Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/GeqmhgKMGxwkiv2Aea7o_6I__9g.roa
File: GeqmhgKMGxwkiv2Aea7o_6I__9g.roa (raw, json)
Hash identifier: jKr8WpVatwdlVOjmg5Y1r2hR7IiTCF6dRKHRnF60Ih0=
Subject key identifier: 19:EA:A6:86:02:8C:1B:1C:24:8A:FD:80:79:AE:E8:FF:A2:3F:FF:D8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 78A0
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/GeqmhgKMGxwkiv2Aea7o_6I__9g.roa
Signing time: Sat 19 Jul 2025 00:12:11 +0000
ROA not before: Sat 19 Jul 2025 00:12:11 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30880 (0x78a0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 19 00:12:11 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=19EAA686028C1B1C248AFD8079AEE8FFA23FFFD8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:90:ee:60:ee:91:db:d7:2a:90:6c:5c:d8:2c:
e7:c3:fd:fe:33:6f:d6:da:91:05:85:4a:b8:71:4a:
c4:9c:c4:27:90:56:34:d8:50:4d:c3:bc:6d:75:09:
6b:ed:b3:c5:0c:db:76:3e:6c:27:09:17:b2:01:cb:
94:70:71:eb:a0:7c:c6:7e:fe:ff:2f:76:ec:50:70:
16:ba:a8:b1:a9:38:a2:2e:9a:f3:93:ea:c2:79:c2:
bf:3d:24:5b:4c:88:3e:78:e2:87:f9:e9:df:a1:56:
71:31:be:9c:65:da:8b:83:ce:0a:d8:74:81:11:ec:
11:bc:bb:69:9e:32:56:4f:18:82:6a:b1:69:ff:5a:
62:a3:86:e6:0f:c6:42:51:d4:f3:41:ff:8d:35:01:
9f:9d:3e:b4:89:63:cd:95:2d:29:6c:a5:57:ad:42:
9d:79:0a:1a:f3:e2:92:9e:ad:2f:cb:58:e3:d0:5f:
1b:e6:3b:07:c8:57:b0:35:99:33:c7:4f:c2:df:9e:
43:09:07:60:d6:1e:1d:76:fa:d6:f0:9a:c5:00:24:
92:57:42:8a:2f:f8:18:6c:0f:ce:c6:2c:11:89:4a:
8d:5f:38:93:d6:af:9c:5e:4c:b1:77:11:26:8c:8d:
dc:c2:9c:2d:15:71:c6:62:93:6d:df:4a:c0:7f:d9:
a4:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:EA:A6:86:02:8C:1B:1C:24:8A:FD:80:79:AE:E8:FF:A2:3F:FF:D8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/GeqmhgKMGxwkiv2Aea7o_6I__9g.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
60:f9:db:4c:12:5e:54:ea:fa:50:f8:1f:91:59:cb:04:a3:ff:
48:46:3f:80:d4:35:e4:6c:8d:69:a2:ad:dd:b4:7d:56:86:56:
cd:e1:1e:f6:54:f5:23:b6:42:6a:f6:74:03:6b:24:46:9c:f4:
87:56:33:5f:9e:33:91:51:a9:92:82:7c:be:8e:36:16:e9:ae:
49:79:2b:e4:66:3a:59:5e:1a:e3:bb:ec:e5:93:f9:17:6f:fb:
1d:48:1b:21:36:08:eb:7e:9e:6d:d1:61:bf:18:57:e8:5c:c9:
a7:3c:99:d9:5d:e2:a0:0b:7d:66:c8:27:3d:1f:c3:39:34:78:
56:2d:34:d7:26:87:3f:e0:76:fc:c7:07:66:45:0f:3e:a6:11:
b6:85:be:e4:fb:1e:7a:c7:f2:d3:b9:68:5f:96:73:a2:a5:ab:
ac:63:1c:20:17:ff:5a:61:c6:b7:da:a4:11:c9:74:56:15:24:
c8:37:b3:c5:55:3e:04:ce:0d:0e:05:b1:2f:51:58:59:b1:92:
5e:54:6a:28:99:9a:38:25:46:6e:4d:17:05:ca:a1:0e:f2:b9:
cc:53:8a:00:27:87:8f:cc:f0:8d:4c:fc:97:e4:48:28:72:84:
9f:43:8b:c1:9f:0f:54:a4:a2:9f:b3:3b:31:fe:12:b7:aa:be:
75:50:19:05
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeKAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTkw
MDEyMTFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDE5RUFBNjg2MDI4QzFC
MUMyNDhBRkQ4MDc5QUVFOEZGQTIzRkZGRDgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCskO5g7pHb1yqQbFzYLOfD/f4zb9bakQWFSrhxSsScxCeQVjTY
UE3DvG11CWvts8UM23Y+bCcJF7IBy5RwceugfMZ+/v8vduxQcBa6qLGpOKIumvOT
6sJ5wr89JFtMiD544of56d+hVnExvpxl2ouDzgrYdIER7BG8u2meMlZPGIJqsWn/
WmKjhuYPxkJR1PNB/401AZ+dPrSJY82VLSlspVetQp15Chrz4pKerS/LWOPQXxvm
OwfIV7A1mTPHT8LfnkMJB2DWHh12+tbwmsUAJJJXQoov+BhsD87GLBGJSo1fOJPW
r5xeTLF3ESaMjdzCnC0VccZik23fSsB/2aSfAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUGeqmhgKMGxwkiv2Aea7o/6I//9gwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0dlcW1oZ0tNR3h3a2l2
MkFlYTdvXzZJX185Zy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBg+dtM
El5U6vpQ+B+RWcsEo/9IRj+A1DXkbI1poq3dtH1WhlbN4R72VPUjtkJq9nQDayRG
nPSHVjNfnjORUamSgny+jjYW6a5JeSvkZjpZXhrju+zlk/kXb/sdSBshNgjrfp5t
0WG/GFfoXMmnPJnZXeKgC31myCc9H8M5NHhWLTTXJoc/4Hb8xwdmRQ8+phG2hb7k
+x56x/LTuWhflnOipausYxwgF/9aYca32qQRyXRWFSTIN7PFVT4Ezg0OBbEvUVhZ
sZJeVGoomZo4JUZuTRcFyqEO8rnMU4oAJ4ePzPCNTPyX5EgocoSfQ4vBnw9UpKKf
szsx/hK3qr51UBkF
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:43:20 2025 by rpki-client