Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/fX5u-jciclbN23fQ_75TGFrcGxQ.roa
File: fX5u-jciclbN23fQ_75TGFrcGxQ.roa (raw, json)
Hash identifier: Wf0LJX6FYEeE4Qu91Nh83eHVVIP2MRLVKdhLHaSDE68=
Subject key identifier: 7D:7E:6E:FA:37:22:72:56:CD:DB:77:D0:FF:BE:53:18:5A:DC:1B:14
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7074
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fX5u-jciclbN23fQ_75TGFrcGxQ.roa
Signing time: Fri 27 Jun 2025 04:44:39 +0000
ROA not before: Fri 27 Jun 2025 04:44:39 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28788 (0x7074)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 27 04:44:39 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=7D7E6EFA37227256CDDB77D0FFBE53185ADC1B14
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:5b:fc:bc:aa:96:43:f7:a6:f5:b7:99:30:74:
1a:15:f4:b5:12:e1:48:d1:5a:ec:64:3d:3b:5e:a0:
5a:c4:aa:06:ab:dd:2b:ba:22:56:71:6f:e1:ae:4e:
33:35:97:fb:bd:64:ac:23:5a:26:5e:11:06:7e:66:
d9:10:d6:24:0b:be:2f:f0:f7:84:5c:96:32:7c:7b:
90:b6:3a:16:c3:52:da:83:e3:3c:46:6c:3a:05:b0:
4c:4a:15:2b:3d:82:c1:e7:ac:8c:78:e0:98:25:9d:
97:5a:cb:b9:81:f8:f1:2e:50:d8:55:bb:9e:b4:26:
2c:ba:10:db:35:8b:96:42:b0:32:3c:0c:28:68:64:
5e:3e:7c:ce:68:75:3c:dc:90:68:e9:f4:30:79:b9:
4c:27:e5:d1:88:35:91:a0:69:de:2d:34:7e:ec:52:
03:3f:da:d7:b1:e2:6a:2d:68:59:b4:2a:1e:da:c7:
db:fe:43:44:48:1f:f9:06:79:8c:e4:29:13:eb:11:
e5:b8:c9:2e:1e:e6:44:ca:3a:d2:28:3f:a8:46:b7:
1c:0c:f1:68:c1:ea:bc:27:63:ba:c8:99:72:82:02:
fa:21:4c:63:de:ac:37:f2:03:ff:ac:9a:24:ca:2f:
4a:2e:f6:ab:35:f3:6a:ca:f3:4a:70:2b:7e:0a:2d:
75:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:7E:6E:FA:37:22:72:56:CD:DB:77:D0:FF:BE:53:18:5A:DC:1B:14
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fX5u-jciclbN23fQ_75TGFrcGxQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
5f:d1:b6:94:3f:9e:1a:83:df:da:a6:38:ca:dd:d3:b1:34:ca:
34:5a:7e:52:ad:00:fb:31:01:39:6f:d1:77:70:18:41:e4:fb:
92:54:44:d3:f9:d3:98:88:15:01:c4:ec:4f:a5:dd:f1:68:ca:
8e:8c:fd:f3:75:dc:59:92:80:ed:0b:a0:8c:18:51:9a:56:dd:
94:36:7d:7a:20:dd:eb:35:57:b1:6b:4c:5e:b2:34:2d:86:6c:
3b:d4:ef:8c:ba:90:c8:4d:c2:20:d7:aa:76:b3:9e:5a:59:5e:
df:89:48:6b:fb:89:55:e2:09:72:c8:11:06:12:3b:37:cd:a3:
b3:08:bc:22:39:a8:6a:d7:84:a7:aa:4a:8e:2d:1d:50:97:7b:
ed:65:f4:82:91:8a:28:ce:c0:5e:3c:d5:25:38:4a:08:97:33:
81:77:4e:3a:48:42:5b:dc:ca:ee:0b:00:22:13:75:89:15:eb:
c8:c4:af:e4:b1:9f:df:85:3a:f7:6d:76:61:ab:37:84:44:74:
1f:4e:f9:bf:b8:d8:62:2b:98:70:3a:18:9e:83:76:59:7e:0c:
32:b0:20:4a:40:67:48:4a:e8:5e:dd:a6:33:fb:11:8b:af:3d:
d8:13:d9:89:b7:bc:5d:62:ef:fe:bd:bd:99:81:93:e3:f7:13:
f0:cb:99:0d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcHQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2Mjcw
NDQ0MzlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDdEN0U2RUZBMzcyMjcy
NTZDRERCNzdEMEZGQkU1MzE4NUFEQzFCMTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDZW/y8qpZD96b1t5kwdBoV9LUS4UjRWuxkPTteoFrEqgar3Su6
IlZxb+GuTjM1l/u9ZKwjWiZeEQZ+ZtkQ1iQLvi/w94RcljJ8e5C2OhbDUtqD4zxG
bDoFsExKFSs9gsHnrIx44JglnZday7mB+PEuUNhVu560Jiy6ENs1i5ZCsDI8DCho
ZF4+fM5odTzckGjp9DB5uUwn5dGINZGgad4tNH7sUgM/2tex4motaFm0Kh7ax9v+
Q0RIH/kGeYzkKRPrEeW4yS4e5kTKOtIoP6hGtxwM8WjB6rwnY7rImXKCAvohTGPe
rDfyA/+smiTKL0ou9qs182rK80pwK34KLXXxAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUfX5u+jciclbN23fQ/75TGFrcGxQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2ZYNXUtamNpY2xiTjIz
ZlFfNzVUR0ZyY0d4US5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBf0baU
P54ag9/apjjK3dOxNMo0Wn5SrQD7MQE5b9F3cBhB5PuSVETT+dOYiBUBxOxPpd3x
aMqOjP3zddxZkoDtC6CMGFGaVt2UNn16IN3rNVexa0xesjQthmw71O+MupDITcIg
16p2s55aWV7fiUhr+4lV4glyyBEGEjs3zaOzCLwiOahq14SnqkqOLR1Ql3vtZfSC
kYoozsBePNUlOEoIlzOBd046SEJb3MruCwAiE3WJFevIxK/ksZ/fhTr3bXZhqzeE
RHQfTvm/uNhiK5hwOhieg3ZZfgwysCBKQGdISuhe3aYz+xGLrz3YE9mJt7xdYu/+
vb2ZgZPj9xPwy5kN
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:45:28 2025 by rpki-client