Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/jU213JwDOHMNl3Tf5qScBZ6JGC8.roa
File: jU213JwDOHMNl3Tf5qScBZ6JGC8.roa (raw, json)
Hash identifier: kcwzz3eA6lf9dHU1QDbrpj5FOw9jFcej0M3EdkTvVk8=
Subject key identifier: 8D:4D:B5:DC:9C:03:38:73:0D:97:74:DF:E6:A4:9C:05:9E:89:18:2F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7448
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jU213JwDOHMNl3Tf5qScBZ6JGC8.roa
Signing time: Mon 07 Jul 2025 09:46:29 +0000
ROA not before: Mon 07 Jul 2025 09:46:29 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29768 (0x7448)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 7 09:46:29 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=8D4DB5DC9C0338730D9774DFE6A49C059E89182F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:0f:a9:d6:3e:21:d1:cb:e7:24:e2:01:97:5c:
fa:ed:e4:7d:4b:45:3d:df:00:d5:2d:e9:d1:1f:23:
7f:84:82:5f:ff:52:54:6e:eb:a0:2b:1e:6c:07:7f:
22:b0:2d:1b:d7:e9:a4:d6:29:7c:88:84:cb:ab:6c:
a5:93:61:a5:d2:82:84:ff:bc:4f:b6:e1:8b:98:cc:
cd:20:79:60:4c:9b:2c:78:bd:53:a9:7f:b2:42:0a:
0d:56:b9:52:fd:0a:23:18:71:3c:33:de:63:ff:7f:
a0:eb:34:55:eb:6e:66:20:8b:52:05:b8:d2:0d:8e:
cd:89:39:be:35:b5:a4:ce:77:b5:9c:81:bb:04:1d:
ea:63:a4:e6:3f:ac:74:b4:63:6a:07:87:7b:aa:c0:
9c:ac:20:dc:76:84:14:e6:5f:85:ba:20:c9:54:d9:
67:9a:51:1d:be:83:8d:3c:5f:aa:32:27:69:62:67:
ae:f6:c0:be:b9:45:23:e4:30:36:f0:e2:9b:b9:48:
83:fc:dc:d3:3b:d8:43:62:1f:cd:62:b1:65:4a:ce:
48:50:bd:d1:57:e3:50:b9:1a:77:e0:8c:55:81:f4:
98:cb:15:3e:32:17:7a:da:c8:75:ae:ea:2e:d0:94:
b6:57:87:96:5e:d7:3b:bf:41:40:e3:e5:ee:59:8f:
78:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:4D:B5:DC:9C:03:38:73:0D:97:74:DF:E6:A4:9C:05:9E:89:18:2F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jU213JwDOHMNl3Tf5qScBZ6JGC8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
64:5d:8c:a9:8b:66:64:56:37:9a:fc:bb:37:08:ea:66:97:a4:
d9:e7:dc:b2:16:a8:63:c1:a0:ae:c2:f3:e9:35:0b:1e:61:07:
38:3f:c0:f4:85:1e:b5:09:7f:06:7f:8d:96:64:f9:fb:c1:df:
fd:38:b0:13:1d:d9:ab:5d:3b:d8:8a:d4:19:8d:4f:6d:4c:dd:
88:1d:23:5d:47:24:ff:71:35:c0:c9:9f:74:66:fa:bb:bd:41:
07:8e:c6:78:2a:95:8b:cd:f0:88:7f:08:25:e5:f3:e6:31:3f:
90:3a:e2:f6:d5:84:a7:d6:fe:f3:60:fc:a7:a0:65:ec:24:37:
ed:88:89:20:78:25:b1:7a:86:8c:86:90:c0:e0:3f:ab:53:12:
fb:23:76:0e:79:00:22:df:ee:2e:a0:d2:7c:d8:f2:c1:1f:d9:
99:cc:50:24:ad:ef:c0:6f:99:45:a1:21:53:d9:6f:13:14:07:
0c:b8:f1:5f:32:60:1d:c6:eb:6d:c7:62:17:57:16:14:15:78:
9f:30:ca:8a:ad:1a:ae:72:35:52:44:51:4f:13:28:e3:4c:69:
53:9e:67:67:15:0d:8b:91:53:d5:35:fb:3f:34:17:f8:13:ad:
23:dd:97:35:30:c0:7b:ba:11:3c:41:e9:f2:7c:0c:1a:3b:e7:
41:59:1b:08
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdEgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDcw
OTQ2MjlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDhENERCNURDOUMwMzM4
NzMwRDk3NzRERkU2QTQ5QzA1OUU4OTE4MkYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCuD6nWPiHRy+ck4gGXXPrt5H1LRT3fANUt6dEfI3+Egl//UlRu
66ArHmwHfyKwLRvX6aTWKXyIhMurbKWTYaXSgoT/vE+24YuYzM0geWBMmyx4vVOp
f7JCCg1WuVL9CiMYcTwz3mP/f6DrNFXrbmYgi1IFuNINjs2JOb41taTOd7WcgbsE
HepjpOY/rHS0Y2oHh3uqwJysINx2hBTmX4W6IMlU2WeaUR2+g408X6oyJ2liZ672
wL65RSPkMDbw4pu5SIP83NM72ENiH81isWVKzkhQvdFX41C5GnfgjFWB9JjLFT4y
F3rayHWu6i7QlLZXh5Ze1zu/QUDj5e5Zj3hPAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUjU213JwDOHMNl3Tf5qScBZ6JGC8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2pVMjEzSndET0hNTmwz
VGY1cVNjQlo2SkdDOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBkXYyp
i2ZkVjea/Ls3COpml6TZ59yyFqhjwaCuwvPpNQseYQc4P8D0hR61CX8Gf42WZPn7
wd/9OLATHdmrXTvYitQZjU9tTN2IHSNdRyT/cTXAyZ90Zvq7vUEHjsZ4KpWLzfCI
fwgl5fPmMT+QOuL21YSn1v7zYPynoGXsJDftiIkgeCWxeoaMhpDA4D+rUxL7I3YO
eQAi3+4uoNJ82PLBH9mZzFAkre/Ab5lFoSFT2W8TFAcMuPFfMmAdxuttx2IXVxYU
FXifMMqKrRqucjVSRFFPEyjjTGlTnmdnFQ2LkVPVNfs/NBf4E60j3Zc1MMB7uhE8
QenyfAwaO+dBWRsI
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:58:02 2025 by rpki-client