Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/j9bQkoPYGBXzbDTeu97gjQYILDQ.roa
File: j9bQkoPYGBXzbDTeu97gjQYILDQ.roa (raw, json)
Hash identifier: xS0XEbD1Jt6XLmiY4vhVCdv07/a/5+bFDJEK7d9IzSo=
Subject key identifier: 8F:D6:D0:92:83:D8:18:15:F3:6C:34:DE:BB:DE:E0:8D:06:08:2C:34
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 73C2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/j9bQkoPYGBXzbDTeu97gjQYILDQ.roa
Signing time: Sun 06 Jul 2025 00:14:57 +0000
ROA not before: Sun 06 Jul 2025 00:14:57 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29634 (0x73c2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 6 00:14:57 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=8FD6D09283D81815F36C34DEBBDEE08D06082C34
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:43:82:83:20:06:8e:56:a9:07:13:68:68:35:
bc:e5:2c:bc:b5:ea:be:98:e4:fa:2b:6e:0c:61:44:
04:70:fd:06:60:84:2d:e2:5c:11:53:a3:01:c0:69:
30:81:12:e6:79:2f:1e:5d:6e:ff:3e:b6:12:bb:46:
4f:62:9f:01:4f:3f:a8:68:b3:91:61:4d:9b:41:35:
fe:cf:68:05:a4:34:27:ea:e4:46:3e:02:1b:d6:18:
7c:88:f0:d1:f8:b3:c9:ab:71:fc:de:12:9e:f5:82:
cd:d8:a8:6c:68:30:2e:f5:b7:86:81:4f:21:3b:71:
30:41:36:58:9f:b2:2c:03:49:f2:d9:e6:39:74:38:
b6:12:43:41:e2:2b:29:57:03:75:81:85:0a:d6:78:
da:18:37:97:4a:97:dc:13:5b:5a:53:10:cf:04:03:
5a:9a:71:0b:f3:69:69:bb:df:3e:c4:a3:a7:db:2f:
6e:b7:75:9b:58:86:d8:26:97:82:d5:d7:9e:de:60:
01:58:e5:db:52:ea:9a:a0:91:f9:d9:c2:e5:f4:bf:
7a:97:e0:2f:29:ae:2a:57:38:0b:5a:9e:c5:60:89:
3d:93:8d:18:8b:0a:f3:2c:49:dd:4d:47:19:60:b9:
16:93:88:64:f7:6a:49:10:64:c9:d1:61:57:0f:35:
82:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:D6:D0:92:83:D8:18:15:F3:6C:34:DE:BB:DE:E0:8D:06:08:2C:34
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/j9bQkoPYGBXzbDTeu97gjQYILDQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
ab:63:81:b4:f8:39:2c:87:04:98:ec:c6:ad:72:35:52:91:bd:
fe:73:dc:6f:a3:79:cc:2a:7f:8f:d4:8d:67:2d:d9:c7:2d:73:
fb:21:9e:68:2f:3d:80:9c:b0:a0:42:f1:6c:41:e3:2b:9a:71:
43:a3:66:15:22:a1:3a:e5:e8:12:fd:83:15:bd:48:34:1d:48:
8f:99:de:a2:63:aa:da:8a:4e:7c:02:50:31:cc:57:7d:18:77:
e5:b4:c9:99:4c:c0:ab:45:1d:98:29:86:df:74:23:aa:c0:65:
a2:d6:93:69:8f:55:70:e4:ef:b8:e6:27:dc:f0:11:6d:f6:0f:
ac:db:4c:ec:12:d0:71:88:39:5b:50:72:f9:76:af:d0:35:3f:
c3:66:8f:8a:40:52:3a:16:69:a7:62:ac:ba:b1:61:36:30:61:
77:4a:e4:73:9d:40:65:3c:ec:ac:0e:e4:dd:ae:44:a2:27:23:
4e:ca:ec:3f:4b:1e:73:f6:d8:8b:38:0e:ab:f0:97:69:b1:61:
39:6f:90:aa:5d:24:0e:f6:5f:bf:0e:ee:70:20:1d:64:33:57:
52:3c:79:d1:34:26:bb:47:2a:95:f9:bc:95:20:ef:cf:38:76:
17:37:4d:d5:19:d8:a7:2a:96:83:20:0a:1f:b5:95:b6:ba:14:
a1:0f:40:fc
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICc8IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDYw
MDE0NTdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDhGRDZEMDkyODNEODE4
MTVGMzZDMzRERUJCREVFMDhEMDYwODJDMzQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDmQ4KDIAaOVqkHE2hoNbzlLLy16r6Y5PorbgxhRARw/QZghC3i
XBFTowHAaTCBEuZ5Lx5dbv8+thK7Rk9inwFPP6hos5FhTZtBNf7PaAWkNCfq5EY+
AhvWGHyI8NH4s8mrcfzeEp71gs3YqGxoMC71t4aBTyE7cTBBNlifsiwDSfLZ5jl0
OLYSQ0HiKylXA3WBhQrWeNoYN5dKl9wTW1pTEM8EA1qacQvzaWm73z7Eo6fbL263
dZtYhtgml4LV157eYAFY5dtS6pqgkfnZwuX0v3qX4C8pripXOAtansVgiT2TjRiL
CvMsSd1NRxlguRaTiGT3akkQZMnRYVcPNYKTAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUj9bQkoPYGBXzbDTeu97gjQYILDQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2o5YlFrb1BZR0JYemJE
VGV1OTdnalFZSUxEUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCrY4G0
+DkshwSY7MatcjVSkb3+c9xvo3nMKn+P1I1nLdnHLXP7IZ5oLz2AnLCgQvFsQeMr
mnFDo2YVIqE65egS/YMVvUg0HUiPmd6iY6raik58AlAxzFd9GHfltMmZTMCrRR2Y
KYbfdCOqwGWi1pNpj1Vw5O+45ifc8BFt9g+s20zsEtBxiDlbUHL5dq/QNT/DZo+K
QFI6FmmnYqy6sWE2MGF3SuRznUBlPOysDuTdrkSiJyNOyuw/Sx5z9tiLOA6r8Jdp
sWE5b5CqXSQO9l+/Du5wIB1kM1dSPHnRNCa7RyqV+byVIO/POHYXN03VGdinKpaD
IAoftZW2uhShD0D8
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:49:30 2025 by rpki-client