Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/GKEp1-JU38jy4BMrEsqO-l4nAFU.roa
File: GKEp1-JU38jy4BMrEsqO-l4nAFU.roa (raw, json)
Hash identifier: Co6SVZ73MAbOJ8TqK+zRrwN52JxvTvgdak4IXXkkFg0=
Subject key identifier: 18:A1:29:D7:E2:54:DF:C8:F2:E0:13:2B:12:CA:8E:FA:5E:27:00:55
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6EB2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/GKEp1-JU38jy4BMrEsqO-l4nAFU.roa
Signing time: Sun 22 Jun 2025 18:14:28 +0000
ROA not before: Sun 22 Jun 2025 18:14:28 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28338 (0x6eb2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 22 18:14:28 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=18A129D7E254DFC8F2E0132B12CA8EFA5E270055
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:25:ec:8f:44:15:24:3a:57:e7:70:3c:3d:3d:
39:6d:92:5e:aa:0b:83:e1:c4:39:dd:7f:38:63:68:
8e:e5:13:a0:d2:ad:5f:d7:33:2f:81:5d:ba:b2:84:
a3:44:da:1a:7e:4d:6d:97:ba:bd:a4:5c:bd:55:45:
9c:e7:28:9f:26:d3:b7:23:6a:a0:b9:bf:b3:fb:af:
cd:d0:98:d1:85:16:26:95:5f:3d:7a:94:e9:ad:82:
d3:54:48:c3:ec:00:11:2f:f5:9c:fd:ba:70:c1:9f:
33:4a:c4:34:d0:64:85:ce:2b:8b:21:52:35:49:eb:
11:06:b3:7f:66:7a:c0:6c:40:6a:9f:a0:ff:a0:5f:
4c:27:ca:75:40:67:04:29:05:99:2d:b6:4d:a1:c1:
0d:a5:1d:05:5f:97:cc:9b:83:4e:26:0e:02:71:d1:
d9:ba:a2:90:fc:3c:ba:94:7f:c8:6f:8c:d6:30:2b:
4d:9b:18:74:26:6a:5d:e2:09:40:f9:0d:f1:56:ea:
7b:43:8e:2a:79:85:45:eb:fc:d4:d0:de:74:ca:00:
cf:b3:f3:fc:e5:ef:a4:88:01:4a:3e:6d:e0:3c:57:
ca:04:83:33:53:89:fd:92:50:f7:b1:b5:e7:72:eb:
35:91:fc:d9:13:7d:49:d1:72:0f:35:b4:54:78:ed:
3a:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:A1:29:D7:E2:54:DF:C8:F2:E0:13:2B:12:CA:8E:FA:5E:27:00:55
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/GKEp1-JU38jy4BMrEsqO-l4nAFU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
77:98:bb:c8:88:15:9e:fc:49:e0:25:f2:2c:02:0d:54:1d:7b:
b0:f2:08:7e:ea:14:c1:44:05:b8:fa:97:84:f2:8a:b5:28:95:
94:c9:ed:3b:0e:2f:31:b0:67:7e:52:4a:29:c1:1d:66:72:6b:
6f:db:30:cc:a3:df:b9:d0:f1:a4:ac:36:57:d6:78:87:39:d0:
dc:cf:86:81:64:f3:88:6e:b7:48:6c:5d:76:46:97:2f:ef:56:
83:27:29:6c:09:ab:64:fb:04:90:9c:b9:5e:dd:07:04:d3:59:
6d:f7:72:14:c1:6d:0c:5c:76:94:c0:2c:93:9b:6a:df:f9:cc:
a4:d6:d9:16:bd:86:02:c6:7f:f0:d7:d4:63:f3:04:bf:4c:0d:
4c:bb:0f:4c:50:ef:32:37:65:fe:ae:32:b5:1e:ba:02:8b:7d:
f4:81:1c:ee:a0:92:9d:b7:54:2c:13:89:7a:83:c5:63:db:0e:
80:de:1a:77:47:2a:e9:a9:da:22:15:ae:d7:e7:ab:16:9d:84:
9e:e6:4c:9d:5c:12:29:77:ac:93:11:05:1b:7d:5f:64:ba:f0:
ad:24:e4:47:51:37:7a:10:35:ad:65:e1:81:c3:01:0c:b0:d6:
19:9c:2e:a0:21:62:30:67:19:67:37:19:66:0d:7b:fa:3a:a4:
54:05:c9:9b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbrIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjIx
ODE0MjhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDE4QTEyOUQ3RTI1NERG
QzhGMkUwMTMyQjEyQ0E4RUZBNUUyNzAwNTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCoJeyPRBUkOlfncDw9PTltkl6qC4PhxDndfzhjaI7lE6DSrV/X
My+BXbqyhKNE2hp+TW2Xur2kXL1VRZznKJ8m07cjaqC5v7P7r83QmNGFFiaVXz16
lOmtgtNUSMPsABEv9Zz9unDBnzNKxDTQZIXOK4shUjVJ6xEGs39mesBsQGqfoP+g
X0wnynVAZwQpBZkttk2hwQ2lHQVfl8ybg04mDgJx0dm6opD8PLqUf8hvjNYwK02b
GHQmal3iCUD5DfFW6ntDjip5hUXr/NTQ3nTKAM+z8/zl76SIAUo+beA8V8oEgzNT
if2SUPextedy6zWR/NkTfUnRcg81tFR47TpTAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUGKEp1+JU38jy4BMrEsqO+l4nAFUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0dLRXAxLUpVMzhqeTRC
TXJFc3FPLWw0bkFGVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB3mLvI
iBWe/EngJfIsAg1UHXuw8gh+6hTBRAW4+peE8oq1KJWUye07Di8xsGd+UkopwR1m
cmtv2zDMo9+50PGkrDZX1niHOdDcz4aBZPOIbrdIbF12Rpcv71aDJylsCatk+wSQ
nLle3QcE01lt93IUwW0MXHaUwCyTm2rf+cyk1tkWvYYCxn/w19Rj8wS/TA1Muw9M
UO8yN2X+rjK1HroCi330gRzuoJKdt1QsE4l6g8Vj2w6A3hp3RyrpqdoiFa7X56sW
nYSe5kydXBIpd6yTEQUbfV9kuvCtJORHUTd6EDWtZeGBwwEMsNYZnC6gIWIwZxln
NxlmDXv6OqRUBcmb
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:53:32 2025 by rpki-client