Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/fmjYWb3lHmzBkRyi_ouB8o9v2JE.roa
File: fmjYWb3lHmzBkRyi_ouB8o9v2JE.roa (raw, json)
Hash identifier: ad3870vBCiFqR763D3lDIxa5/5jzD70mC9rW6QPmQlk=
Subject key identifier: 7E:68:D8:59:BD:E5:1E:6C:C1:91:1C:A2:FE:8B:81:F2:8F:6F:D8:91
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6D92
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fmjYWb3lHmzBkRyi_ouB8o9v2JE.roa
Signing time: Thu 19 Jun 2025 13:03:40 +0000
ROA not before: Thu 19 Jun 2025 13:03:40 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28050 (0x6d92)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 19 13:03:40 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=7E68D859BDE51E6CC1911CA2FE8B81F28F6FD891
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:df:50:d6:d1:bc:9c:b5:13:7d:6d:52:02:e4:
66:2e:64:e4:4f:8b:ce:4a:38:0e:90:d8:bf:b6:f9:
d6:f1:3e:b4:4f:21:74:1c:fd:a6:6b:94:e7:1d:fd:
4b:ff:5f:ad:61:8b:32:16:98:f2:71:bf:82:bd:32:
d4:d4:28:45:b6:d8:d9:fe:76:e4:49:c2:45:9a:ec:
db:14:dc:e6:28:4b:69:f2:ca:5a:77:76:66:89:21:
6b:76:37:bd:61:87:69:3b:4b:4b:d1:86:f3:f5:77:
19:26:eb:fb:33:2a:d5:1c:49:89:e0:44:21:02:31:
9d:dd:22:61:13:bf:0f:41:1b:69:cf:2e:8a:5a:32:
0a:eb:69:af:91:e2:2c:14:67:90:07:cd:ea:cd:6f:
55:2c:65:db:87:e2:8c:d0:8b:ad:3f:48:f8:97:64:
83:8e:29:ef:fc:d0:26:3c:32:2c:1f:10:75:1b:48:
b1:54:07:c6:cb:fc:7b:54:3e:86:0d:d0:e3:e6:ee:
47:43:63:13:0e:5c:8c:a2:88:3b:97:ce:8c:ed:94:
12:f1:90:56:fa:ac:07:c5:71:7b:69:c5:a6:86:99:
d5:a0:d5:88:d3:b5:86:cb:1d:3d:72:4b:29:31:75:
c0:52:53:23:b4:67:b9:38:4d:0c:79:9b:f6:03:33:
20:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:68:D8:59:BD:E5:1E:6C:C1:91:1C:A2:FE:8B:81:F2:8F:6F:D8:91
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fmjYWb3lHmzBkRyi_ouB8o9v2JE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
2c:a4:c8:78:5b:97:68:26:bb:90:72:8a:23:d7:5d:8c:95:58:
3f:4f:8c:cf:12:96:ff:c4:c2:80:27:a5:fa:65:10:bb:3c:4f:
e8:12:91:1e:ae:75:78:66:05:ed:be:82:bf:b4:51:e7:0f:88:
cc:60:0c:b8:0d:a6:52:6c:dc:80:00:e5:bf:78:db:eb:38:2a:
08:71:d1:80:a6:c3:d2:a8:e0:37:fb:8f:52:a6:ab:48:df:7d:
66:e6:43:82:c4:1d:db:eb:e7:af:19:e3:b8:23:93:b7:c0:41:
cb:61:20:c3:47:08:89:99:63:af:92:41:a0:b4:9d:c6:79:20:
ff:88:17:43:18:7b:38:4b:00:cc:fb:91:5e:5e:c3:95:9d:71:
92:a2:56:32:6a:b2:84:3a:35:b1:f9:5e:44:e0:1d:c9:6b:10:
49:a1:4c:dd:7e:d8:75:4a:97:1b:3b:05:1c:c4:93:ea:3f:5f:
f7:b7:1e:1f:6b:f6:d9:20:7d:43:f6:9e:1f:e3:3c:46:4d:d1:
52:2b:3d:70:b6:b6:ee:d1:20:bc:55:31:69:e0:b9:97:39:02:
81:f7:ff:51:a6:a2:0f:72:ac:49:39:41:23:06:c8:2a:a2:7e:
60:b3:b7:3f:33:8b:60:93:63:4c:09:ba:f1:d4:9d:65:6b:a4:
f9:6f:e5:cf
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbZIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTkx
MzAzNDBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDdFNjhEODU5QkRFNTFF
NkNDMTkxMUNBMkZFOEI4MUYyOEY2RkQ4OTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDE31DW0byctRN9bVIC5GYuZORPi85KOA6Q2L+2+dbxPrRPIXQc
/aZrlOcd/Uv/X61hizIWmPJxv4K9MtTUKEW22Nn+duRJwkWa7NsU3OYoS2nyylp3
dmaJIWt2N71hh2k7S0vRhvP1dxkm6/szKtUcSYngRCECMZ3dImETvw9BG2nPLopa
Mgrraa+R4iwUZ5AHzerNb1UsZduH4ozQi60/SPiXZIOOKe/80CY8MiwfEHUbSLFU
B8bL/HtUPoYN0OPm7kdDYxMOXIyiiDuXzoztlBLxkFb6rAfFcXtpxaaGmdWg1YjT
tYbLHT1ySykxdcBSUyO0Z7k4TQx5m/YDMyC5AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUfmjYWb3lHmzBkRyi/ouB8o9v2JEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2ZtallXYjNsSG16QmtS
eWlfb3VCOG85djJKRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAspMh4
W5doJruQcooj112MlVg/T4zPEpb/xMKAJ6X6ZRC7PE/oEpEernV4ZgXtvoK/tFHn
D4jMYAy4DaZSbNyAAOW/eNvrOCoIcdGApsPSqOA3+49SpqtI331m5kOCxB3b6+ev
GeO4I5O3wEHLYSDDRwiJmWOvkkGgtJ3GeSD/iBdDGHs4SwDM+5FeXsOVnXGSolYy
arKEOjWx+V5E4B3JaxBJoUzdfth1SpcbOwUcxJPqP1/3tx4fa/bZIH1D9p4f4zxG
TdFSKz1wtrbu0SC8VTFp4LmXOQKB9/9RpqIPcqxJOUEjBsgqon5gs7c/M4tgk2NM
Cbrx1J1la6T5b+XP
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:39:25 2025 by rpki-client