Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/foNyR_hIrGi7AXJAAmmkWX_pM78.roa
File: foNyR_hIrGi7AXJAAmmkWX_pM78.roa (raw, json)
Hash identifier: 437LAqZUppFNW11e8HzOC0y1crnVkKcaxot/fEe7Ypg=
Subject key identifier: 7E:83:72:47:F8:48:AC:68:BB:01:72:40:02:69:A4:59:7F:E9:33:BF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 753C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/foNyR_hIrGi7AXJAAmmkWX_pM78.roa
Signing time: Wed 09 Jul 2025 22:45:27 +0000
ROA not before: Wed 09 Jul 2025 22:45:27 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30012 (0x753c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 9 22:45:27 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=7E837247F848AC68BB0172400269A4597FE933BF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:68:fc:4f:bf:fa:5e:0f:9b:62:4e:cd:a5:d6:
a4:d9:9f:3e:2f:63:99:9c:58:0f:fa:54:40:83:91:
f5:93:9c:86:de:42:12:1d:1a:f2:92:b2:92:50:66:
3d:c8:c3:8d:4e:13:da:2b:cc:c1:fa:ac:fa:b7:f5:
9b:e7:84:d7:f1:c8:3f:6a:76:47:d9:41:13:52:39:
cb:b2:45:c0:65:63:fe:b6:e0:5f:45:ac:5c:cb:d6:
a1:57:73:8e:0e:38:27:23:ce:2a:4c:21:c2:11:94:
5d:a1:23:8d:21:e3:e3:15:17:52:89:87:67:4c:f9:
45:31:ec:42:73:11:d6:0a:bc:d4:87:9f:a5:9c:89:
40:cd:42:ec:1a:e6:91:4d:3d:bb:62:ad:94:51:5a:
8b:f9:8f:a9:75:6b:99:17:29:19:ff:d3:1a:6c:99:
16:69:38:2c:61:69:d6:7e:82:20:c9:86:9a:3c:4c:
19:fd:74:ca:89:d9:3f:77:9a:5f:35:17:c4:58:40:
ba:20:58:30:f0:73:b5:a6:36:68:ec:4c:d5:9a:f7:
19:2d:86:56:24:ff:74:2f:87:ed:00:52:43:3b:22:
1e:d1:ef:e1:9b:dc:58:9d:c2:8a:25:2a:c1:cb:b4:
82:75:28:c8:e6:03:c3:7a:b3:37:9f:e0:a9:bd:b7:
49:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:83:72:47:F8:48:AC:68:BB:01:72:40:02:69:A4:59:7F:E9:33:BF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/foNyR_hIrGi7AXJAAmmkWX_pM78.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
2f:17:ae:a5:9d:31:97:5f:54:74:b1:68:8c:95:c8:60:68:cd:
80:c0:c1:be:fc:16:d2:24:8d:87:95:07:a9:b3:de:4f:17:02:
df:b7:87:a9:44:9b:98:94:c1:8f:ba:ea:48:29:5b:4f:9f:2a:
a8:60:8d:15:47:91:2f:85:8f:13:76:f6:6c:fb:d7:6d:52:36:
54:2b:59:a5:13:69:12:87:d3:34:0b:93:44:3c:ba:f9:fc:a3:
38:54:33:4a:fc:92:0b:a6:eb:f2:5f:e0:61:06:34:a3:d3:ba:
e9:74:dc:77:7b:d5:22:bf:2b:1e:65:b6:5f:c0:2a:36:45:8c:
15:af:a4:e9:e1:44:33:14:0a:5d:cd:00:74:48:b3:54:0b:2b:
e6:4c:8b:11:b6:26:d9:a2:69:00:ad:7b:d6:ae:c3:c4:61:5d:
f7:25:f2:80:78:08:e2:2a:d8:c8:c3:3e:ad:8a:60:c7:f8:2b:
b0:87:b5:22:d9:4a:50:64:fe:ff:1d:db:b3:13:62:de:a3:96:
e5:4b:d7:4f:1c:77:22:1c:e7:df:d7:d3:cb:27:f7:41:53:97:
5c:51:fc:e4:83:8b:76:18:5d:83:2e:fd:3e:5c:6b:a0:81:a2:
ec:e3:db:1b:83:1e:90:35:11:57:12:f6:7e:47:81:ad:cd:ca:
7a:31:eb:8a
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdTwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDky
MjQ1MjdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDdFODM3MjQ3Rjg0OEFD
NjhCQjAxNzI0MDAyNjlBNDU5N0ZFOTMzQkYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDLaPxPv/peD5tiTs2l1qTZnz4vY5mcWA/6VECDkfWTnIbeQhId
GvKSspJQZj3Iw41OE9orzMH6rPq39ZvnhNfxyD9qdkfZQRNSOcuyRcBlY/624F9F
rFzL1qFXc44OOCcjzipMIcIRlF2hI40h4+MVF1KJh2dM+UUx7EJzEdYKvNSHn6Wc
iUDNQuwa5pFNPbtirZRRWov5j6l1a5kXKRn/0xpsmRZpOCxhadZ+giDJhpo8TBn9
dMqJ2T93ml81F8RYQLogWDDwc7WmNmjsTNWa9xkthlYk/3Qvh+0AUkM7Ih7R7+Gb
3FidwoolKsHLtIJ1KMjmA8N6szef4Km9t0kvAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUfoNyR/hIrGi7AXJAAmmkWX/pM78wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2ZvTnlSX2hJckdpN0FY
SkFBbW1rV1hfcE03OC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAvF66l
nTGXX1R0sWiMlchgaM2AwMG+/BbSJI2HlQeps95PFwLft4epRJuYlMGPuupIKVtP
nyqoYI0VR5EvhY8TdvZs+9dtUjZUK1mlE2kSh9M0C5NEPLr5/KM4VDNK/JILpuvy
X+BhBjSj07rpdNx3e9UivyseZbZfwCo2RYwVr6Tp4UQzFApdzQB0SLNUCyvmTIsR
tibZomkArXvWrsPEYV33JfKAeAjiKtjIwz6timDH+Cuwh7Ui2UpQZP7/HduzE2Le
o5blS9dPHHciHOff19PLJ/dBU5dcUfzkg4t2GF2DLv0+XGuggaLs49sbgx6QNRFX
EvZ+R4Gtzcp6MeuK
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:35:14 2025 by rpki-client