Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/jhLblx8WP1jEsH2acG6ZOr2-Czs.roa
File: jhLblx8WP1jEsH2acG6ZOr2-Czs.roa (raw, json)
Hash identifier: VuS++TxMN7nJDjtTSckHRnZ2L8TI16f3LCUdwP9DmbM=
Subject key identifier: 8E:12:DB:97:1F:16:3F:58:C4:B0:7D:9A:70:6E:99:3A:BD:BE:0B:3B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 78DA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jhLblx8WP1jEsH2acG6ZOr2-Czs.roa
Signing time: Sat 19 Jul 2025 14:42:07 +0000
ROA not before: Sat 19 Jul 2025 14:42:07 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30938 (0x78da)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 19 14:42:07 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=8E12DB971F163F58C4B07D9A706E993ABDBE0B3B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:7f:05:b8:be:55:e7:b6:62:79:51:ff:1f:f8:
92:9f:1a:b7:ed:50:fe:24:a9:51:25:0e:0e:8e:03:
23:39:37:6a:1d:3c:de:d1:eb:1f:a4:1a:d9:60:5b:
4e:fc:6d:b0:a3:a1:a9:0e:b9:cb:f1:0a:0d:07:d9:
97:11:65:d2:3f:38:26:8d:c6:8d:0e:6a:eb:b9:1b:
c2:35:06:06:4f:e5:24:c6:d6:fb:32:f6:69:96:38:
34:41:6d:3a:23:91:74:a1:4f:b7:dd:8f:97:c8:2c:
86:ac:39:a9:22:e3:66:96:8b:51:15:bd:e1:43:34:
9d:cb:e5:cc:30:ec:a4:83:0a:97:30:81:81:11:81:
5a:05:51:80:e5:1e:c6:33:86:34:0e:4a:10:c5:65:
b7:a4:e9:85:ce:f6:e1:a0:52:b2:6d:8b:8a:0d:57:
fa:6e:d2:db:a5:58:70:2e:d2:00:6d:34:af:db:61:
8a:67:4c:0d:a8:a8:8a:f3:a2:d3:a2:13:7a:1c:63:
d4:72:9d:bc:f1:63:2c:81:4c:6d:c3:8a:f3:2b:1c:
cf:91:b9:d0:e9:60:5a:f8:db:5d:5e:d8:f1:fd:a6:
c3:d5:cf:e0:4c:11:2d:05:0c:c8:61:f9:67:f6:b9:
50:74:3a:5e:d3:b4:41:fd:35:f7:a3:cf:a1:01:7e:
f0:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8E:12:DB:97:1F:16:3F:58:C4:B0:7D:9A:70:6E:99:3A:BD:BE:0B:3B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jhLblx8WP1jEsH2acG6ZOr2-Czs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
ae:fd:b3:2c:28:dd:90:8d:d0:6b:7d:d5:38:f1:7f:08:4a:cf:
ea:0d:96:40:9c:9b:b4:bf:c0:b4:5c:ff:a7:a4:78:ef:a4:e7:
80:6d:d6:cd:44:f9:c3:c9:38:b2:47:eb:22:32:5f:61:49:25:
64:39:41:be:e0:4b:8a:5d:f7:24:d2:b7:99:37:a6:a1:09:8d:
65:5b:39:7a:ae:3a:73:63:26:8f:34:e8:79:3d:99:89:66:f6:
01:f4:eb:bf:f3:77:46:e0:66:f0:29:2c:b3:3c:80:08:43:46:
91:d0:98:10:86:1a:75:33:bc:c5:65:b9:31:5c:53:e0:26:ac:
8a:79:1b:43:df:a3:6d:60:cd:03:1c:5b:1a:f0:e5:1f:51:f5:
f5:cd:a2:34:8b:b2:aa:d6:b2:cc:51:07:4e:21:27:c1:2f:66:
39:45:e7:d4:e4:60:12:fe:59:04:b4:ea:64:f7:c5:63:e8:d9:
36:54:e1:12:12:f8:c4:3d:47:c3:6b:98:3e:7c:52:45:fe:48:
a5:27:15:21:85:69:df:5b:2a:2c:2e:6a:92:e4:35:eb:24:9c:
16:26:e9:83:38:a5:57:97:00:0c:17:a1:ac:94:a7:17:f3:05:
d4:d6:ed:a3:fc:71:c4:02:68:59:47:dd:70:2c:07:d7:af:0f:
ec:69:21:8c
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeNowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTkx
NDQyMDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDhFMTJEQjk3MUYxNjNG
NThDNEIwN0Q5QTcwNkU5OTNBQkRCRTBCM0IwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDQfwW4vlXntmJ5Uf8f+JKfGrftUP4kqVElDg6OAyM5N2odPN7R
6x+kGtlgW078bbCjoakOucvxCg0H2ZcRZdI/OCaNxo0Oauu5G8I1BgZP5STG1vsy
9mmWODRBbTojkXShT7fdj5fILIasOaki42aWi1EVveFDNJ3L5cww7KSDCpcwgYER
gVoFUYDlHsYzhjQOShDFZbek6YXO9uGgUrJti4oNV/pu0tulWHAu0gBtNK/bYYpn
TA2oqIrzotOiE3ocY9RynbzxYyyBTG3DivMrHM+RudDpYFr4211e2PH9psPVz+BM
ES0FDMhh+Wf2uVB0Ol7TtEH9Nfejz6EBfvDxAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUjhLblx8WP1jEsH2acG6ZOr2+CzswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2poTGJseDhXUDFqRXNI
MmFjRzZaT3IyLUN6cy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCu/bMs
KN2QjdBrfdU48X8ISs/qDZZAnJu0v8C0XP+npHjvpOeAbdbNRPnDyTiyR+siMl9h
SSVkOUG+4EuKXfck0reZN6ahCY1lWzl6rjpzYyaPNOh5PZmJZvYB9Ou/83dG4Gbw
KSyzPIAIQ0aR0JgQhhp1M7zFZbkxXFPgJqyKeRtD36NtYM0DHFsa8OUfUfX1zaI0
i7Kq1rLMUQdOISfBL2Y5RefU5GAS/lkEtOpk98Vj6Nk2VOESEvjEPUfDa5g+fFJF
/kilJxUhhWnfWyosLmqS5DXrJJwWJumDOKVXlwAMF6GslKcX8wXU1u2j/HHEAmhZ
R91wLAfXrw/saSGM
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:35:51 2025 by rpki-client