Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/J690Hv9pncPoLytmNp9JXD_8f0c.roa
File: J690Hv9pncPoLytmNp9JXD_8f0c.roa (raw, json)
Hash identifier: yS/vqyqZqqZeprnne9IMhjGi2rVADlbWoyuFedZugfY=
Subject key identifier: 27:AF:74:1E:FF:69:9D:C3:E8:2F:2B:66:36:9F:49:5C:3F:FC:7F:47
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6CDE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/J690Hv9pncPoLytmNp9JXD_8f0c.roa
Signing time: Tue 17 Jun 2025 09:42:24 +0000
ROA not before: Tue 17 Jun 2025 09:42:24 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27870 (0x6cde)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 17 09:42:24 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=27AF741EFF699DC3E82F2B66369F495C3FFC7F47
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:52:b5:86:43:67:78:ef:12:a7:2a:74:f7:f9:
8d:1b:5d:1c:e9:1f:e5:f0:2f:eb:3a:00:6d:df:9f:
3b:92:7e:9b:3a:96:35:20:f2:54:3c:f9:42:2e:70:
52:16:ab:ee:81:20:49:79:0f:6e:bf:34:63:08:7d:
01:bf:42:87:39:fe:aa:bd:76:ca:20:47:f2:53:eb:
8d:ca:7a:4a:4c:19:7c:51:9f:1a:68:df:38:e9:7d:
1a:d9:ba:5c:15:e1:09:7e:a7:15:01:16:8f:e1:e3:
74:a5:d9:49:36:6a:78:07:80:3d:a8:84:38:5c:ba:
87:8c:00:42:1a:f8:b8:cf:ad:f1:f3:ec:f2:db:f6:
25:b9:b5:d5:60:13:19:38:3a:3e:4e:61:50:3a:6b:
47:ea:6f:69:86:83:13:02:05:5f:55:33:03:46:7e:
6c:90:1f:c4:cd:c7:c2:b9:ee:9b:11:fd:5f:b7:b4:
62:e3:55:45:dc:78:99:39:ab:30:1e:28:42:d4:f7:
51:c9:9b:63:1e:88:cf:3f:e1:0f:68:98:f6:64:9d:
54:95:69:82:3a:01:f4:66:ab:77:33:92:19:45:7b:
48:bb:8d:45:ab:7f:1b:d9:c0:9c:9e:79:74:b5:39:
5b:80:60:56:d1:40:5c:63:d9:fe:38:43:11:7b:38:
37:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
27:AF:74:1E:FF:69:9D:C3:E8:2F:2B:66:36:9F:49:5C:3F:FC:7F:47
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/J690Hv9pncPoLytmNp9JXD_8f0c.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
b9:9d:1d:4b:dd:89:5c:52:94:12:b6:6d:79:ab:d3:3a:fd:3e:
81:bf:d3:25:ef:fb:8f:d1:53:55:b8:e2:cd:b0:bf:b8:2d:aa:
f8:86:2d:c1:e1:d4:54:bc:3a:3e:8e:77:5d:45:02:2a:98:a3:
34:6f:71:2b:db:c8:ee:dd:3f:6b:2f:93:a5:5c:b6:1d:7d:e8:
b8:4b:78:3b:14:1c:22:75:94:27:ae:33:99:2e:c2:68:1d:08:
e2:0b:15:44:c9:7a:3d:ce:b7:7a:4a:a2:1f:97:72:c8:fe:f5:
3e:5f:f3:76:fe:85:ff:7b:15:2c:22:dd:24:d6:d8:d8:ba:69:
63:04:a4:2f:b7:97:2f:0e:88:44:7f:96:a2:35:4c:71:b8:05:
c8:ac:56:0c:51:57:a0:e4:90:25:17:22:53:4c:a6:f5:85:f5:
e9:61:da:82:db:7e:f4:91:44:3a:8f:02:7a:05:70:e6:f9:b2:
ae:8e:01:2c:c1:cd:17:5c:f9:62:7d:ed:6f:26:86:20:b2:a9:
d6:19:0c:d4:e5:25:c5:5d:48:b7:96:90:34:ef:4d:23:69:5b:
03:ac:86:8b:8f:be:48:eb:b9:87:ad:a5:a3:57:d2:ec:3a:07:
2c:a2:fb:4f:57:05:40:10:17:10:13:8a:62:2a:26:47:fb:89:
a0:c9:aa:48
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbN4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTcw
OTQyMjRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDI3QUY3NDFFRkY2OTlE
QzNFODJGMkI2NjM2OUY0OTVDM0ZGQzdGNDcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC1UrWGQ2d47xKnKnT3+Y0bXRzpH+XwL+s6AG3fnzuSfps6ljUg
8lQ8+UIucFIWq+6BIEl5D26/NGMIfQG/Qoc5/qq9dsogR/JT643KekpMGXxRnxpo
3zjpfRrZulwV4Ql+pxUBFo/h43Sl2Uk2angHgD2ohDhcuoeMAEIa+LjPrfHz7PLb
9iW5tdVgExk4Oj5OYVA6a0fqb2mGgxMCBV9VMwNGfmyQH8TNx8K57psR/V+3tGLj
VUXceJk5qzAeKELU91HJm2MeiM8/4Q9omPZknVSVaYI6AfRmq3czkhlFe0i7jUWr
fxvZwJyeeXS1OVuAYFbRQFxj2f44QxF7ODf5AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUJ690Hv9pncPoLytmNp9JXD/8f0cwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0o2OTBIdjlwbmNQb0x5
dG1OcDlKWERfOGYwYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQC5nR1L
3YlcUpQStm15q9M6/T6Bv9Ml7/uP0VNVuOLNsL+4Lar4hi3B4dRUvDo+jnddRQIq
mKM0b3Er28ju3T9rL5OlXLYdfei4S3g7FBwidZQnrjOZLsJoHQjiCxVEyXo9zrd6
SqIfl3LI/vU+X/N2/oX/exUsIt0k1tjYumljBKQvt5cvDohEf5aiNUxxuAXIrFYM
UVeg5JAlFyJTTKb1hfXpYdqC2370kUQ6jwJ6BXDm+bKujgEswc0XXPlife1vJoYg
sqnWGQzU5SXFXUi3lpA0700jaVsDrIaLj75I67mHraWjV9LsOgcsovtPVwVAEBcQ
E4piKiZH+4mgyapI
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:33:54 2025 by rpki-client