Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/sffKCgQuW-7wRH2dnhoAisdjoj0.roa
File: sffKCgQuW-7wRH2dnhoAisdjoj0.roa (raw, json)
Hash identifier: 5Wokap7L2EnMBLite6LSQ/sVTZ7tK2Vxn8iPXr0LeoI=
Subject key identifier: B1:F7:CA:0A:04:2E:5B:EE:F0:44:7D:9D:9E:1A:00:8A:C7:63:A2:3D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 75FC
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/sffKCgQuW-7wRH2dnhoAisdjoj0.roa
Signing time: Fri 11 Jul 2025 23:11:33 +0000
ROA not before: Fri 11 Jul 2025 23:11:33 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30204 (0x75fc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 11 23:11:33 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B1F7CA0A042E5BEEF0447D9D9E1A008AC763A23D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:bd:d5:36:92:14:65:df:0b:77:9e:75:ec:5e:
66:1d:6c:10:90:88:be:50:8a:e8:d3:10:f4:37:9a:
1d:66:28:19:06:8c:e6:6c:1c:2a:71:2a:18:57:78:
53:7a:25:e4:90:d7:c8:d5:73:61:64:62:9b:62:98:
0e:87:eb:db:25:c0:76:f5:7c:c6:a5:a4:27:d3:24:
e3:64:5c:49:19:72:2b:8c:84:e6:16:c4:15:2d:18:
91:5c:21:54:d3:b8:79:b8:25:37:86:6c:7e:ff:88:
73:f3:a7:2b:e9:d5:6f:e4:52:4a:5d:40:f4:5a:cb:
6a:d0:9d:16:2e:08:8b:a6:3f:d4:ec:fa:9c:50:53:
c0:6d:3d:f5:e3:e8:05:c7:ee:45:f4:fa:3b:77:e3:
99:64:c3:75:b7:47:e0:ee:aa:7c:8e:30:4a:55:9b:
84:c0:03:6e:02:f6:33:99:65:fd:c6:26:0e:b8:26:
b9:b1:ab:bc:eb:d0:ec:b4:93:68:1c:d4:17:7b:f1:
6a:d4:bb:29:c5:cc:44:de:42:15:00:80:66:60:9f:
34:85:71:14:ba:06:e7:6a:b4:77:14:aa:23:b3:d2:
ae:43:e9:38:96:6b:b9:91:7f:0f:c9:df:0f:69:46:
6c:8c:4d:f3:b4:29:2c:1e:64:1c:49:3c:cc:5d:73:
7d:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:F7:CA:0A:04:2E:5B:EE:F0:44:7D:9D:9E:1A:00:8A:C7:63:A2:3D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/sffKCgQuW-7wRH2dnhoAisdjoj0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
85:80:61:8a:1f:d9:6d:5e:90:cb:d2:61:a6:56:a5:5d:f5:13:
22:ee:17:9a:5f:95:21:0b:fb:ce:39:41:e8:f0:8f:53:87:fe:
c2:0b:16:a8:3b:2f:1c:3e:fb:21:69:35:dd:31:67:e0:b1:70:
38:c8:91:1b:e3:50:59:ee:4c:b7:8d:9e:89:71:2a:82:39:c0:
ea:b2:5f:ad:ef:e3:78:8e:9c:4f:03:6e:a2:7f:58:96:af:ee:
ed:94:db:82:88:6f:11:ec:4f:7b:ba:82:49:7f:37:db:8e:fe:
52:41:41:35:ae:d4:3a:ba:30:6c:45:20:64:88:e1:6f:c3:1e:
61:52:65:10:c0:27:1e:d1:41:0b:ab:fe:b6:9d:04:26:5d:45:
a5:06:91:e8:83:91:32:52:43:25:d9:84:14:64:88:b4:3c:8a:
bc:3a:f9:de:b4:0d:d8:d8:c6:9b:ba:bd:18:88:3d:cd:d5:e5:
b8:18:2d:8e:4a:6e:af:8f:c4:a6:0f:95:aa:a6:5a:5c:bb:8b:
7f:81:52:d0:8c:88:0f:fd:32:54:8a:1b:7b:d9:10:d0:26:39:
2d:a0:60:6f:63:ad:84:77:a8:fc:75:3a:d7:64:7f:ce:19:63:
2c:17:b7:97:e3:cc:58:47:b8:5d:6d:b7:ca:cf:f5:e4:d9:42:
dc:7b:36:bb
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdfwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTEy
MzExMzNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEIxRjdDQTBBMDQyRTVC
RUVGMDQ0N0Q5RDlFMUEwMDhBQzc2M0EyM0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDivdU2khRl3wt3nnXsXmYdbBCQiL5QiujTEPQ3mh1mKBkGjOZs
HCpxKhhXeFN6JeSQ18jVc2FkYptimA6H69slwHb1fMalpCfTJONkXEkZciuMhOYW
xBUtGJFcIVTTuHm4JTeGbH7/iHPzpyvp1W/kUkpdQPRay2rQnRYuCIumP9Ts+pxQ
U8BtPfXj6AXH7kX0+jt345lkw3W3R+DuqnyOMEpVm4TAA24C9jOZZf3GJg64Jrmx
q7zr0Oy0k2gc1Bd78WrUuynFzETeQhUAgGZgnzSFcRS6BudqtHcUqiOz0q5D6TiW
a7mRfw/J3w9pRmyMTfO0KSweZBxJPMxdc31/AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUsffKCgQuW+7wRH2dnhoAisdjoj0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3NmZktDZ1F1Vy03d1JI
MmRuaG9BaXNkam9qMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCFgGGK
H9ltXpDL0mGmVqVd9RMi7heaX5UhC/vOOUHo8I9Th/7CCxaoOy8cPvshaTXdMWfg
sXA4yJEb41BZ7ky3jZ6JcSqCOcDqsl+t7+N4jpxPA26if1iWr+7tlNuCiG8R7E97
uoJJfzfbjv5SQUE1rtQ6ujBsRSBkiOFvwx5hUmUQwCce0UELq/62nQQmXUWlBpHo
g5EyUkMl2YQUZIi0PIq8OvnetA3Y2Mabur0YiD3N1eW4GC2OSm6vj8SmD5Wqplpc
u4t/gVLQjIgP/TJUiht72RDQJjktoGBvY62Ed6j8dTrXZH/OGWMsF7eX48xYR7hd
bbfKz/Xk2ULceza7
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:43:13 2025 by rpki-client