Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/fDVJW7sCk65dHi9Jk1CILiXoFXw.roa
File: fDVJW7sCk65dHi9Jk1CILiXoFXw.roa (raw, json)
Hash identifier: l4bc5Dz3WdKehIbP3nTTdiJlwIUYx2aXzhxlTI07OSU=
Subject key identifier: 7C:35:49:5B:BB:02:93:AE:5D:1E:2F:49:93:50:88:2E:25:E8:15:7C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 790E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fDVJW7sCk65dHi9Jk1CILiXoFXw.roa
Signing time: Sun 20 Jul 2025 03:42:10 +0000
ROA not before: Sun 20 Jul 2025 03:42:10 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30990 (0x790e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 20 03:42:10 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=7C35495BBB0293AE5D1E2F499350882E25E8157C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:68:24:d0:88:d5:13:0f:22:c5:7b:9f:13:f6:
44:0a:be:87:95:05:63:7c:5d:f9:c3:81:0b:f2:bf:
14:c8:7a:28:22:37:f4:5c:74:15:06:60:6b:0a:d4:
7b:8d:ff:e4:2c:e6:df:14:38:78:b5:ef:3d:ca:15:
48:18:fd:7f:bf:9e:d0:db:af:88:49:83:3d:7b:1c:
ab:77:0d:d5:f8:84:7f:7b:9f:47:83:a5:22:c5:a5:
bb:11:78:8e:52:c2:10:f6:d9:3b:2f:32:05:3e:0c:
d5:68:9b:81:89:90:1f:50:74:50:64:85:ba:e7:72:
fb:a0:02:85:41:9f:8c:1a:17:0b:5d:e3:64:4a:9a:
58:e3:c0:5b:c4:68:7e:25:57:f0:a3:09:51:c5:62:
1f:d1:04:11:62:f7:1c:79:43:36:94:1c:3d:6b:d7:
d4:9f:9f:6c:6b:95:12:1f:b0:53:e3:1f:18:b2:c2:
1c:cb:68:68:45:8c:d9:aa:09:39:f9:81:85:a6:b3:
e8:13:60:5f:af:d3:18:29:46:73:89:db:f1:13:0a:
e2:40:1a:fc:74:93:1b:32:af:ce:3a:ef:a9:cc:2c:
9b:ff:20:97:30:50:f5:af:c7:9c:a2:6d:70:fe:41:
5c:98:a4:a9:b3:31:a9:b8:e0:7b:85:3f:9d:98:c6:
7a:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:35:49:5B:BB:02:93:AE:5D:1E:2F:49:93:50:88:2E:25:E8:15:7C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fDVJW7sCk65dHi9Jk1CILiXoFXw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
52:63:71:84:c9:50:08:59:03:bc:d6:f3:19:c5:6a:ca:09:de:
f5:15:cb:ec:c0:03:f2:07:d3:f1:dc:0e:ae:e5:3c:d8:09:52:
df:0c:d1:1f:30:90:6a:bb:39:f4:62:3a:b8:9b:f7:1c:e0:b7:
02:3e:07:85:ed:eb:7d:3d:f6:68:87:f7:7a:ef:f0:ca:ec:93:
5e:29:ad:83:b7:ec:a5:5b:85:a7:55:1d:51:a2:fc:bf:f7:05:
fd:ec:60:5b:77:47:e7:63:d1:7c:79:04:34:87:6e:02:6c:d8:
3e:e1:ee:78:5f:8e:b5:4d:71:b8:47:f1:96:37:c1:ea:0b:4d:
96:70:72:59:82:22:4c:be:f9:ad:6e:54:43:7c:af:ab:d0:0d:
ea:30:6c:14:cb:9f:a2:29:e8:da:57:65:59:d6:28:18:7c:38:
b1:2b:ff:fe:97:83:45:c1:c0:34:0e:cb:51:fe:cd:a9:5e:32:
e8:08:5b:ec:c6:39:57:31:27:32:fe:62:6b:b7:ac:55:7f:e6:
7f:b3:34:4f:a0:35:82:22:67:18:10:0f:5e:97:e3:f8:ec:36:
f5:ea:66:88:ed:ab:53:e3:71:f4:39:9f:38:b5:3c:5d:3a:ed:
4a:24:5a:f7:37:c0:f9:97:08:d2:15:fe:7d:a8:6a:b8:84:d5:
45:a1:93:4d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeQ4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MjAw
MzQyMTBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDdDMzU0OTVCQkIwMjkz
QUU1RDFFMkY0OTkzNTA4ODJFMjVFODE1N0MwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDpaCTQiNUTDyLFe58T9kQKvoeVBWN8XfnDgQvyvxTIeigiN/Rc
dBUGYGsK1HuN/+Qs5t8UOHi17z3KFUgY/X+/ntDbr4hJgz17HKt3DdX4hH97n0eD
pSLFpbsReI5SwhD22TsvMgU+DNVom4GJkB9QdFBkhbrncvugAoVBn4waFwtd42RK
mljjwFvEaH4lV/CjCVHFYh/RBBFi9xx5QzaUHD1r19Sfn2xrlRIfsFPjHxiywhzL
aGhFjNmqCTn5gYWms+gTYF+v0xgpRnOJ2/ETCuJAGvx0kxsyr84676nMLJv/IJcw
UPWvx5yibXD+QVyYpKmzMam44HuFP52YxnrNAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUfDVJW7sCk65dHi9Jk1CILiXoFXwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2ZEVkpXN3NDazY1ZEhp
OUprMUNJTGlYb0ZYdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBSY3GE
yVAIWQO81vMZxWrKCd71FcvswAPyB9Px3A6u5TzYCVLfDNEfMJBquzn0Yjq4m/cc
4LcCPgeF7et9PfZoh/d67/DK7JNeKa2Dt+ylW4WnVR1Rovy/9wX97GBbd0fnY9F8
eQQ0h24CbNg+4e54X461TXG4R/GWN8HqC02WcHJZgiJMvvmtblRDfK+r0A3qMGwU
y5+iKejaV2VZ1igYfDixK//+l4NFwcA0DstR/s2pXjLoCFvsxjlXMScy/mJrt6xV
f+Z/szRPoDWCImcYEA9el+P47Db16maI7atT43H0OZ84tTxdOu1KJFr3N8D5lwjS
Ff59qGq4hNVFoZNN
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:39:21 2025 by rpki-client