Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/fJaqVOxHvwoC4ESjfCKXE4uc9Bo.roa
File: fJaqVOxHvwoC4ESjfCKXE4uc9Bo.roa (raw, json)
Hash identifier: BXWj67bJWYTXE0aS9gsaZSHWHd+Cd/NpJymxm1RjEcY=
Subject key identifier: 7C:96:AA:54:EC:47:BF:0A:02:E0:44:A3:7C:22:97:13:8B:9C:F4:1A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 778A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fJaqVOxHvwoC4ESjfCKXE4uc9Bo.roa
Signing time: Wed 16 Jul 2025 02:41:53 +0000
ROA not before: Wed 16 Jul 2025 02:41:53 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30602 (0x778a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 16 02:41:53 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=7C96AA54EC47BF0A02E044A37C2297138B9CF41A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:f0:51:18:ca:bb:39:e4:e5:d7:b0:d6:21:36:
33:c1:b5:1a:b9:ba:8e:aa:37:6e:7f:ca:13:87:a8:
11:ca:b7:86:c7:a4:7a:42:4c:96:37:be:21:06:b2:
0d:e6:82:ab:e1:57:20:9c:3f:fa:b6:ca:7f:b9:75:
73:fd:f3:f8:3c:d0:01:ab:21:06:65:f9:49:fc:49:
38:e9:e0:60:17:f1:b6:49:81:72:53:b7:a4:b6:6c:
07:a9:56:5e:ff:cd:31:39:4b:42:84:a2:e5:9f:07:
eb:75:a1:61:08:e0:36:61:02:6e:d6:87:b4:cb:8a:
8c:40:ff:91:95:49:17:e1:d5:43:26:f2:a3:84:7b:
19:45:0c:0f:09:9f:1c:a6:e4:fd:97:cb:d9:c7:ce:
d8:58:9f:d3:01:41:d0:92:cf:7a:ec:59:c6:2c:43:
a2:b1:ce:4a:55:ad:ae:c2:37:73:6c:a0:3d:13:74:
71:dd:e3:c1:8b:de:a8:3a:a7:c1:6e:b8:51:51:ec:
75:30:af:03:56:58:32:93:de:4e:a8:71:4f:65:ce:
28:b4:95:cd:df:12:5b:fc:52:6f:af:31:ca:04:4d:
be:2a:b1:27:ad:85:75:a2:fc:38:e7:2c:18:c3:b3:
11:e3:30:24:2e:bd:af:48:78:80:57:af:4a:e1:bb:
93:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:96:AA:54:EC:47:BF:0A:02:E0:44:A3:7C:22:97:13:8B:9C:F4:1A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fJaqVOxHvwoC4ESjfCKXE4uc9Bo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
5d:78:e3:2d:03:58:79:8d:51:3a:96:06:de:76:60:88:ef:66:
98:81:08:51:6b:0b:c1:3b:50:d1:5a:78:4f:0e:1f:6a:2c:d6:
5e:1b:83:83:c6:be:f9:04:14:bb:1a:6b:54:22:68:e2:fb:d5:
74:65:f4:83:60:00:6f:47:c7:13:8a:f0:c3:82:80:9a:c1:68:
96:ed:e7:de:d1:84:68:95:a4:2f:6d:4d:49:4b:eb:50:db:7a:
ec:1a:3d:94:24:40:1c:52:09:39:59:e2:7c:d3:dd:61:ac:b3:
f0:4f:32:e3:73:07:dc:97:90:6a:18:05:07:75:52:f5:25:e5:
f8:71:af:29:08:69:dc:56:07:19:f5:4d:47:aa:3b:73:e8:ed:
03:67:9c:c7:ab:96:c7:21:24:c8:03:92:6d:64:44:f4:e7:6d:
14:0d:f7:ca:fc:c1:57:17:c9:3c:13:14:06:34:61:42:3a:c5:
64:d3:0c:1b:93:42:21:0a:fe:e2:b5:d9:9f:48:f3:e5:69:c1:
0e:f1:f6:c6:6e:52:03:20:eb:57:b8:f8:28:5e:b1:6a:69:36:
77:94:f0:c6:8c:52:86:a1:33:f2:4f:38:e2:76:f4:4e:1a:73:
b7:55:fd:36:d7:0f:12:01:54:12:a7:ba:c1:15:b9:bc:cb:70:
2a:2d:fb:56
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICd4owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTYw
MjQxNTNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDdDOTZBQTU0RUM0N0JG
MEEwMkUwNDRBMzdDMjI5NzEzOEI5Q0Y0MUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDH8FEYyrs55OXXsNYhNjPBtRq5uo6qN25/yhOHqBHKt4bHpHpC
TJY3viEGsg3mgqvhVyCcP/q2yn+5dXP98/g80AGrIQZl+Un8STjp4GAX8bZJgXJT
t6S2bAepVl7/zTE5S0KEouWfB+t1oWEI4DZhAm7Wh7TLioxA/5GVSRfh1UMm8qOE
exlFDA8Jnxym5P2Xy9nHzthYn9MBQdCSz3rsWcYsQ6KxzkpVra7CN3NsoD0TdHHd
48GL3qg6p8FuuFFR7HUwrwNWWDKT3k6ocU9lzii0lc3fElv8Um+vMcoETb4qsSet
hXWi/DjnLBjDsxHjMCQuva9IeIBXr0rhu5P3AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUfJaqVOxHvwoC4ESjfCKXE4uc9BowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2ZKYXFWT3hIdndvQzRF
U2pmQ0tYRTR1YzlCby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBdeOMt
A1h5jVE6lgbedmCI72aYgQhRawvBO1DRWnhPDh9qLNZeG4ODxr75BBS7GmtUImji
+9V0ZfSDYABvR8cTivDDgoCawWiW7efe0YRolaQvbU1JS+tQ23rsGj2UJEAcUgk5
WeJ8091hrLPwTzLjcwfcl5BqGAUHdVL1JeX4ca8pCGncVgcZ9U1Hqjtz6O0DZ5zH
q5bHISTIA5JtZET0520UDffK/MFXF8k8ExQGNGFCOsVk0wwbk0IhCv7itdmfSPPl
acEO8fbGblIDIOtXuPgoXrFqaTZ3lPDGjFKGoTPyTzjidvROGnO3Vf021w8SAVQS
p7rBFbm8y3AqLftW
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:46:48 2025 by rpki-client