Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/fYnf0VPy7KBoV_OlRMjsZuON4bU.roa
File: fYnf0VPy7KBoV_OlRMjsZuON4bU.roa (raw, json)
Hash identifier: l/A88EBKHZVGfQoHe82C2mB3Do001wZNk+stimU2CgA=
Subject key identifier: 7D:89:DF:D1:53:F2:EC:A0:68:57:F3:A5:44:C8:EC:66:E3:8D:E1:B5
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 74F2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fYnf0VPy7KBoV_OlRMjsZuON4bU.roa
Signing time: Wed 09 Jul 2025 04:15:02 +0000
ROA not before: Wed 09 Jul 2025 04:15:02 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29938 (0x74f2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 9 04:15:02 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=7D89DFD153F2ECA06857F3A544C8EC66E38DE1B5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:6d:f9:0f:34:62:a7:79:11:50:97:74:ac:64:
a5:54:f0:ad:11:84:d2:99:b0:94:9b:43:7b:c4:50:
cd:c0:e2:c9:be:90:2d:03:d2:a3:e0:c2:9a:ec:61:
3f:26:ce:4e:ee:8a:9e:d3:61:6f:77:e7:9d:e3:28:
3e:07:66:f5:b2:05:6e:f2:39:62:d9:30:8b:80:f5:
7c:06:7e:dc:5e:22:f4:4a:33:cc:96:69:c6:6b:35:
b3:78:33:11:57:d2:2a:02:6a:04:b9:df:bc:d7:b7:
52:5d:88:a7:5c:45:5c:07:95:ad:54:c7:c8:7d:d1:
b4:36:d1:ad:9b:ff:6c:8c:65:52:a5:6f:05:6d:fb:
2d:0a:56:d9:bd:69:e8:65:8c:4c:8f:15:c3:55:38:
1d:b7:7b:b9:b1:05:46:ff:69:da:ff:48:13:8e:1f:
89:4d:62:c9:54:b5:d1:aa:24:75:6d:0e:70:4b:43:
a8:56:8c:52:19:75:d5:90:04:b4:8e:a8:a2:73:81:
88:2e:95:a4:98:67:bd:52:8c:4a:1c:71:52:23:78:
a8:e4:7b:f9:e2:3c:0c:4f:9d:4b:64:6a:2d:a0:dc:
da:6f:36:74:30:65:8b:42:96:b9:32:ce:41:da:62:
36:9e:65:5a:03:db:76:54:ce:38:5e:ad:a7:9e:12:
f4:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:89:DF:D1:53:F2:EC:A0:68:57:F3:A5:44:C8:EC:66:E3:8D:E1:B5
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fYnf0VPy7KBoV_OlRMjsZuON4bU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
49:da:7f:0c:3e:ac:98:54:77:1e:df:81:ba:eb:0f:bb:3a:cd:
a4:15:e2:62:75:1b:c2:c4:d1:d0:74:e2:6e:43:93:22:13:8a:
63:6b:1e:58:13:cb:75:d9:fe:b3:b9:5d:e3:3f:a1:46:26:16:
98:ae:46:d0:6f:59:db:9e:0e:5f:ae:e9:c2:55:d1:c3:fe:7e:
3f:f5:58:98:e0:16:68:ed:09:92:86:f6:fa:f5:32:36:df:23:
17:71:07:93:ee:df:db:6b:aa:57:71:de:e6:56:d6:59:c7:b2:
09:93:fb:d4:33:0b:f5:67:1e:20:f2:24:9c:9d:29:9b:a8:1f:
e3:65:8f:8b:13:8f:5b:d0:2e:69:c1:48:86:27:37:fb:ba:11:
99:51:94:89:91:b2:6c:5c:60:2a:3e:c5:81:82:e4:48:31:45:
c0:59:ad:00:f2:5f:0a:ec:b9:85:79:13:7f:c7:aa:46:7d:e3:
69:86:ac:fe:7e:61:5b:a7:77:3e:5d:9d:3a:f5:34:f6:3e:be:
95:0e:a2:ff:14:11:98:a6:65:76:f2:8d:76:f7:0a:40:0e:c0:
b6:13:3b:05:29:7e:45:26:7f:f0:16:b0:b3:02:95:d5:5e:16:
18:b9:cd:39:39:2b:08:a4:37:68:8d:3a:15:fa:0f:56:23:7d:
6f:3c:24:b3
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdPIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDkw
NDE1MDJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDdEODlERkQxNTNGMkVD
QTA2ODU3RjNBNTQ0QzhFQzY2RTM4REUxQjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDBbfkPNGKneRFQl3SsZKVU8K0RhNKZsJSbQ3vEUM3A4sm+kC0D
0qPgwprsYT8mzk7uip7TYW93553jKD4HZvWyBW7yOWLZMIuA9XwGftxeIvRKM8yW
acZrNbN4MxFX0ioCagS537zXt1JdiKdcRVwHla1Ux8h90bQ20a2b/2yMZVKlbwVt
+y0KVtm9aehljEyPFcNVOB23e7mxBUb/adr/SBOOH4lNYslUtdGqJHVtDnBLQ6hW
jFIZddWQBLSOqKJzgYgulaSYZ71SjEoccVIjeKjke/niPAxPnUtkai2g3NpvNnQw
ZYtClrkyzkHaYjaeZVoD23ZUzjheraeeEvT1AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUfYnf0VPy7KBoV/OlRMjsZuON4bUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2ZZbmYwVlB5N0tCb1Zf
T2xSTWpzWnVPTjRiVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBJ2n8M
PqyYVHce34G66w+7Os2kFeJidRvCxNHQdOJuQ5MiE4pjax5YE8t12f6zuV3jP6FG
JhaYrkbQb1nbng5frunCVdHD/n4/9ViY4BZo7QmShvb69TI23yMXcQeT7t/ba6pX
cd7mVtZZx7IJk/vUMwv1Zx4g8iScnSmbqB/jZY+LE49b0C5pwUiGJzf7uhGZUZSJ
kbJsXGAqPsWBguRIMUXAWa0A8l8K7LmFeRN/x6pGfeNphqz+fmFbp3c+XZ069TT2
Pr6VDqL/FBGYpmV28o129wpADsC2EzsFKX5FJn/wFrCzApXVXhYYuc05OSsIpDdo
jToV+g9WI31vPCSz
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:41:54 2025 by rpki-client