Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/jaQTOwp72PA58zLEDtkMF2nVWFE.roa
File: jaQTOwp72PA58zLEDtkMF2nVWFE.roa (raw, json)
Hash identifier: 2WVl294hL5uWtJDuT04FnNCreo+SiY9jldtV9iH5hSM=
Subject key identifier: 8D:A4:13:3B:0A:7B:D8:F0:39:F3:32:C4:0E:D9:0C:17:69:D5:58:51
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6E00
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jaQTOwp72PA58zLEDtkMF2nVWFE.roa
Signing time: Fri 20 Jun 2025 21:44:00 +0000
ROA not before: Fri 20 Jun 2025 21:44:00 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28160 (0x6e00)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 20 21:44:00 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=8DA4133B0A7BD8F039F332C40ED90C1769D55851
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:ee:9c:a7:42:f5:f3:87:76:78:dd:e4:57:ae:
3f:c9:ae:fc:0b:13:47:3a:6d:b2:ca:a0:26:5d:bf:
90:2b:41:fc:6f:22:bd:cb:e2:cb:f1:46:df:a7:b4:
5c:42:81:2d:ab:73:09:e5:5e:b4:d2:7f:63:83:11:
98:3b:06:63:1d:54:c6:1e:d6:64:e8:7e:67:a4:eb:
cf:43:9a:21:c9:d6:e9:4e:04:b9:54:a4:04:82:0e:
b1:b3:8f:37:a9:fd:d4:f4:04:06:87:09:f5:71:3c:
9c:f6:67:c4:1f:0c:37:f1:da:76:8f:31:99:9b:9c:
cb:0c:e5:84:ce:d6:6c:f0:75:fb:f5:b9:d8:76:ff:
0d:e1:41:b0:37:ad:fc:da:a8:d1:37:c0:c8:9c:f5:
be:31:88:a6:97:34:f4:c3:63:1a:a0:32:82:2c:25:
3b:c4:66:91:c6:b9:39:84:f0:6b:98:9b:ca:c0:1c:
b8:51:f6:19:64:80:10:ff:47:9c:7c:39:3c:c0:f7:
c1:cd:80:a1:12:d7:c4:da:60:da:dd:7f:2d:0a:78:
40:31:a8:22:5f:6e:e4:40:aa:bc:22:2d:2d:52:82:
f2:c2:df:0c:25:2c:b8:fd:59:3d:f2:dc:88:e0:18:
0a:d5:97:a0:10:31:18:ef:2c:aa:6a:99:2c:49:f6:
17:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:A4:13:3B:0A:7B:D8:F0:39:F3:32:C4:0E:D9:0C:17:69:D5:58:51
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jaQTOwp72PA58zLEDtkMF2nVWFE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
68:c5:07:04:f2:98:3b:cd:a9:30:8d:fb:49:f1:e7:d0:27:fd:
80:77:73:ea:6f:b3:9e:48:b2:c3:7e:49:e4:e8:52:5c:69:e7:
8c:21:c8:c1:d2:a8:6e:b6:c6:02:cf:41:cb:21:fb:c2:3e:bd:
b6:1a:61:f6:e0:db:2e:ad:c7:6e:d4:3c:17:ab:ee:04:11:46:
5f:f4:33:a3:3e:3f:7d:f2:4e:bf:f0:4f:3d:16:4e:01:71:6c:
97:77:7a:78:41:9a:53:f6:eb:77:9f:e7:c8:b7:b2:a2:27:f9:
b8:de:74:eb:6b:fd:82:3a:bc:a1:20:3f:f8:d4:70:5e:e3:f2:
b5:1c:3d:4d:cf:3e:75:cd:4a:c2:0e:dc:2a:e0:3e:f7:61:ac:
e7:36:cc:22:17:f2:1a:61:2c:ba:d6:dc:4a:4c:7f:95:af:7b:
a1:83:66:c4:d7:81:3c:cc:e6:84:a4:67:08:a3:ec:b4:b1:47:
dc:cc:fb:aa:99:09:cf:9a:b3:97:1c:f3:c2:6d:cb:99:f8:31:
9b:d3:a9:da:34:7a:ec:52:a8:df:0f:aa:98:80:0e:ee:d4:d3:
3a:96:60:c9:d5:f6:39:80:e1:c3:7f:61:10:7a:7b:5d:2a:27:
7a:60:b8:8c:bf:f2:49:6c:e4:b5:57:45:f5:7a:28:7f:16:38:
4d:f1:dc:b0
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbgAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjAy
MTQ0MDBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDhEQTQxMzNCMEE3QkQ4
RjAzOUYzMzJDNDBFRDkwQzE3NjlENTU4NTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC57pynQvXzh3Z43eRXrj/JrvwLE0c6bbLKoCZdv5ArQfxvIr3L
4svxRt+ntFxCgS2rcwnlXrTSf2ODEZg7BmMdVMYe1mTofmek689DmiHJ1ulOBLlU
pASCDrGzjzep/dT0BAaHCfVxPJz2Z8QfDDfx2naPMZmbnMsM5YTO1mzwdfv1udh2
/w3hQbA3rfzaqNE3wMic9b4xiKaXNPTDYxqgMoIsJTvEZpHGuTmE8GuYm8rAHLhR
9hlkgBD/R5x8OTzA98HNgKES18TaYNrdfy0KeEAxqCJfbuRAqrwiLS1SgvLC3wwl
LLj9WT3y3IjgGArVl6AQMRjvLKpqmSxJ9hf/AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUjaQTOwp72PA58zLEDtkMF2nVWFEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2phUVRPd3A3MlBBNTh6
TEVEdGtNRjJuVldGRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBoxQcE
8pg7zakwjftJ8efQJ/2Ad3Pqb7OeSLLDfknk6FJcaeeMIcjB0qhutsYCz0HLIfvC
Pr22GmH24Nsurcdu1DwXq+4EEUZf9DOjPj998k6/8E89Fk4BcWyXd3p4QZpT9ut3
n+fIt7KiJ/m43nTra/2COryhID/41HBe4/K1HD1Nzz51zUrCDtwq4D73YaznNswi
F/IaYSy61txKTH+Vr3uhg2bE14E8zOaEpGcIo+y0sUfczPuqmQnPmrOXHPPCbcuZ
+DGb06naNHrsUqjfD6qYgA7u1NM6lmDJ1fY5gOHDf2EQentdKid6YLiMv/JJbOS1
V0X1eih/FjhN8dyw
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:32:04 2025 by rpki-client