Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/jGhRXORXJjzL0_efASlACnRl3Qs.roa
File: jGhRXORXJjzL0_efASlACnRl3Qs.roa (raw, json)
Hash identifier: mdh1FhpenY+CdG4jlz+zU4HXvXKj94yexHf/Jrc3q5k=
Subject key identifier: 8C:68:51:5C:E4:57:26:3C:CB:D3:F7:9F:01:29:40:0A:74:65:DD:0B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 745A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jGhRXORXJjzL0_efASlACnRl3Qs.roa
Signing time: Mon 07 Jul 2025 14:15:36 +0000
ROA not before: Mon 07 Jul 2025 14:15:36 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29786 (0x745a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 7 14:15:36 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=8C68515CE457263CCBD3F79F0129400A7465DD0B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:7a:c3:b2:8b:35:f2:09:70:8f:87:2e:72:ba:
1f:52:48:cc:f8:a2:61:00:a9:1f:0d:75:4c:b7:82:
29:4d:a3:28:61:73:88:ac:3c:e9:ab:bd:e0:b0:80:
01:fe:f7:5f:cf:8d:3a:02:d9:19:64:2f:e6:3d:3c:
72:e5:df:0c:08:01:f5:b3:71:75:21:06:0a:dd:07:
d1:c6:41:ae:10:53:ed:0c:c5:30:43:60:60:cc:a1:
2d:f3:c1:53:1a:95:d1:14:07:cf:9c:33:b9:e2:3d:
44:60:5a:40:95:e8:81:d6:55:68:77:9a:4c:a1:a8:
2d:4c:b5:a5:30:74:dd:b0:91:90:65:6b:b3:a5:40:
94:84:a6:f3:f7:b9:56:c4:59:a3:85:78:5e:9c:be:
6d:46:29:8e:de:31:d4:73:92:39:67:07:10:17:ad:
fd:6e:df:91:1e:30:9d:af:9d:98:5a:93:2c:3a:a1:
81:33:9e:4e:af:ae:53:19:e6:dd:fc:57:20:40:97:
2e:69:69:00:27:19:21:35:50:99:94:b0:b0:17:3f:
32:f0:c5:0b:fb:f8:82:e0:1f:62:33:ac:be:d0:7c:
f0:e1:b7:ed:ca:bc:06:b1:1d:a6:98:c9:b8:82:78:
22:bb:3a:5d:f1:94:94:5d:f8:89:40:d9:cb:75:39:
bd:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:68:51:5C:E4:57:26:3C:CB:D3:F7:9F:01:29:40:0A:74:65:DD:0B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jGhRXORXJjzL0_efASlACnRl3Qs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
0f:e1:91:4b:c0:61:56:61:88:29:6c:18:86:9b:64:fb:7c:37:
27:e1:94:50:c1:5b:bd:fe:10:f3:66:62:22:b7:7c:7a:5b:b9:
87:60:12:e3:66:e8:03:97:f4:ae:36:6d:d2:45:60:39:05:95:
a8:fb:4d:a4:95:73:78:f4:32:23:73:0e:b4:2c:ae:ae:87:d9:
7e:29:0f:4f:a5:38:39:9d:92:90:92:95:08:27:b5:91:b1:7f:
75:5c:d5:bc:b2:f7:1e:0f:3c:11:1d:9d:22:3c:33:fa:bc:d7:
52:55:89:70:2b:5e:3c:f5:68:e8:2e:97:31:29:67:37:32:32:
6c:92:f4:2b:7f:88:70:53:35:c2:7a:f6:43:4d:18:37:96:50:
b9:fa:2c:14:40:2c:c6:5b:d4:16:7d:32:d9:fb:e6:ab:ba:06:
1e:28:dc:eb:c9:3d:a5:af:07:d9:9b:8e:30:cf:2b:84:c0:06:
40:46:fe:7c:0a:7b:e7:8e:e0:ad:50:ca:cd:a5:b8:37:3b:75:
36:4c:78:20:04:0c:d2:e9:03:16:ac:1d:5a:af:6f:c4:c1:30:
02:2a:33:8a:39:94:75:34:18:cc:30:ae:93:e3:9a:99:9d:ce:
ee:a4:9d:68:ae:6e:68:c2:01:9c:b5:54:b2:e0:9d:4e:7e:e5:
74:cf:84:fb
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdFowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDcx
NDE1MzZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDhDNjg1MTVDRTQ1NzI2
M0NDQkQzRjc5RjAxMjk0MDBBNzQ2NUREMEIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/esOyizXyCXCPhy5yuh9SSMz4omEAqR8NdUy3gilNoyhhc4is
POmrveCwgAH+91/PjToC2RlkL+Y9PHLl3wwIAfWzcXUhBgrdB9HGQa4QU+0MxTBD
YGDMoS3zwVMaldEUB8+cM7niPURgWkCV6IHWVWh3mkyhqC1MtaUwdN2wkZBla7Ol
QJSEpvP3uVbEWaOFeF6cvm1GKY7eMdRzkjlnBxAXrf1u35EeMJ2vnZhakyw6oYEz
nk6vrlMZ5t38VyBAly5paQAnGSE1UJmUsLAXPzLwxQv7+ILgH2IzrL7QfPDht+3K
vAaxHaaYybiCeCK7Ol3xlJRd+IlA2ct1Ob0TAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUjGhRXORXJjzL0/efASlACnRl3QswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2pHaFJYT1JYSmp6TDBf
ZWZBU2xBQ25SbDNRcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAP4ZFL
wGFWYYgpbBiGm2T7fDcn4ZRQwVu9/hDzZmIit3x6W7mHYBLjZugDl/SuNm3SRWA5
BZWo+02klXN49DIjcw60LK6uh9l+KQ9PpTg5nZKQkpUIJ7WRsX91XNW8svceDzwR
HZ0iPDP6vNdSVYlwK1489WjoLpcxKWc3MjJskvQrf4hwUzXCevZDTRg3llC5+iwU
QCzGW9QWfTLZ++arugYeKNzryT2lrwfZm44wzyuEwAZARv58CnvnjuCtUMrNpbg3
O3U2THggBAzS6QMWrB1ar2/EwTACKjOKOZR1NBjMMK6T45qZnc7upJ1orm5owgGc
tVSy4J1OfuV0z4T7
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:30:44 2025 by rpki-client