Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/j19_joimQJHBquNED-7odOCPyVM.roa
File: j19_joimQJHBquNED-7odOCPyVM.roa (raw, json)
Hash identifier: jaytLv/OGxwIOc0dIF6BZzYIQywGaZBv4Wy6tKs3q8I=
Subject key identifier: 8F:5F:7F:8E:88:A6:40:91:C1:AA:E3:44:0F:EE:E8:74:E0:8F:C9:53
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7838
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/j19_joimQJHBquNED-7odOCPyVM.roa
Signing time: Thu 17 Jul 2025 22:11:56 +0000
ROA not before: Thu 17 Jul 2025 22:11:56 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30776 (0x7838)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 17 22:11:56 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=8F5F7F8E88A64091C1AAE3440FEEE874E08FC953
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:e0:b6:91:70:02:84:3e:08:cc:bf:b7:f4:86:
4e:63:ed:2c:3d:48:37:55:af:0a:0a:4b:87:65:10:
75:29:f7:2f:34:43:9c:0a:a4:48:17:f5:0e:eb:df:
65:b6:56:2d:f7:04:a7:8a:de:0f:4e:a6:74:84:5e:
ac:bd:ca:1d:c9:54:51:e2:1d:ac:05:e7:d9:b3:68:
37:d9:ad:cf:4b:56:83:51:ae:52:76:0f:93:b2:0f:
97:60:36:f7:8f:c9:c0:d9:96:f9:32:0d:56:1c:1c:
25:99:d2:fd:58:e0:e9:89:e8:d7:f2:a5:3b:6d:06:
1d:6a:c2:c6:f2:6c:73:33:ae:94:cb:b6:bc:31:d1:
1c:58:7a:60:9b:1f:ae:6e:dc:b0:4e:cb:dc:78:6f:
3d:89:4f:bf:aa:2f:0c:08:ef:51:cb:cd:6c:dd:e0:
02:4e:cd:f9:85:89:1d:76:cd:3c:0f:30:fb:d6:e3:
33:1b:32:c1:9a:89:c5:ab:96:3a:cb:c7:7b:be:fb:
d5:7e:e1:bb:21:45:58:48:6f:52:20:81:6f:4a:80:
aa:b1:f7:2b:ca:b3:5c:34:8d:ea:37:08:c6:c5:11:
70:41:8e:9c:45:a8:48:e9:1b:04:a5:0e:f2:6d:06:
da:bf:dc:7c:fe:d1:e8:35:16:03:21:3c:f9:26:1b:
73:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:5F:7F:8E:88:A6:40:91:C1:AA:E3:44:0F:EE:E8:74:E0:8F:C9:53
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/j19_joimQJHBquNED-7odOCPyVM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
74:b6:85:1a:cc:ac:9f:a3:73:3d:4e:e5:a0:0e:1d:8a:ab:34:
f2:ab:04:b5:1a:1c:fc:d4:d8:ae:6d:a2:b0:b2:c6:03:76:90:
2e:ee:c1:47:d9:99:40:95:3b:50:47:71:bc:86:f2:d7:c4:e8:
e5:a7:8f:a8:88:7e:a2:b5:d5:54:28:62:70:0a:e1:bd:25:f6:
38:9a:d2:c3:ec:be:eb:1c:b2:5a:3d:81:94:cd:e3:e9:f5:e1:
7f:4d:61:1b:e5:2e:66:cf:af:36:fc:8d:14:12:40:b5:4f:f3:
3b:0e:60:d0:8a:e7:3f:4b:b4:9b:2d:e0:47:62:cd:22:7b:06:
28:f4:69:d9:95:3c:09:a5:9b:14:73:26:4c:16:1a:64:ac:f0:
04:ca:e9:52:f2:6c:c5:ac:96:59:1f:8a:fd:fc:cb:40:d3:70:
3d:b3:70:51:a1:45:a9:a6:d3:c6:eb:3a:43:45:3d:e7:7c:31:
1a:ed:76:d2:5b:3d:2c:e5:1f:e3:40:c0:2f:d9:fc:74:47:4a:
74:4a:95:ae:a6:f7:79:b3:17:95:17:03:6f:eb:d6:32:d5:97:
d8:d1:0c:d7:45:2a:6f:02:f2:b7:e8:24:03:87:09:96:4b:57:
15:ab:0b:74:92:80:6e:0e:0c:66:cb:34:1e:ae:fc:19:58:6f:
5c:1b:4f:eb
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeDgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTcy
MjExNTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDhGNUY3RjhFODhBNjQw
OTFDMUFBRTM0NDBGRUVFODc0RTA4RkM5NTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDI4LaRcAKEPgjMv7f0hk5j7Sw9SDdVrwoKS4dlEHUp9y80Q5wK
pEgX9Q7r32W2Vi33BKeK3g9OpnSEXqy9yh3JVFHiHawF59mzaDfZrc9LVoNRrlJ2
D5OyD5dgNvePycDZlvkyDVYcHCWZ0v1Y4OmJ6NfypTttBh1qwsbybHMzrpTLtrwx
0RxYemCbH65u3LBOy9x4bz2JT7+qLwwI71HLzWzd4AJOzfmFiR12zTwPMPvW4zMb
MsGaicWrljrLx3u++9V+4bshRVhIb1IggW9KgKqx9yvKs1w0jeo3CMbFEXBBjpxF
qEjpGwSlDvJtBtq/3Hz+0eg1FgMhPPkmG3OZAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUj19/joimQJHBquNED+7odOCPyVMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2oxOV9qb2ltUUpIQnF1
TkVELTdvZE9DUHlWTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB0toUa
zKyfo3M9TuWgDh2KqzTyqwS1Ghz81NiubaKwssYDdpAu7sFH2ZlAlTtQR3G8hvLX
xOjlp4+oiH6itdVUKGJwCuG9JfY4mtLD7L7rHLJaPYGUzePp9eF/TWEb5S5mz682
/I0UEkC1T/M7DmDQiuc/S7SbLeBHYs0iewYo9GnZlTwJpZsUcyZMFhpkrPAEyulS
8mzFrJZZH4r9/MtA03A9s3BRoUWpptPG6zpDRT3nfDEa7XbSWz0s5R/jQMAv2fx0
R0p0SpWupvd5sxeVFwNv69Yy1ZfY0QzXRSpvAvK36CQDhwmWS1cVqwt0koBuDgxm
yzQervwZWG9cG0/r
-----END CERTIFICATE-----
Generated at Sun Jul 20 16:32:32 2025 by rpki-client