Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/nJS0Le2sdWCXuwGhfxiPv1tJkxs.roa
File: nJS0Le2sdWCXuwGhfxiPv1tJkxs.roa (raw, json)
Hash identifier: KaGBJAIjH9pBhJGSvpty/gkuDtsFfpo+Wm3AwaVuZDY=
Subject key identifier: 9C:94:B4:2D:ED:AC:75:60:97:BB:01:A1:7F:18:8F:BF:5B:49:93:1B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6D36
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/nJS0Le2sdWCXuwGhfxiPv1tJkxs.roa
Signing time: Wed 18 Jun 2025 07:42:31 +0000
ROA not before: Wed 18 Jun 2025 07:42:31 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27958 (0x6d36)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 18 07:42:31 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=9C94B42DEDAC756097BB01A17F188FBF5B49931B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:22:53:b7:94:2c:fa:9e:86:7a:e5:b6:74:dc:
b4:35:63:b3:d7:11:2d:6c:d6:68:a8:4e:47:5e:d0:
96:cf:3d:f4:3e:42:1e:05:37:98:95:e4:8c:c9:10:
45:b0:39:2b:13:01:2d:17:5c:69:77:c5:7f:a3:e9:
65:72:7f:d9:ae:c0:c5:5e:5b:8f:b4:54:95:ee:d5:
74:e4:ae:0c:fb:50:6a:59:11:96:37:0e:63:d3:a6:
42:75:73:a0:2e:3a:e3:ea:7e:87:9b:ed:e8:1c:07:
e1:33:6e:44:bf:5e:46:91:d0:f0:4b:ed:7b:e6:cf:
c3:42:4c:15:5a:67:64:e3:4c:55:90:4a:dd:d3:ad:
82:c5:7f:7a:25:08:a4:b8:bb:c5:60:80:2d:bd:83:
e3:30:30:dd:68:41:1d:92:4d:63:1a:3b:e1:be:ea:
49:bf:1b:26:32:13:0b:56:60:98:02:b6:52:b6:2d:
3a:53:32:d2:2a:d3:83:6b:60:45:4c:f4:c9:ed:d1:
e3:72:de:00:c7:5d:e7:95:09:43:01:55:ac:e2:05:
2c:ef:98:aa:7b:61:e2:a1:7a:16:da:dd:92:30:9b:
20:ae:d1:20:6f:c7:d8:14:39:37:5e:b8:59:31:08:
f8:08:f3:53:f3:b3:ea:cb:f0:d1:9a:4a:95:a0:7c:
11:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:94:B4:2D:ED:AC:75:60:97:BB:01:A1:7F:18:8F:BF:5B:49:93:1B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/nJS0Le2sdWCXuwGhfxiPv1tJkxs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
5b:e2:47:98:c5:92:25:11:f6:6e:d9:12:b1:9d:ef:61:9d:04:
9d:74:54:03:f0:aa:79:cd:6b:2f:e5:42:00:fd:22:e7:d5:1c:
ac:9a:2e:c6:29:5d:78:a0:e6:9f:67:08:60:c2:4d:11:82:58:
b4:33:1e:84:c7:5d:0d:1a:77:77:cd:09:a0:5e:6e:ae:ad:db:
b8:8d:97:72:02:12:4f:2a:13:70:72:69:bf:43:d4:d4:97:a0:
cc:47:44:8d:1e:b9:bf:b5:97:69:1a:b9:a2:16:91:f2:87:56:
9b:71:62:40:23:bf:c0:eb:7e:80:72:2e:d7:94:44:c9:fc:2b:
dc:12:9b:e7:a8:97:c2:5f:65:20:d8:ee:bc:4c:f9:c6:bf:b6:
44:b9:8a:36:03:8f:23:4b:1f:76:e7:38:c1:d6:68:74:d0:47:
3c:8d:42:75:eb:ca:3c:38:99:ac:cf:69:e3:0a:50:ab:6b:58:
79:79:6a:3b:66:a7:b1:bc:9c:02:ac:94:bc:61:ca:35:2d:2f:
ef:1a:af:5a:2f:51:96:fb:63:2c:69:ea:62:fb:2c:7a:98:22:
65:4f:8f:3e:a0:d8:07:14:fa:d1:61:81:c3:89:e6:c7:c9:c3:
66:b5:a1:b3:1d:de:44:d7:4e:47:f9:bc:46:42:84:79:d0:c6:
79:ee:17:74
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbTYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTgw
NzQyMzFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDlDOTRCNDJERURBQzc1
NjA5N0JCMDFBMTdGMTg4RkJGNUI0OTkzMUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDkIlO3lCz6noZ65bZ03LQ1Y7PXES1s1mioTkde0JbPPfQ+Qh4F
N5iV5IzJEEWwOSsTAS0XXGl3xX+j6WVyf9muwMVeW4+0VJXu1XTkrgz7UGpZEZY3
DmPTpkJ1c6AuOuPqfoeb7egcB+EzbkS/XkaR0PBL7Xvmz8NCTBVaZ2TjTFWQSt3T
rYLFf3olCKS4u8VggC29g+MwMN1oQR2STWMaO+G+6km/GyYyEwtWYJgCtlK2LTpT
MtIq04NrYEVM9Mnt0eNy3gDHXeeVCUMBVaziBSzvmKp7YeKhehba3ZIwmyCu0SBv
x9gUOTdeuFkxCPgI81Pzs+rL8NGaSpWgfBEhAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUnJS0Le2sdWCXuwGhfxiPv1tJkxswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L25KUzBMZTJzZFdDWHV3
R2hmeGlQdjF0Smt4cy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBb4keY
xZIlEfZu2RKxne9hnQSddFQD8Kp5zWsv5UIA/SLn1Rysmi7GKV14oOafZwhgwk0R
gli0Mx6Ex10NGnd3zQmgXm6urdu4jZdyAhJPKhNwcmm/Q9TUl6DMR0SNHrm/tZdp
GrmiFpHyh1abcWJAI7/A636Aci7XlETJ/CvcEpvnqJfCX2Ug2O68TPnGv7ZEuYo2
A48jSx925zjB1mh00Ec8jUJ168o8OJmsz2njClCra1h5eWo7ZqexvJwCrJS8Yco1
LS/vGq9aL1GW+2Msaepi+yx6mCJlT48+oNgHFPrRYYHDiebHycNmtaGzHd5E105H
+bxGQoR50MZ57hd0
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:46:49 2025 by rpki-client