Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/f6iUnfRXG1x-BembTn0yB9mzTE4.roa
File: f6iUnfRXG1x-BembTn0yB9mzTE4.roa (raw, json)
Hash identifier: adIpYlxaOjcJeNwRQ8skaJ3OlkT1lrHNr82XOczDt7o=
Subject key identifier: 7F:A8:94:9D:F4:57:1B:5C:7E:05:E9:9B:4E:7D:32:07:D9:B3:4C:4E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 708E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/f6iUnfRXG1x-BembTn0yB9mzTE4.roa
Signing time: Fri 27 Jun 2025 11:14:42 +0000
ROA not before: Fri 27 Jun 2025 11:14:42 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28814 (0x708e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 27 11:14:42 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=7FA8949DF4571B5C7E05E99B4E7D3207D9B34C4E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:e9:4a:13:6a:f7:9f:c5:cf:2f:bb:06:d9:3a:
59:13:15:9d:2c:8d:d6:9b:66:c9:e2:c0:e5:83:3e:
59:3b:a6:86:ed:ac:bc:84:88:3c:3a:8e:bd:8a:3a:
f8:85:37:3d:ea:99:e5:4a:d3:39:4b:4f:6a:50:b3:
ab:c7:d1:5a:d1:07:0c:59:b2:cc:1c:02:31:44:1e:
e2:15:f6:2b:99:20:1b:95:7f:bc:e8:a5:ca:16:1d:
ed:ea:8b:c1:7f:54:a9:ed:f5:47:a1:7e:e9:4c:3d:
16:27:79:f5:b3:04:46:24:ee:82:7e:38:ec:08:6c:
4a:b8:b4:f4:a8:ca:e9:ca:14:34:a6:0c:29:95:e5:
03:d5:66:0f:3d:77:6a:79:58:9d:8d:46:aa:d4:15:
20:a6:b8:c7:6b:1e:96:31:ed:86:9e:83:52:68:1f:
78:a1:e4:2a:2a:6f:06:a8:b9:5f:ec:cd:46:d6:b3:
2c:12:22:9d:73:6e:bd:4b:fa:79:a6:8d:6d:7e:32:
3d:10:94:bb:1f:2d:e8:81:be:00:ab:bf:58:cf:fc:
50:09:b5:8c:70:77:59:53:d5:01:65:19:7f:ad:fc:
13:b9:fa:73:79:ac:37:c2:5a:b1:f5:11:8b:86:47:
b4:18:fc:c4:29:be:14:0c:d3:8d:8b:4c:95:35:91:
9f:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:A8:94:9D:F4:57:1B:5C:7E:05:E9:9B:4E:7D:32:07:D9:B3:4C:4E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/f6iUnfRXG1x-BembTn0yB9mzTE4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
51:5e:72:84:22:b4:77:6e:d3:3d:c9:17:38:0b:92:a3:e5:d2:
11:90:94:23:f9:47:57:04:a2:67:b1:ef:6b:4b:1e:82:87:94:
dd:36:8e:17:e6:03:77:a4:44:e7:c4:18:bb:d6:62:88:61:6d:
e6:91:67:7b:63:4e:ac:82:01:54:71:0b:1b:5f:3d:16:a9:89:
cd:e6:ad:c7:a1:ef:34:76:6d:53:aa:aa:80:d6:03:29:00:0a:
a0:5f:42:ef:eb:a0:8f:31:40:1b:3f:10:d3:db:7d:b3:59:b1:
02:29:2b:c0:66:70:a5:a1:7b:bc:7d:c3:92:89:20:c6:54:d4:
11:3d:d3:d9:e6:32:d7:ec:bc:f9:1d:a4:2b:de:d9:f7:2e:72:
d3:75:a4:63:71:5a:cc:03:df:37:dc:48:ac:c8:e7:f6:5b:6a:
ac:39:85:7e:41:0f:41:c8:0f:80:51:ee:5e:c0:b6:35:82:d3:
4d:f6:83:26:94:1c:65:84:fa:13:18:13:b0:05:9e:84:00:02:
e5:d0:42:18:38:45:6c:c1:7c:e3:5c:f1:a3:61:a0:97:36:be:
81:c1:ba:31:f0:bf:80:45:7e:1c:18:2f:b3:e8:c0:93:3c:c9:
58:ef:3f:52:1c:9b:6e:9a:50:b3:74:c8:5c:77:0d:ca:6c:22:
80:c7:82:a9
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcI4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2Mjcx
MTE0NDJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDdGQTg5NDlERjQ1NzFC
NUM3RTA1RTk5QjRFN0QzMjA3RDlCMzRDNEUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDM6UoTavefxc8vuwbZOlkTFZ0sjdabZsniwOWDPlk7pobtrLyE
iDw6jr2KOviFNz3qmeVK0zlLT2pQs6vH0VrRBwxZsswcAjFEHuIV9iuZIBuVf7zo
pcoWHe3qi8F/VKnt9UehfulMPRYnefWzBEYk7oJ+OOwIbEq4tPSoyunKFDSmDCmV
5QPVZg89d2p5WJ2NRqrUFSCmuMdrHpYx7Yaeg1JoH3ih5CoqbwaouV/szUbWsywS
Ip1zbr1L+nmmjW1+Mj0QlLsfLeiBvgCrv1jP/FAJtYxwd1lT1QFlGX+t/BO5+nN5
rDfCWrH1EYuGR7QY/MQpvhQM042LTJU1kZ9bAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUf6iUnfRXG1x+BembTn0yB9mzTE4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2Y2aVVuZlJYRzF4LUJl
bWJUbjB5QjltelRFNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBRXnKE
IrR3btM9yRc4C5Kj5dIRkJQj+UdXBKJnse9rSx6Ch5TdNo4X5gN3pETnxBi71mKI
YW3mkWd7Y06sggFUcQsbXz0WqYnN5q3Hoe80dm1TqqqA1gMpAAqgX0Lv66CPMUAb
PxDT232zWbECKSvAZnCloXu8fcOSiSDGVNQRPdPZ5jLX7Lz5HaQr3tn3LnLTdaRj
cVrMA9833EisyOf2W2qsOYV+QQ9ByA+AUe5ewLY1gtNN9oMmlBxlhPoTGBOwBZ6E
AALl0EIYOEVswXzjXPGjYaCXNr6Bwbox8L+ARX4cGC+z6MCTPMlY7z9SHJtumlCz
dMhcdw3KbCKAx4Kp
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:36:18 2025 by rpki-client