Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/faBBGdib9boUP0jiSEoMISXBXtc.roa
File: faBBGdib9boUP0jiSEoMISXBXtc.roa (raw, json)
Hash identifier: CoKdSQUFE3ffEbCHPQiZl8Znb7mX00aDy6C5ZNK8g+k=
Subject key identifier: 7D:A0:41:19:D8:9B:F5:BA:14:3F:48:E2:48:4A:0C:21:25:C1:5E:D7
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6336
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/faBBGdib9boUP0jiSEoMISXBXtc.roa
Signing time: Thu 22 May 2025 15:41:03 +0000
ROA not before: Thu 22 May 2025 15:41:03 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25398 (0x6336)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 22 15:41:03 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=7DA04119D89BF5BA143F48E2484A0C2125C15ED7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:d8:8c:2d:db:1d:83:75:a1:ec:ed:5f:f0:7d:
40:74:d6:95:b9:e2:c4:a5:f6:51:d4:25:29:d4:a5:
f1:94:56:78:e4:9b:36:60:8d:88:50:86:53:e5:e4:
b3:f9:6f:ef:9c:19:1e:26:d0:ef:be:61:be:0d:a8:
f0:04:d0:2e:e6:52:9d:ba:78:f0:61:39:55:b6:56:
da:7e:a2:30:ef:aa:04:6c:e7:6b:c0:cb:b1:df:1f:
5a:b0:54:2f:6e:15:06:b1:ce:60:30:3d:c2:ec:f5:
c4:e1:c0:88:b7:ee:89:15:65:ad:05:f3:ef:b3:1a:
4b:3a:3e:31:45:70:99:9c:86:72:70:ac:83:de:8b:
ef:8b:14:42:c7:47:40:06:a5:fa:15:ed:5e:3f:3f:
da:13:00:fb:5b:23:2f:9b:b1:78:9b:27:57:82:46:
ea:de:57:e1:5e:56:43:21:06:bb:ed:71:65:14:1b:
72:13:a1:a6:a6:68:d7:da:2f:cc:c6:f7:cc:cc:e3:
33:06:fa:fd:25:fa:2a:56:d4:e5:8f:99:ae:54:1c:
50:e8:a7:36:0f:6d:4d:41:7d:19:4e:c9:a3:45:c2:
1f:0f:dd:33:a4:fa:67:36:24:8f:60:00:99:56:91:
d5:63:ae:96:c7:93:ec:2e:08:7a:8b:2f:83:7b:1c:
25:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:A0:41:19:D8:9B:F5:BA:14:3F:48:E2:48:4A:0C:21:25:C1:5E:D7
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/faBBGdib9boUP0jiSEoMISXBXtc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
38:4e:f5:35:2b:ed:0c:0c:42:49:e6:77:55:fd:e6:78:ce:9e:
93:e8:7c:68:47:be:46:ff:fa:23:82:17:b0:6d:02:a3:04:8c:
17:1d:d6:50:db:b2:09:52:71:6b:67:9e:01:fe:61:c7:c5:7c:
ac:19:30:eb:b3:d6:d8:6b:5e:c8:30:2e:9d:a2:38:2b:8b:d3:
ea:25:37:16:f1:c5:3a:cc:75:1d:87:73:6a:81:46:f2:03:77:
dd:be:a8:9b:c2:01:cd:dd:51:a4:28:2e:bb:d0:85:03:3d:df:
16:17:e8:e1:0d:0f:9e:aa:c8:1b:1d:be:6a:da:95:d6:a9:08:
42:db:03:d4:08:8e:e2:5b:e5:0b:6e:74:45:86:cf:56:28:2d:
1f:5d:c2:3d:b1:dd:8d:1a:b4:1e:68:d1:f4:eb:1e:9a:a0:b2:
d7:f0:5a:c0:95:3f:70:37:08:ba:d6:5d:c0:82:1e:e2:cb:d1:
a2:92:65:10:21:07:00:36:44:4b:b7:c7:a4:60:e9:8f:cf:60:
fe:13:e0:28:19:a3:79:a2:cb:ea:f3:43:5d:b1:35:77:6f:25:
52:20:37:cf:5e:e7:fa:7e:2c:9f:8c:fb:80:5f:1a:e3:9f:89:
3e:61:9b:4a:9a:aa:a8:b1:c1:c1:fc:3c:ad:b5:dd:ad:c3:c2:
74:8a:a0:ab
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYzYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjIx
NTQxMDNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDdEQTA0MTE5RDg5QkY1
QkExNDNGNDhFMjQ4NEEwQzIxMjVDMTVFRDcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDR2Iwt2x2DdaHs7V/wfUB01pW54sSl9lHUJSnUpfGUVnjkmzZg
jYhQhlPl5LP5b++cGR4m0O++Yb4NqPAE0C7mUp26ePBhOVW2Vtp+ojDvqgRs52vA
y7HfH1qwVC9uFQaxzmAwPcLs9cThwIi37okVZa0F8++zGks6PjFFcJmchnJwrIPe
i++LFELHR0AGpfoV7V4/P9oTAPtbIy+bsXibJ1eCRureV+FeVkMhBrvtcWUUG3IT
oaamaNfaL8zG98zM4zMG+v0l+ipW1OWPma5UHFDopzYPbU1BfRlOyaNFwh8P3TOk
+mc2JI9gAJlWkdVjrpbHk+wuCHqLL4N7HCW7AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUfaBBGdib9boUP0jiSEoMISXBXtcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2ZhQkJHZGliOWJvVVAw
amlTRW9NSVNYQlh0Yy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA4TvU1
K+0MDEJJ5ndV/eZ4zp6T6HxoR75G//ojghewbQKjBIwXHdZQ27IJUnFrZ54B/mHH
xXysGTDrs9bYa17IMC6dojgri9PqJTcW8cU6zHUdh3NqgUbyA3fdvqibwgHN3VGk
KC670IUDPd8WF+jhDQ+eqsgbHb5q2pXWqQhC2wPUCI7iW+ULbnRFhs9WKC0fXcI9
sd2NGrQeaNH06x6aoLLX8FrAlT9wNwi61l3Agh7iy9GikmUQIQcANkRLt8ekYOmP
z2D+E+AoGaN5osvq80NdsTV3byVSIDfPXuf6fiyfjPuAXxrjn4k+YZtKmqqoscHB
/Dyttd2tw8J0iqCr
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:52:08 2025 by rpki-client