Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/jQ6Nag4nSjHcrb60ftw87RRXZ6o.roa
File: jQ6Nag4nSjHcrb60ftw87RRXZ6o.roa (raw, json)
Hash identifier: rfM+TadQjdlZsOE210k2ixFBeoDvmm5IkBiYbz9g9wc=
Subject key identifier: 8D:0E:8D:6A:0E:27:4A:31:DC:AD:BE:B4:7E:DC:3C:ED:14:57:67:AA
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7812
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jQ6Nag4nSjHcrb60ftw87RRXZ6o.roa
Signing time: Thu 17 Jul 2025 12:42:02 +0000
ROA not before: Thu 17 Jul 2025 12:42:02 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30738 (0x7812)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 17 12:42:02 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=8D0E8D6A0E274A31DCADBEB47EDC3CED145767AA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:7a:c6:5f:c7:98:77:d4:83:14:b7:c7:ca:6f:
21:4c:5f:e8:41:be:ed:2c:83:9b:cc:fd:e5:73:ae:
6e:46:73:91:db:d9:67:a5:59:fe:a2:05:6d:e3:05:
4c:39:46:31:dd:64:98:e9:08:e5:ce:93:c2:46:1c:
b6:3f:ad:da:09:ab:c4:59:9c:25:b4:40:92:8c:46:
5d:e7:f7:2b:e1:1b:31:55:05:65:39:b7:44:50:cc:
f8:28:a9:c7:c6:44:bf:2d:d0:e7:58:53:b0:02:0f:
d9:60:5a:5a:93:11:8d:e0:fb:af:73:58:25:29:1b:
95:0d:d9:10:78:fd:1d:09:07:97:42:1f:37:16:97:
5f:1e:5f:9f:0f:0b:6b:68:cd:b9:36:38:1a:a4:ff:
14:ee:2a:ea:3b:fb:f1:07:20:2a:ab:29:21:d7:08:
c2:c0:22:be:68:d4:b7:18:c3:b2:16:84:fa:0f:43:
d4:cb:56:02:31:6a:09:64:37:68:42:4b:a5:8d:f1:
3e:8c:1f:51:62:3f:8a:dc:2c:0a:b9:cf:1f:40:19:
0b:ea:1d:68:58:d4:74:9a:3c:67:4a:eb:c7:52:cb:
ba:58:91:e2:cc:56:56:cc:13:b6:52:64:e5:e1:ce:
51:b0:2c:39:67:44:e3:13:f5:fd:2f:61:8e:37:42:
8d:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:0E:8D:6A:0E:27:4A:31:DC:AD:BE:B4:7E:DC:3C:ED:14:57:67:AA
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jQ6Nag4nSjHcrb60ftw87RRXZ6o.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
af:74:d1:26:b9:c8:14:3a:17:31:0b:9a:d5:a4:02:df:2c:6b:
5a:f7:93:ba:a1:49:59:b8:b6:b2:bd:d9:22:65:48:55:30:7f:
ab:44:84:f0:75:52:18:33:41:66:a7:d0:11:64:85:b0:04:21:
f5:6f:68:f2:27:b5:40:97:6b:23:87:3d:f5:29:a2:f4:35:b0:
7a:ea:48:a1:d0:7d:b1:91:35:bb:ae:24:0d:5c:d4:88:68:f9:
8a:fe:d0:6c:c1:e0:21:c8:4c:fe:b3:27:2f:35:d8:97:fd:54:
49:95:f2:e3:0f:23:e9:d0:8d:58:4d:bf:17:8f:66:ee:01:07:
00:e9:04:f0:78:c3:68:5e:33:0b:09:16:00:30:eb:6b:4a:5b:
3d:d2:c4:aa:49:7d:73:89:96:bb:b0:8c:08:05:79:de:1e:5e:
47:d6:39:8e:4c:41:50:5e:12:c0:ca:f8:bb:35:74:ad:a7:eb:
c3:ba:38:6e:26:6d:80:96:0e:41:6f:5c:de:86:cb:6d:ba:db:
46:e4:65:51:c0:d4:62:28:2f:29:56:ab:e2:2d:d2:18:70:db:
ea:b7:d9:f2:70:59:5b:bf:d7:a0:85:18:50:9c:fa:8e:9f:bd:
3d:a4:ae:24:42:fe:45:81:a8:d4:35:da:b5:05:d1:b5:94:99:
fc:10:08:a2
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeBIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTcx
MjQyMDJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDhEMEU4RDZBMEUyNzRB
MzFEQ0FEQkVCNDdFREMzQ0VEMTQ1NzY3QUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDIesZfx5h31IMUt8fKbyFMX+hBvu0sg5vM/eVzrm5Gc5Hb2Wel
Wf6iBW3jBUw5RjHdZJjpCOXOk8JGHLY/rdoJq8RZnCW0QJKMRl3n9yvhGzFVBWU5
t0RQzPgoqcfGRL8t0OdYU7ACD9lgWlqTEY3g+69zWCUpG5UN2RB4/R0JB5dCHzcW
l18eX58PC2tozbk2OBqk/xTuKuo7+/EHICqrKSHXCMLAIr5o1LcYw7IWhPoPQ9TL
VgIxaglkN2hCS6WN8T6MH1FiP4rcLAq5zx9AGQvqHWhY1HSaPGdK68dSy7pYkeLM
VlbME7ZSZOXhzlGwLDlnROMT9f0vYY43Qo0fAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUjQ6Nag4nSjHcrb60ftw87RRXZ6owHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2pRNk5hZzRuU2pIY3Ji
NjBmdHc4N1JSWFo2by5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCvdNEm
ucgUOhcxC5rVpALfLGta95O6oUlZuLayvdkiZUhVMH+rRITwdVIYM0Fmp9ARZIWw
BCH1b2jyJ7VAl2sjhz31KaL0NbB66kih0H2xkTW7riQNXNSIaPmK/tBsweAhyEz+
sycvNdiX/VRJlfLjDyPp0I1YTb8Xj2buAQcA6QTweMNoXjMLCRYAMOtrSls90sSq
SX1ziZa7sIwIBXneHl5H1jmOTEFQXhLAyvi7NXStp+vDujhuJm2Alg5Bb1zehstt
uttG5GVRwNRiKC8pVqviLdIYcNvqt9nycFlbv9eghRhQnPqOn709pK4kQv5FgajU
Ndq1BdG1lJn8EAii
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:50:48 2025 by rpki-client