Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/wfSOVYdYuSEuHHTacvlUNvuywnY.roa
File: wfSOVYdYuSEuHHTacvlUNvuywnY.roa (raw, json)
Hash identifier: 27SB8Jjqn5H9SPOU/Tb8s79/3HMkfmLvnfuORPqRctI=
Subject key identifier: C1:F4:8E:55:87:58:B9:21:2E:1C:74:DA:72:F9:54:36:FB:B2:C2:76
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 73CE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/wfSOVYdYuSEuHHTacvlUNvuywnY.roa
Signing time: Sun 06 Jul 2025 03:15:01 +0000
ROA not before: Sun 06 Jul 2025 03:15:01 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29646 (0x73ce)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 6 03:15:01 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=C1F48E558758B9212E1C74DA72F95436FBB2C276
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:17:9f:e2:2d:05:53:0d:ee:11:60:88:ad:d7:
1d:a3:2c:0c:81:28:7c:3a:64:b8:e9:38:e5:f9:36:
b7:65:5f:70:c5:17:0f:b2:35:77:c3:40:a7:44:0f:
87:c0:bd:8f:ce:e4:b6:77:b5:b8:7c:21:7d:fb:fb:
cc:bc:5a:73:1f:ea:86:d1:5f:34:af:ce:f8:0e:bc:
86:c7:69:75:49:0b:f2:60:79:9f:2e:1a:51:a7:92:
02:ec:d7:74:92:42:d1:e4:59:cd:e3:9c:e4:23:58:
2c:58:ce:60:15:41:8f:b9:e2:6f:8e:9d:dd:26:34:
36:e4:8a:f2:bb:e8:84:a7:07:04:d4:5a:23:33:1a:
28:36:71:2e:20:7b:96:8f:84:d3:99:4b:6c:e7:78:
a3:b9:f5:56:6d:dc:22:3a:6b:b5:dc:81:26:5d:b7:
e9:e9:3f:22:07:8c:b9:13:a8:d8:29:fe:b5:a7:0b:
12:c0:0a:16:e3:d6:44:85:d6:f3:fd:09:02:78:ba:
2e:5c:74:42:01:cc:a1:1c:58:70:d8:b1:46:4e:43:
98:57:94:ff:50:4a:06:1b:1a:83:2e:50:74:09:f0:
19:2b:11:f9:4b:8c:81:81:6e:6f:04:c2:00:29:41:
82:9f:05:35:e8:93:24:a2:7d:2e:93:60:13:09:c0:
b7:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C1:F4:8E:55:87:58:B9:21:2E:1C:74:DA:72:F9:54:36:FB:B2:C2:76
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/wfSOVYdYuSEuHHTacvlUNvuywnY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
40:06:ff:30:f8:60:ce:88:80:b6:19:27:25:ff:a8:49:70:72:
77:58:9b:30:e7:ff:ab:f8:51:b5:62:4e:1a:ed:e4:f3:86:74:
7d:34:20:56:10:a5:dc:48:64:17:23:6d:e1:9a:8f:2f:1f:02:
72:4a:c1:23:ce:39:8f:50:ea:30:5b:4a:de:e9:25:38:cb:30:
29:f0:b0:68:d8:e9:2e:80:1c:15:21:82:1c:ac:3b:e9:ed:3b:
a9:77:49:a7:73:28:6c:0f:87:9c:a9:e0:ad:03:f1:6c:4e:de:
de:61:9d:e0:aa:24:9c:26:54:fa:c5:14:39:e7:4d:b4:80:9e:
08:c3:01:b1:c3:6a:6f:f1:46:eb:31:96:ef:16:b0:8a:d5:11:
03:38:81:3d:db:b7:63:e6:fc:e5:3f:77:2f:27:24:64:6a:07:
0d:e8:b2:d0:18:5c:48:cf:72:b6:a5:ea:01:9d:70:fc:4a:0e:
17:79:b8:8a:f2:b6:ec:c7:37:1e:c7:02:31:f6:45:ba:80:d2:
81:55:53:56:a0:f0:5c:b2:c7:48:1c:67:25:03:0b:7f:4c:28:
8f:af:6a:ea:7f:ed:1c:bc:63:8a:13:14:0d:8f:a2:fb:9a:a4:
7e:d2:f1:9a:0e:b2:ca:98:2b:9f:bf:a1:d0:35:ec:36:a1:f9:
37:1e:67:d4
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICc84wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDYw
MzE1MDFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEMxRjQ4RTU1ODc1OEI5
MjEyRTFDNzREQTcyRjk1NDM2RkJCMkMyNzYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCfF5/iLQVTDe4RYIit1x2jLAyBKHw6ZLjpOOX5NrdlX3DFFw+y
NXfDQKdED4fAvY/O5LZ3tbh8IX37+8y8WnMf6obRXzSvzvgOvIbHaXVJC/JgeZ8u
GlGnkgLs13SSQtHkWc3jnOQjWCxYzmAVQY+54m+Ond0mNDbkivK76ISnBwTUWiMz
Gig2cS4ge5aPhNOZS2zneKO59VZt3CI6a7XcgSZdt+npPyIHjLkTqNgp/rWnCxLA
Chbj1kSF1vP9CQJ4ui5cdEIBzKEcWHDYsUZOQ5hXlP9QSgYbGoMuUHQJ8BkrEflL
jIGBbm8EwgApQYKfBTXokySifS6TYBMJwLeTAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUwfSOVYdYuSEuHHTacvlUNvuywnYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3dmU09WWWRZdVNFdUhI
VGFjdmxVTnZ1eXduWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBABv8w
+GDOiIC2GScl/6hJcHJ3WJsw5/+r+FG1Yk4a7eTzhnR9NCBWEKXcSGQXI23hmo8v
HwJySsEjzjmPUOowW0re6SU4yzAp8LBo2OkugBwVIYIcrDvp7Tupd0mncyhsD4ec
qeCtA/FsTt7eYZ3gqiScJlT6xRQ55020gJ4IwwGxw2pv8UbrMZbvFrCK1REDOIE9
27dj5vzlP3cvJyRkagcN6LLQGFxIz3K2peoBnXD8Sg4XebiK8rbsxzcexwIx9kW6
gNKBVVNWoPBcssdIHGclAwt/TCiPr2rqf+0cvGOKExQNj6L7mqR+0vGaDrLKmCuf
v6HQNew2ofk3HmfU
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:51:37 2025 by rpki-client