Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/JxIbIG41GYApfsrRmbKLVNH91TM.roa
File: JxIbIG41GYApfsrRmbKLVNH91TM.roa (raw, json)
Hash identifier: lxOjxOe/NTDuqGGarWTyWUFp8ACTi+HbNt+occeC0ZE=
Subject key identifier: 27:12:1B:20:6E:35:19:80:29:7E:CA:D1:99:B2:8B:54:D1:FD:D5:33
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 784E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/JxIbIG41GYApfsrRmbKLVNH91TM.roa
Signing time: Fri 18 Jul 2025 03:42:33 +0000
ROA not before: Fri 18 Jul 2025 03:42:33 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30798 (0x784e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 18 03:42:33 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=27121B206E351980297ECAD199B28B54D1FDD533
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:1e:da:65:a2:b2:9f:7e:5c:f9:9b:ad:49:7b:
2e:e5:04:84:20:da:a7:a6:8a:f8:10:33:d3:67:4e:
64:90:f1:e7:6c:79:45:78:1c:9b:e0:e4:17:ae:c9:
c5:72:90:56:b9:c8:66:86:20:f4:2e:ca:0a:c4:19:
80:d6:9c:8b:82:75:12:a5:fa:56:be:7e:33:e8:a7:
4a:0b:94:86:e7:54:a2:46:89:cf:6c:19:8f:06:29:
ec:99:22:22:b7:0e:21:9b:88:ac:30:dd:1a:33:ff:
d5:c5:4f:70:3a:5a:d3:0f:df:73:94:3c:5d:48:4b:
6d:a0:83:a0:ad:7a:38:1f:a4:50:b6:a2:44:a1:31:
12:9e:9f:d6:c2:a1:08:12:26:24:22:a7:37:82:93:
e5:ec:ef:33:34:64:8d:c3:b0:1f:4c:18:5f:ca:d0:
77:f9:f5:43:4e:22:13:bb:7b:21:01:55:b6:6e:3f:
1e:66:8c:29:8a:51:fb:7e:d1:31:d6:b9:37:e6:91:
ab:52:ae:73:1c:3b:b7:98:74:07:f5:11:b7:50:00:
69:aa:66:13:43:96:c7:05:86:a5:d6:1d:28:f4:2a:
75:4d:81:a8:0b:df:df:bf:b8:8e:e8:d4:fd:0a:c5:
07:00:c1:a0:c2:6b:0b:59:db:28:ad:19:f1:c3:bf:
4e:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
27:12:1B:20:6E:35:19:80:29:7E:CA:D1:99:B2:8B:54:D1:FD:D5:33
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/JxIbIG41GYApfsrRmbKLVNH91TM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
56:0a:45:53:05:66:8b:01:04:d1:d9:98:d3:f6:1d:c3:78:cf:
1c:a2:8e:60:f9:85:6b:cc:bc:8f:e1:62:1f:6f:5a:68:37:ef:
99:f8:31:64:f4:c8:a0:da:20:e1:19:32:24:69:b9:b2:41:05:
9c:52:59:4a:fc:9f:b9:56:1e:27:7a:05:0f:dd:c8:f5:25:73:
d1:1a:0f:13:3a:72:56:14:0d:e8:70:46:ec:14:e5:26:d4:eb:
0e:52:3c:c6:c1:1a:47:6f:01:c2:4e:76:16:51:a5:c2:ab:e4:
e5:84:09:3d:ca:b6:06:9c:e5:1c:65:22:54:d2:19:db:1d:78:
1f:1e:7b:18:4a:61:67:77:24:ce:57:64:6b:c5:5f:69:fe:0d:
74:71:ca:a4:85:d9:53:13:81:5d:a3:6d:87:13:cd:6d:e5:f1:
a4:21:8d:c3:0b:be:31:23:77:21:58:f6:79:a7:a6:54:79:48:
15:6b:9d:9f:a0:3e:7b:a2:2d:b1:28:7a:b4:7a:af:2e:16:da:
b1:55:81:df:cf:9c:39:85:37:e8:1c:99:ab:89:b6:ea:43:90:
26:7a:f2:69:9a:f0:ab:b6:e0:74:0a:b4:85:72:61:b9:9b:62:
67:f1:e7:2a:7b:2a:f2:f7:b1:05:9d:11:67:b9:67:7c:d7:16:
47:c0:d3:cd
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeE4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTgw
MzQyMzNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDI3MTIxQjIwNkUzNTE5
ODAyOTdFQ0FEMTk5QjI4QjU0RDFGREQ1MzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC2HtplorKfflz5m61Jey7lBIQg2qemivgQM9NnTmSQ8edseUV4
HJvg5BeuycVykFa5yGaGIPQuygrEGYDWnIuCdRKl+la+fjPop0oLlIbnVKJGic9s
GY8GKeyZIiK3DiGbiKww3Roz/9XFT3A6WtMP33OUPF1IS22gg6CtejgfpFC2okSh
MRKen9bCoQgSJiQipzeCk+Xs7zM0ZI3DsB9MGF/K0Hf59UNOIhO7eyEBVbZuPx5m
jCmKUft+0THWuTfmkatSrnMcO7eYdAf1EbdQAGmqZhNDlscFhqXWHSj0KnVNgagL
39+/uI7o1P0KxQcAwaDCawtZ2yitGfHDv06lAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUJxIbIG41GYApfsrRmbKLVNH91TMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0p4SWJJRzQxR1lBcGZz
clJtYktMVk5IOTFUTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBWCkVT
BWaLAQTR2ZjT9h3DeM8coo5g+YVrzLyP4WIfb1poN++Z+DFk9Mig2iDhGTIkabmy
QQWcUllK/J+5Vh4negUP3cj1JXPRGg8TOnJWFA3ocEbsFOUm1OsOUjzGwRpHbwHC
TnYWUaXCq+TlhAk9yrYGnOUcZSJU0hnbHXgfHnsYSmFndyTOV2RrxV9p/g10ccqk
hdlTE4Fdo22HE81t5fGkIY3DC74xI3chWPZ5p6ZUeUgVa52foD57oi2xKHq0eq8u
FtqxVYHfz5w5hTfoHJmribbqQ5AmevJpmvCrtuB0CrSFcmG5m2Jn8ecqeyry97EF
nRFnuWd81xZHwNPN
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:46:51 2025 by rpki-client