54:2d:d5:b5:19:f6:c3:22:0f:1f:8c:3a:1e:36:a4:
94:04:a4:07
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbawwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTky
MjA0NTNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDdGNzUzQzEzQjVFMDFB
RDQ4NzZBNjlCREZFQzVERjM0NkY0Mzc0NjEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC4ZeJVkenvwry9QTdsdEu2vCFR2cEbY4aAsHMa2m6aRNXSQLOE
Mcw0kTCexPH7IYNt2muUi6lxk4Q+F1eIASSjLXV+Jcy4K8vVzWRIqjT3HOZVjPpg
xQ5karfcVPG1pL5N7JzLnSC7/3gZL7TpahzGJLD7+zx/iYxm+XuvuI61InGNj6Ty
NJY3v4/gXTQkDCYTMV2BDmVP/Z6xbej+Qtn7lpTG9lOdcK+XL5gQEL+VcIHM+Q+Z
aaZGDpmdyfV+mElxnpyOFwYfrarFGbzqKTu8WcT6A7DdMRQ2G5XEukB+wWrvfpYO
7DVFU6HhXIsBTC/yGRFqUwU8wtgBTc8wvqhvAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUf3U8E7XgGtSHamm9/sXfNG9DdGEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2YzVThFN1hnR3RTSGFt
bTlfc1hmTkc5RGRHRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA84/fK
1qv+rmJFbudGNdfemgmGaODG50lnsT07cltK6sLogsgWXp2J1yS6rmGLNIn6n4xF
wQtii8fojg6qxzBpqPUvUw7Ilp8LyDrAaxriyl7MucTtsAAOLwO6sp9FAhELRhjd
OVdFxt0rM4i9CNbM+dBqGhhQtgKBd5gsx1zWt7G0IBUr92AGpHER79i4HyCJd/Jq
6GY6b6dhOnMrhNawQLrGhtVBQ8JQH80NTeyd/GZNfmiQUQbsd0DMPvQOm6vIh0ca
OX4I4R+dCQ14SuP0vSPVwhq12aobT+dsXW7d5gejHjvQj/62IGCKmhhULdW1GfbD
Ig8fjDoeNqSUBKQH
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:51:22 2025 by rpki-client