Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/juTSBfR4ZQkFGYohWPtcfFdldGQ.roa
File: juTSBfR4ZQkFGYohWPtcfFdldGQ.roa (raw, json)
Hash identifier: 3MOBdyZxbf/NDPqLC8d4ZdEaiVmGCvrvLet2HEOxzTw=
Subject key identifier: 8E:E4:D2:05:F4:78:65:09:05:19:8A:21:58:FB:5C:7C:57:65:74:64
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 773A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/juTSBfR4ZQkFGYohWPtcfFdldGQ.roa
Signing time: Tue 15 Jul 2025 06:42:01 +0000
ROA not before: Tue 15 Jul 2025 06:42:01 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30522 (0x773a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 15 06:42:01 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=8EE4D205F478650905198A2158FB5C7C57657464
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:2d:58:3b:ee:8a:15:8c:51:c9:24:cb:89:e7:
ae:7f:bc:56:7f:66:35:37:5d:ce:3b:f2:f2:6a:49:
ea:41:77:bd:e2:a9:d0:42:05:aa:40:fd:da:95:9e:
c2:73:16:15:0a:1c:6f:9f:3a:3e:c3:33:4a:86:bc:
3a:a6:0a:23:06:8b:f5:5a:9e:8c:ef:6d:d1:dc:08:
02:f3:08:31:dd:9f:61:19:17:ad:87:ba:e3:82:ad:
5c:8f:1c:8f:3a:20:09:33:3a:ef:74:48:d5:21:a6:
42:30:ed:c0:11:15:2c:4d:ef:67:56:3f:16:a2:41:
3f:e5:93:95:ca:a1:4b:dd:bb:9f:76:3a:8d:2f:43:
fa:41:2c:3a:ae:9f:35:f0:66:bb:98:5e:3f:3f:82:
2a:27:a1:14:6a:05:af:66:12:3e:d8:d7:98:ed:7e:
87:1f:b1:b3:3c:dc:7b:5c:f5:00:64:1c:e4:d1:ca:
f3:40:93:c6:70:73:2d:d9:86:60:86:61:59:58:08:
02:e4:e7:68:ae:54:45:74:fc:c5:b7:75:90:16:1b:
50:69:e7:80:0e:52:91:c1:90:de:55:ae:3a:21:ca:
84:d8:cd:58:32:b6:fd:22:ba:3d:12:2a:0f:31:b5:
56:0a:17:7e:8f:01:87:89:95:d0:6e:26:c6:66:27:
66:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8E:E4:D2:05:F4:78:65:09:05:19:8A:21:58:FB:5C:7C:57:65:74:64
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/juTSBfR4ZQkFGYohWPtcfFdldGQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
60:86:f4:64:c1:e7:4b:b8:4b:d9:5f:32:88:51:00:aa:f1:78:
cc:2b:e0:46:a2:b8:28:bf:07:28:fa:d3:b8:fa:61:b2:29:43:
60:b3:c1:b7:1f:f0:cf:1b:0f:e8:77:e7:2a:9e:59:48:a3:c2:
27:22:15:a0:64:b4:e0:30:dd:b1:f0:14:3c:b8:9d:45:92:b9:
71:cd:52:c2:e4:55:25:2c:18:7e:f6:b1:35:a0:4d:d1:eb:3d:
59:97:9e:97:c6:f4:72:af:c4:ac:97:fe:aa:75:0a:c3:56:69:
95:a3:1a:11:f5:ce:b4:46:43:da:c1:37:0f:31:63:3c:c6:d8:
2e:ee:dd:77:d7:a4:f6:c3:11:98:f0:1f:47:2b:82:99:1b:34:
9b:65:39:3b:4a:35:60:39:c5:dc:a7:73:96:07:6f:04:61:d1:
5b:df:18:38:ce:15:c2:1b:69:db:22:09:8d:f8:bd:39:c1:38:
30:6b:1c:f8:d0:8b:75:a9:77:ec:3b:9d:df:5e:29:44:c0:15:
83:88:e1:c3:73:52:83:26:4a:fb:f0:07:1d:89:95:79:dd:c9:
18:cb:29:74:c3:f7:b9:a8:be:b9:d5:03:6f:cb:4c:af:47:42:
0b:db:b5:c3:1c:77:d5:e7:31:a5:63:15:f1:88:1c:59:cd:28:
2b:e9:05:e8
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdzowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTUw
NjQyMDFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDhFRTREMjA1RjQ3ODY1
MDkwNTE5OEEyMTU4RkI1QzdDNTc2NTc0NjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDGLVg77ooVjFHJJMuJ565/vFZ/ZjU3Xc478vJqSepBd73iqdBC
BapA/dqVnsJzFhUKHG+fOj7DM0qGvDqmCiMGi/VanozvbdHcCALzCDHdn2EZF62H
uuOCrVyPHI86IAkzOu90SNUhpkIw7cARFSxN72dWPxaiQT/lk5XKoUvdu592Oo0v
Q/pBLDqunzXwZruYXj8/gionoRRqBa9mEj7Y15jtfocfsbM83Htc9QBkHOTRyvNA
k8Zwcy3ZhmCGYVlYCALk52iuVEV0/MW3dZAWG1Bp54AOUpHBkN5VrjohyoTYzVgy
tv0iuj0SKg8xtVYKF36PAYeJldBuJsZmJ2ZBAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUjuTSBfR4ZQkFGYohWPtcfFdldGQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2p1VFNCZlI0WlFrRkdZ
b2hXUHRjZkZkbGRHUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBghvRk
wedLuEvZXzKIUQCq8XjMK+BGorgovwco+tO4+mGyKUNgs8G3H/DPGw/od+cqnllI
o8InIhWgZLTgMN2x8BQ8uJ1FkrlxzVLC5FUlLBh+9rE1oE3R6z1Zl56XxvRyr8Ss
l/6qdQrDVmmVoxoR9c60RkPawTcPMWM8xtgu7t1316T2wxGY8B9HK4KZGzSbZTk7
SjVgOcXcp3OWB28EYdFb3xg4zhXCG2nbIgmN+L05wTgwaxz40It1qXfsO53fXilE
wBWDiOHDc1KDJkr78AcdiZV53ckYyyl0w/e5qL651QNvy0yvR0IL27XDHHfV5zGl
YxXxiBxZzSgr6QXo
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:50:42 2025 by rpki-client