Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/gTp1834fpAM2guvvnV4uiR8RBW4.roa
File: gTp1834fpAM2guvvnV4uiR8RBW4.roa (raw, json)
Hash identifier: Ba88JDZ6qGWk2/aPt1iUJDooKbCxOkMBuq/WvSDrgkk=
Subject key identifier: 81:3A:75:F3:7E:1F:A4:03:36:82:EB:EF:9D:5E:2E:89:1F:11:05:6E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 763C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/gTp1834fpAM2guvvnV4uiR8RBW4.roa
Signing time: Sat 12 Jul 2025 15:12:31 +0000
ROA not before: Sat 12 Jul 2025 15:12:31 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30268 (0x763c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 12 15:12:31 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=813A75F37E1FA4033682EBEF9D5E2E891F11056E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:5e:b6:25:39:7c:89:25:18:4d:a1:f7:f8:31:
fd:18:41:d5:6b:f0:4d:d7:4a:a8:44:d0:a3:66:d7:
5f:1d:46:c8:ac:18:57:14:8e:87:5e:06:b8:62:1c:
de:a9:61:55:08:03:ec:ce:97:9c:31:89:b9:78:be:
85:2e:0a:87:a0:7c:78:b7:b9:07:78:d9:24:8d:05:
b8:19:71:6c:f7:8e:d8:b9:37:ce:57:45:e2:c9:5b:
61:2d:ca:d2:55:c2:2b:c3:de:4f:2e:a9:16:87:3b:
25:0c:47:73:71:66:fb:7f:50:e3:f9:58:9b:80:30:
d1:b1:f2:55:6d:66:c0:05:ef:db:81:f6:66:be:b8:
ac:14:ff:2f:68:29:07:88:b2:15:28:e3:01:43:43:
6f:56:79:82:67:2a:c7:da:c6:4f:de:27:55:63:82:
b3:50:4a:a7:3d:09:0d:2a:17:e7:d0:93:fc:d8:39:
16:df:f5:41:cb:b5:c4:47:e3:fd:96:3f:e8:20:9c:
75:93:4e:42:16:4c:aa:50:bd:42:71:7c:96:67:2f:
5e:10:91:13:fc:6f:c1:d6:68:dd:00:de:21:e2:15:
62:21:a7:28:d2:c2:bd:2b:d3:a3:8a:a9:55:fe:b5:
f7:32:b2:fb:2b:35:4f:f5:10:01:03:3b:f2:70:29:
4e:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
81:3A:75:F3:7E:1F:A4:03:36:82:EB:EF:9D:5E:2E:89:1F:11:05:6E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/gTp1834fpAM2guvvnV4uiR8RBW4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
61:f9:a1:10:64:0e:62:58:55:56:5e:08:da:57:7f:db:79:ca:
28:20:8f:9b:d6:17:73:8b:a4:0b:fc:19:da:ff:c2:1e:6b:4a:
ef:24:16:b1:3d:3b:c9:49:88:db:dd:2f:c9:3c:58:46:28:0e:
5c:81:cb:bd:5b:73:13:15:2b:b9:fd:ec:35:ab:ba:23:fc:a6:
c0:42:fd:58:da:9b:31:72:fe:15:94:1c:23:eb:6d:ee:39:46:
0a:7c:56:7a:3f:62:c7:40:73:dd:e5:2b:55:14:1d:2f:dd:93:
eb:2f:68:ea:92:ea:a5:0f:23:5e:8a:eb:ea:a1:c8:7e:e7:04:
2d:d0:c5:b4:b2:4b:87:81:20:fe:a3:e3:6c:a8:6d:9d:e7:63:
97:3f:16:0c:33:b1:41:48:bb:d7:b3:b8:87:3c:6e:41:50:0d:
1f:a0:00:e9:a0:3e:ad:d1:81:a0:cf:3d:33:3b:16:5f:3d:a4:
ea:74:0a:aa:b9:59:27:e7:16:7a:f1:f0:0b:b1:49:5e:c3:19:
f1:26:c6:30:bc:66:6c:99:c2:25:a9:86:d4:28:ca:be:9f:ba:
4d:2a:2f:c6:bb:4d:cf:b9:61:97:cc:fd:c1:0e:e8:68:cf:21:
b2:bc:99:a0:e5:8c:c0:be:03:45:5b:f5:06:71:14:ab:4a:44:
b8:bd:f8:b7
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdjwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTIx
NTEyMzFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDgxM0E3NUYzN0UxRkE0
MDMzNjgyRUJFRjlENUUyRTg5MUYxMTA1NkUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDXXrYlOXyJJRhNoff4Mf0YQdVr8E3XSqhE0KNm118dRsisGFcU
jodeBrhiHN6pYVUIA+zOl5wxibl4voUuCoegfHi3uQd42SSNBbgZcWz3jti5N85X
ReLJW2EtytJVwivD3k8uqRaHOyUMR3NxZvt/UOP5WJuAMNGx8lVtZsAF79uB9ma+
uKwU/y9oKQeIshUo4wFDQ29WeYJnKsfaxk/eJ1VjgrNQSqc9CQ0qF+fQk/zYORbf
9UHLtcRH4/2WP+ggnHWTTkIWTKpQvUJxfJZnL14QkRP8b8HWaN0A3iHiFWIhpyjS
wr0r06OKqVX+tfcysvsrNU/1EAEDO/JwKU6RAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUgTp1834fpAM2guvvnV4uiR8RBW4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2dUcDE4MzRmcEFNMmd1
dnZuVjR1aVI4UkJXNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBh+aEQ
ZA5iWFVWXgjaV3/becooII+b1hdzi6QL/Bna/8Iea0rvJBaxPTvJSYjb3S/JPFhG
KA5cgcu9W3MTFSu5/ew1q7oj/KbAQv1Y2psxcv4VlBwj623uOUYKfFZ6P2LHQHPd
5StVFB0v3ZPrL2jqkuqlDyNeiuvqoch+5wQt0MW0skuHgSD+o+NsqG2d52OXPxYM
M7FBSLvXs7iHPG5BUA0foADpoD6t0YGgzz0zOxZfPaTqdAqquVkn5xZ68fALsUle
wxnxJsYwvGZsmcIlqYbUKMq+n7pNKi/Gu03PuWGXzP3BDuhozyGyvJmg5YzAvgNF
W/UGcRSrSkS4vfi3
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:35:13 2025 by rpki-client