Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/j_9oFIfvl2Vnfb3-6OgP7c4zqmo.roa
File: j_9oFIfvl2Vnfb3-6OgP7c4zqmo.roa (raw, json)
Hash identifier: BC1KcLE2EUrUa5dSJZzLdm//VQ3nqiPGj9LAQNblPfY=
Subject key identifier: 8F:FF:68:14:87:EF:97:65:67:7D:BD:FE:E8:E8:0F:ED:CE:33:AA:6A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6600
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/j_9oFIfvl2Vnfb3-6OgP7c4zqmo.roa
Signing time: Fri 30 May 2025 02:11:29 +0000
ROA not before: Fri 30 May 2025 02:11:29 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26112 (0x6600)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 30 02:11:29 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=8FFF681487EF9765677DBDFEE8E80FEDCE33AA6A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:d4:35:b8:33:b9:12:4c:32:6a:6f:d8:d9:2b:
cf:94:58:e1:45:05:76:80:38:41:5e:ca:26:c7:7b:
3d:92:0a:71:8c:cc:3e:90:43:da:48:65:2b:2f:1a:
41:fd:20:0a:2c:eb:8c:f8:1f:34:69:cf:15:32:98:
91:6c:4b:34:ac:ee:49:ce:55:48:c0:a9:23:9c:1f:
c8:62:d1:98:18:c9:ea:2e:26:8c:1c:76:9b:0d:74:
c9:f5:1f:a0:32:bb:14:49:36:39:20:b4:ef:be:19:
e3:fa:fe:d4:25:9a:65:b0:f3:1c:14:67:2b:eb:b5:
d0:e7:89:83:f6:13:04:99:de:b0:c2:e8:bb:c5:71:
67:ba:ce:3f:96:88:da:05:7b:67:f1:23:08:9e:f1:
ca:46:1d:73:fa:08:a6:1a:20:a4:74:a9:0d:77:29:
8c:e1:ff:99:04:72:3d:5c:7a:15:7f:a8:3a:20:80:
d5:d0:10:27:89:6e:76:05:e5:09:31:fc:22:eb:c5:
75:a2:e6:a9:fd:42:6b:30:d1:82:81:87:5a:2e:dc:
86:63:00:7b:a6:ea:34:a0:9f:51:69:6d:bf:8e:c7:
5b:34:33:0f:d5:9f:1c:19:40:8c:f9:a8:92:ce:36:
71:62:79:ea:8b:f7:6c:0d:58:f1:77:82:9e:7b:c4:
4d:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:FF:68:14:87:EF:97:65:67:7D:BD:FE:E8:E8:0F:ED:CE:33:AA:6A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/j_9oFIfvl2Vnfb3-6OgP7c4zqmo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
32:fe:da:5d:f6:bb:05:d4:ad:5f:15:26:df:d5:eb:2a:ae:57:
98:f0:c0:d3:8d:09:af:07:04:52:5f:e1:f2:57:c1:e1:40:7f:
5a:5d:cf:da:ac:3b:33:86:0c:8f:3b:7e:89:60:5d:ad:dc:74:
66:51:c8:a6:e8:c5:20:ac:e7:76:3c:a5:53:fa:00:47:25:0b:
fa:ed:fe:5f:05:ae:14:d0:3a:c2:9b:50:68:f7:9c:e8:e5:12:
45:05:9e:97:7d:9c:c5:21:8e:d3:41:1a:48:25:79:4c:b2:36:
2d:e2:88:80:7c:e5:54:3c:91:80:f2:e0:cf:11:99:34:1d:04:
e8:65:67:b0:94:99:82:c7:37:c9:ec:7d:b6:65:b7:9c:d6:bc:
06:a4:db:11:7e:bf:b1:e9:e4:06:15:8a:b5:db:c2:99:d9:44:
b0:c9:9c:97:b7:28:96:83:e3:11:5c:7a:ef:ff:81:2a:ff:08:
60:ac:ad:74:eb:83:75:44:ef:da:b9:10:5f:c9:bc:43:0f:a3:
40:c2:63:17:1b:6c:81:49:e7:19:25:9a:e8:9b:14:86:a9:53:
b7:f5:67:0d:e7:e3:f6:c6:b0:0e:91:58:6f:40:a5:62:21:b8:
4f:87:1a:ba:75:7f:08:53:3d:0a:8f:d9:19:ad:59:51:fb:00:
40:d8:ef:a5
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZgAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MzAw
MjExMjlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDhGRkY2ODE0ODdFRjk3
NjU2NzdEQkRGRUU4RTgwRkVEQ0UzM0FBNkEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCw1DW4M7kSTDJqb9jZK8+UWOFFBXaAOEFeyibHez2SCnGMzD6Q
Q9pIZSsvGkH9IAos64z4HzRpzxUymJFsSzSs7knOVUjAqSOcH8hi0ZgYyeouJowc
dpsNdMn1H6AyuxRJNjkgtO++GeP6/tQlmmWw8xwUZyvrtdDniYP2EwSZ3rDC6LvF
cWe6zj+WiNoFe2fxIwie8cpGHXP6CKYaIKR0qQ13KYzh/5kEcj1cehV/qDoggNXQ
ECeJbnYF5Qkx/CLrxXWi5qn9Qmsw0YKBh1ou3IZjAHum6jSgn1Fpbb+Ox1s0Mw/V
nxwZQIz5qJLONnFieeqL92wNWPF3gp57xE3VAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUj/9oFIfvl2Vnfb3+6OgP7c4zqmowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2pfOW9GSWZ2bDJWbmZi
My02T2dQN2M0enFtby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAy/tpd
9rsF1K1fFSbf1esqrleY8MDTjQmvBwRSX+HyV8HhQH9aXc/arDszhgyPO36JYF2t
3HRmUcim6MUgrOd2PKVT+gBHJQv67f5fBa4U0DrCm1Bo95zo5RJFBZ6XfZzFIY7T
QRpIJXlMsjYt4oiAfOVUPJGA8uDPEZk0HQToZWewlJmCxzfJ7H22Zbec1rwGpNsR
fr+x6eQGFYq128KZ2USwyZyXtyiWg+MRXHrv/4Eq/whgrK1064N1RO/auRBfybxD
D6NAwmMXG2yBSecZJZromxSGqVO39WcN5+P2xrAOkVhvQKViIbhPhxq6dX8IUz0K
j9kZrVlR+wBA2O+l
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:57:43 2025 by rpki-client