Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/GJUfNbRONqsEmfOKbM1sHg7uv1A.roa
File: GJUfNbRONqsEmfOKbM1sHg7uv1A.roa (raw, json)
Hash identifier: LgxbdyAexnQEMxpsx1Qe8b04J/NxRsXrr2QdwXIIoAE=
Subject key identifier: 18:95:1F:35:B4:4E:36:AB:04:99:F3:8A:6C:CD:6C:1E:0E:EE:BF:50
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7500
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/GJUfNbRONqsEmfOKbM1sHg7uv1A.roa
Signing time: Wed 09 Jul 2025 07:45:17 +0000
ROA not before: Wed 09 Jul 2025 07:45:17 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29952 (0x7500)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 9 07:45:17 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=18951F35B44E36AB0499F38A6CCD6C1E0EEEBF50
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:4a:fb:81:db:7d:50:c6:9d:7a:75:c9:4c:fa:
ec:73:46:71:94:6a:90:d5:d8:d9:2c:fe:92:46:ad:
79:e2:75:ff:73:0b:07:f9:0e:a5:f9:4f:70:45:57:
4b:94:b6:38:6b:de:b7:32:66:28:2d:f2:85:b5:c6:
cf:58:cf:ab:5c:96:d8:50:17:8f:e9:1d:5a:74:64:
4e:a9:af:1b:e5:be:04:c7:88:e4:2c:db:ef:c7:8d:
6f:65:1e:7e:7f:df:1b:ce:8d:e1:0c:cf:74:bb:3b:
06:35:5e:8e:b7:d1:ca:9e:da:b4:48:e6:b6:8c:34:
4c:83:cb:57:11:12:99:19:97:26:46:6f:90:43:0f:
99:fd:6f:04:79:fe:4f:c4:f5:5a:88:0c:c8:e0:6b:
5c:5f:9c:13:53:10:78:74:66:73:43:01:eb:b3:dd:
33:ed:b9:a2:9c:cf:52:6c:6f:5d:e9:a6:ad:de:67:
a9:58:cc:30:63:49:29:c9:bb:c8:f9:75:66:de:80:
30:14:b5:79:3e:e2:76:a3:28:ea:26:ba:9c:9a:19:
c9:86:e4:d4:e0:4b:17:83:70:d5:d3:b5:12:f1:57:
19:71:80:02:ae:db:d4:8a:8f:42:53:e3:ae:f8:32:
64:8f:30:d8:19:bd:76:c2:30:12:26:b4:93:bb:00:
8a:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:95:1F:35:B4:4E:36:AB:04:99:F3:8A:6C:CD:6C:1E:0E:EE:BF:50
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/GJUfNbRONqsEmfOKbM1sHg7uv1A.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
3d:eb:f6:61:10:fe:93:3c:bb:9b:04:7e:85:bf:6c:41:48:2c:
85:92:bc:65:81:73:0e:68:20:d9:c9:ec:77:5a:cf:dd:e0:5f:
18:6b:e0:c2:49:fe:cc:76:26:3c:7f:26:5c:b3:ad:53:25:33:
58:db:5c:08:b9:24:83:be:f7:23:6f:c7:49:1a:76:54:9a:8a:
66:95:c9:63:a5:a6:ba:6f:81:00:a4:69:b7:15:bc:08:d0:2d:
aa:c1:7a:09:29:1b:74:4d:05:15:85:a5:17:48:fe:f8:d5:62:
a6:fa:71:82:1a:66:ad:a4:21:57:ea:c2:87:3b:31:cd:03:5f:
53:81:81:bd:51:f1:3e:6b:22:75:a7:cd:28:85:d1:7a:96:36:
9f:2e:be:cd:25:fd:10:11:7f:1b:f7:3f:d4:b7:8b:71:0a:87:
b5:d8:11:cf:46:44:49:ef:1a:85:b0:51:68:e1:a2:36:65:9d:
d4:47:6c:bc:8c:6d:ab:a3:43:44:38:ee:4e:1f:6f:72:ec:06:
e9:7c:07:0c:ec:a4:d1:57:00:0d:34:c1:03:00:5e:bc:3e:bf:
30:23:be:d3:68:4f:0f:6b:9e:fb:62:d7:40:d4:c3:4c:4d:c5:
10:1a:5b:b5:bc:d9:59:49:28:e6:ee:56:54:2e:1a:22:5e:9c:
35:34:37:b2
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdQAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDkw
NzQ1MTdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDE4OTUxRjM1QjQ0RTM2
QUIwNDk5RjM4QTZDQ0Q2QzFFMEVFRUJGNTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKSvuB231Qxp16dclM+uxzRnGUapDV2Nks/pJGrXnidf9zCwf5
DqX5T3BFV0uUtjhr3rcyZigt8oW1xs9Yz6tclthQF4/pHVp0ZE6prxvlvgTHiOQs
2+/HjW9lHn5/3xvOjeEMz3S7OwY1Xo630cqe2rRI5raMNEyDy1cREpkZlyZGb5BD
D5n9bwR5/k/E9VqIDMjga1xfnBNTEHh0ZnNDAeuz3TPtuaKcz1Jsb13ppq3eZ6lY
zDBjSSnJu8j5dWbegDAUtXk+4najKOomupyaGcmG5NTgSxeDcNXTtRLxVxlxgAKu
29SKj0JT4674MmSPMNgZvXbCMBImtJO7AIpNAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUGJUfNbRONqsEmfOKbM1sHg7uv1AwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0dKVWZOYlJPTnFzRW1m
T0tiTTFzSGc3dXYxQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA96/Zh
EP6TPLubBH6Fv2xBSCyFkrxlgXMOaCDZyex3Ws/d4F8Ya+DCSf7MdiY8fyZcs61T
JTNY21wIuSSDvvcjb8dJGnZUmopmlcljpaa6b4EApGm3FbwI0C2qwXoJKRt0TQUV
haUXSP741WKm+nGCGmatpCFX6sKHOzHNA19TgYG9UfE+ayJ1p80ohdF6ljafLr7N
Jf0QEX8b9z/Ut4txCoe12BHPRkRJ7xqFsFFo4aI2ZZ3UR2y8jG2ro0NEOO5OH29y
7AbpfAcM7KTRVwANNMEDAF68Pr8wI77TaE8Pa577YtdA1MNMTcUQGlu1vNlZSSjm
7lZULhoiXpw1NDey
-----END CERTIFICATE-----
Generated at Sun Jul 20 16:37:07 2025 by rpki-client