Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/jQdRAz9BXjILaQjpUty0PoSatsM.roa
File: jQdRAz9BXjILaQjpUty0PoSatsM.roa (raw, json)
Hash identifier: 3p9g7Aw+KozqsPAw6A1A4rm7fEU48WRdT0eBLC3+zzw=
Subject key identifier: 8D:07:51:03:3F:41:5E:32:0B:69:08:E9:52:DC:B4:3E:84:9A:B6:C3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 744C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jQdRAz9BXjILaQjpUty0PoSatsM.roa
Signing time: Mon 07 Jul 2025 10:48:14 +0000
ROA not before: Mon 07 Jul 2025 10:48:14 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29772 (0x744c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 7 10:48:14 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=8D0751033F415E320B6908E952DCB43E849AB6C3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:ec:85:87:c1:4a:28:bf:6f:4b:ac:5b:b4:f0:
65:1b:47:bf:8f:a7:95:77:84:ab:10:3a:a6:f9:0f:
18:95:5f:9a:96:0c:2e:13:46:e0:c2:ae:6e:48:d2:
57:24:3b:b7:a8:67:35:07:60:eb:6d:3f:d1:aa:96:
85:47:22:49:68:27:ab:e3:92:c2:3b:e8:cb:75:0e:
92:70:6d:a4:3f:e0:46:13:0e:1a:8f:56:ff:46:12:
1d:3a:53:b5:2a:42:0c:d1:57:f8:13:e3:fc:b6:5d:
c4:3f:9c:50:19:01:0b:0b:54:bb:9c:d4:d4:ec:4f:
a2:52:fe:be:53:fc:52:e7:73:d2:e4:d0:b4:46:c6:
b0:c7:c3:77:17:ad:54:76:99:7d:f4:20:ba:c7:09:
83:b5:f1:1e:09:07:b4:03:29:34:91:30:92:e4:1e:
db:5b:c0:ac:79:c4:28:f1:4f:2b:eb:63:92:60:66:
a6:ad:65:b9:69:36:89:3a:24:74:37:4d:15:36:7e:
96:70:70:e4:43:6c:4b:0f:1a:fb:42:06:f7:f0:15:
a2:87:ad:63:a2:64:c2:61:b9:3f:67:8f:f2:df:d1:
c0:ce:ca:6e:21:d4:2f:e5:b1:76:bb:5b:20:a3:96:
5a:10:27:63:01:d8:cb:e8:a0:5c:89:c5:fd:08:3b:
44:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:07:51:03:3F:41:5E:32:0B:69:08:E9:52:DC:B4:3E:84:9A:B6:C3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jQdRAz9BXjILaQjpUty0PoSatsM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
9d:02:1b:5d:39:39:43:19:fe:6e:fb:ba:64:99:f2:9d:4f:30:
42:fb:e7:64:7e:74:e9:90:37:0e:84:6d:0f:d5:68:6c:60:6c:
1f:9a:3b:6e:76:70:dd:e4:72:e7:b8:2a:16:a8:4e:41:99:05:
30:4c:e9:80:4e:d9:2f:62:45:b9:60:d0:64:e6:8c:2b:18:96:
0d:f4:9d:18:f0:72:24:75:ad:38:54:90:63:11:4e:2d:3a:5e:
a0:98:80:46:19:00:5d:99:3e:e0:fe:43:46:90:bb:58:e5:e1:
8d:c6:06:67:78:f7:1a:ba:81:4e:80:b9:50:9b:66:c6:ed:4f:
ce:b3:e0:3e:44:61:5e:c8:be:93:16:6c:f0:14:c6:04:10:a8:
f6:35:bc:d4:39:da:c2:c9:cd:e4:ef:f2:aa:85:36:46:6f:45:
b6:3c:ec:bd:c5:8f:23:e3:5f:c7:d9:26:b3:84:76:4b:b1:aa:
a3:ef:e4:4d:6b:10:8a:1f:d9:6e:28:fa:7e:c3:5f:78:8f:19:
e1:81:ca:eb:58:29:7c:70:f3:7e:a2:8c:8e:ad:3c:05:e2:f7:
4b:b3:f4:f0:23:67:5f:5a:60:56:6a:3a:ab:9f:ab:cc:11:81:
f1:1e:5b:37:30:0d:94:59:ef:a1:aa:25:6d:2e:05:c4:ec:ae:
ed:c5:9e:1e
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdEwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDcx
MDQ4MTRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDhEMDc1MTAzM0Y0MTVF
MzIwQjY5MDhFOTUyRENCNDNFODQ5QUI2QzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDF7IWHwUoov29LrFu08GUbR7+Pp5V3hKsQOqb5DxiVX5qWDC4T
RuDCrm5I0lckO7eoZzUHYOttP9GqloVHIkloJ6vjksI76Mt1DpJwbaQ/4EYTDhqP
Vv9GEh06U7UqQgzRV/gT4/y2XcQ/nFAZAQsLVLuc1NTsT6JS/r5T/FLnc9Lk0LRG
xrDHw3cXrVR2mX30ILrHCYO18R4JB7QDKTSRMJLkHttbwKx5xCjxTyvrY5JgZqat
ZblpNok6JHQ3TRU2fpZwcORDbEsPGvtCBvfwFaKHrWOiZMJhuT9nj/Lf0cDOym4h
1C/lsXa7WyCjlloQJ2MB2MvooFyJxf0IO0TBAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUjQdRAz9BXjILaQjpUty0PoSatsMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2pRZFJBejlCWGpJTGFR
anBVdHkwUG9TYXRzTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCdAhtd
OTlDGf5u+7pkmfKdTzBC++dkfnTpkDcOhG0P1WhsYGwfmjtudnDd5HLnuCoWqE5B
mQUwTOmATtkvYkW5YNBk5owrGJYN9J0Y8HIkda04VJBjEU4tOl6gmIBGGQBdmT7g
/kNGkLtY5eGNxgZnePcauoFOgLlQm2bG7U/Os+A+RGFeyL6TFmzwFMYEEKj2NbzU
OdrCyc3k7/KqhTZGb0W2POy9xY8j41/H2SazhHZLsaqj7+RNaxCKH9luKPp+w194
jxnhgcrrWCl8cPN+ooyOrTwF4vdLs/TwI2dfWmBWajqrn6vMEYHxHls3MA2UWe+h
qiVtLgXE7K7txZ4e
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:42:14 2025 by rpki-client