Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/fbneE6hJxZdk4kLoTorNUnRtA7Q.roa
File: fbneE6hJxZdk4kLoTorNUnRtA7Q.roa (raw, json)
Hash identifier: f37IaBf78f28JOny21d54zjIdaMBkIibRJTxUB67nXY=
Subject key identifier: 7D:B9:DE:13:A8:49:C5:97:64:E2:42:E8:4E:8A:CD:52:74:6D:03:B4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 712C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fbneE6hJxZdk4kLoTorNUnRtA7Q.roa
Signing time: Sun 29 Jun 2025 02:44:42 +0000
ROA not before: Sun 29 Jun 2025 02:44:42 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28972 (0x712c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 29 02:44:42 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=7DB9DE13A849C59764E242E84E8ACD52746D03B4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:8a:ee:24:ac:e7:19:b6:b7:cc:21:0c:f3:90:
e4:15:09:37:c1:aa:70:8d:ad:5f:8a:36:7b:73:40:
cc:b0:5a:bb:68:de:ab:78:1c:f3:c1:cd:f3:67:88:
dc:43:3d:1d:80:38:4e:d2:77:f9:72:e5:ef:61:5b:
af:63:95:32:c4:a2:9b:98:ce:24:2e:a0:7f:84:14:
36:87:5c:4c:6c:63:5e:6d:9a:46:81:8d:eb:ca:ae:
27:b3:1a:e0:dd:99:b8:01:99:25:10:7b:c0:ed:ea:
cd:68:89:6f:73:df:35:f2:a6:f8:68:1f:63:67:7a:
11:f6:e0:10:84:ce:5c:99:3f:85:6d:25:9e:86:21:
d2:a2:31:78:e7:8f:a0:28:fc:f3:53:77:f4:30:e1:
bd:ba:77:a6:9b:c9:87:3d:fc:75:6e:d8:d3:a7:a8:
a4:96:48:2b:ff:0f:17:03:8e:ae:ea:f9:8b:0d:52:
1b:f5:4c:e5:55:98:37:f6:40:e7:24:f3:9a:93:b4:
b3:d3:50:91:d0:2e:47:c7:01:46:bf:63:6d:c9:cc:
18:07:ad:ac:08:a2:52:7e:e1:06:87:05:81:af:23:
18:b9:e8:ee:03:ce:1f:35:10:5c:c1:39:1c:08:ae:
ea:42:93:77:a8:9e:ec:28:c1:95:c1:7b:26:58:5e:
f3:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:B9:DE:13:A8:49:C5:97:64:E2:42:E8:4E:8A:CD:52:74:6D:03:B4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fbneE6hJxZdk4kLoTorNUnRtA7Q.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
21:2e:5e:d3:9a:29:b5:b0:07:60:07:d0:67:62:73:61:82:00:
96:21:ad:30:49:8b:cc:d2:8e:2b:0f:8e:29:bd:96:47:86:28:
91:09:e5:6e:b3:86:bf:85:29:9c:1c:f3:74:b9:e2:6c:60:ef:
0b:05:a8:c5:7d:65:d5:9f:22:01:e7:84:13:61:0c:a4:bb:a8:
18:7a:e8:73:c3:76:db:1d:2b:f8:61:0b:fe:59:ca:3f:55:d9:
f7:b2:0a:15:36:60:9d:fa:9f:c5:6c:79:d0:f7:df:49:d4:4a:
99:79:5e:20:d3:97:7c:74:38:d3:c4:bc:bb:e7:94:ad:83:15:
ae:68:73:8d:89:6f:30:e3:d5:df:3d:cb:d1:e3:41:3a:d6:04:
ba:18:6a:2c:4c:92:d5:60:b5:cb:43:ee:60:ff:58:c5:b1:55:
bc:ed:71:fa:79:c0:9c:c1:9f:29:97:8c:7e:62:87:fe:a3:df:
1c:b6:d3:27:83:c7:b2:b0:44:6a:88:3b:ab:18:0d:60:eb:d9:
41:93:d9:5d:da:57:14:d7:02:09:cd:66:b8:cc:23:06:4e:d5:
61:d6:9e:10:8a:b7:10:2a:86:f1:c2:25:d7:7f:16:93:f4:84:
da:ec:5a:9b:00:ae:43:1d:cc:b5:4f:53:e0:12:2c:02:e1:e7:
40:8d:4e:dd
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcSwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2Mjkw
MjQ0NDJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDdEQjlERTEzQTg0OUM1
OTc2NEUyNDJFODRFOEFDRDUyNzQ2RDAzQjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDPiu4krOcZtrfMIQzzkOQVCTfBqnCNrV+KNntzQMywWrto3qt4
HPPBzfNniNxDPR2AOE7Sd/ly5e9hW69jlTLEopuYziQuoH+EFDaHXExsY15tmkaB
jevKriezGuDdmbgBmSUQe8Dt6s1oiW9z3zXypvhoH2NnehH24BCEzlyZP4VtJZ6G
IdKiMXjnj6Ao/PNTd/Qw4b26d6abyYc9/HVu2NOnqKSWSCv/DxcDjq7q+YsNUhv1
TOVVmDf2QOck85qTtLPTUJHQLkfHAUa/Y23JzBgHrawIolJ+4QaHBYGvIxi56O4D
zh81EFzBORwIrupCk3eonuwowZXBeyZYXvOzAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUfbneE6hJxZdk4kLoTorNUnRtA7QwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2ZibmVFNmhKeFpkazRr
TG9Ub3JOVW5SdEE3US5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAhLl7T
mim1sAdgB9BnYnNhggCWIa0wSYvM0o4rD44pvZZHhiiRCeVus4a/hSmcHPN0ueJs
YO8LBajFfWXVnyIB54QTYQyku6gYeuhzw3bbHSv4YQv+Wco/Vdn3sgoVNmCd+p/F
bHnQ999J1EqZeV4g05d8dDjTxLy755StgxWuaHONiW8w49XfPcvR40E61gS6GGos
TJLVYLXLQ+5g/1jFsVW87XH6ecCcwZ8pl4x+Yof+o98cttMng8eysERqiDurGA1g
69lBk9ld2lcU1wIJzWa4zCMGTtVh1p4QircQKobxwiXXfxaT9ITa7FqbAK5DHcy1
T1PgEiwC4edAjU7d
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:49:45 2025 by rpki-client