Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/tJlwuc_7gw6WqQcgfSee3QMneYA.roa
File: tJlwuc_7gw6WqQcgfSee3QMneYA.roa (raw, json)
Hash identifier: hxs+j+I8+D65nW3hlwn31TjAq2pRLigU5oKNh39MeWo=
Subject key identifier: B4:99:70:B9:CF:FB:83:0E:96:A9:07:20:7D:27:9E:DD:03:27:79:80
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 725A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tJlwuc_7gw6WqQcgfSee3QMneYA.roa
Signing time: Wed 02 Jul 2025 06:23:30 +0000
ROA not before: Wed 02 Jul 2025 06:23:30 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29274 (0x725a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 2 06:23:30 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B49970B9CFFB830E96A907207D279EDD03277980
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:dd:97:fa:17:8d:60:83:a1:90:86:f9:00:03:
08:82:86:9e:c6:91:f1:98:84:2e:d7:b1:24:d3:57:
79:c5:f2:cf:b4:af:18:ed:55:85:2a:f9:9e:3d:99:
35:e1:bd:0a:03:22:9c:94:c4:10:8c:76:e5:6d:ff:
c9:41:32:6d:e0:85:ba:de:4c:3a:aa:bb:7f:59:fa:
34:c8:eb:3f:9d:a3:71:d4:c6:3b:48:16:0a:f5:0f:
23:3c:86:49:ce:28:ff:57:72:0f:fc:aa:27:5f:c5:
a9:e0:0a:3e:2a:55:99:40:20:fc:1b:39:67:f1:0b:
ce:d9:99:31:65:62:25:c5:3a:6c:76:64:2c:9c:fc:
51:35:9d:5d:d5:38:40:b8:99:3d:12:ae:66:87:6a:
97:90:d0:71:b3:e8:93:1d:5c:8c:f4:a1:70:c1:57:
9d:57:4b:a4:58:1a:c7:0b:23:df:bf:3d:17:a0:ea:
2e:33:bf:29:f1:1e:58:33:fb:eb:95:c3:f9:ae:cc:
84:7d:7a:0e:14:4a:3c:bb:1f:fc:19:98:11:6a:85:
e7:5d:47:3d:7f:d6:04:dd:df:77:37:91:13:d1:84:
c4:9a:50:61:ae:dc:7d:86:e5:a4:56:71:58:4d:ee:
b4:d2:2a:11:9c:93:7d:36:7f:12:0b:92:d1:46:41:
46:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:99:70:B9:CF:FB:83:0E:96:A9:07:20:7D:27:9E:DD:03:27:79:80
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tJlwuc_7gw6WqQcgfSee3QMneYA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
18:ac:42:8e:17:06:fd:85:85:bc:d8:a2:59:2c:e1:c1:08:9e:
00:80:0b:a4:8d:66:5d:dc:fe:d3:05:85:01:29:22:f7:db:64:
50:37:dd:6b:02:ad:d7:ee:7b:8d:69:96:8f:d7:fd:5d:d9:2c:
cd:dc:4f:cd:1b:a4:cd:f8:77:ac:b2:2b:98:3f:c8:55:0c:21:
c9:4e:1d:9a:86:59:8e:8b:cc:28:6d:0d:39:14:f2:75:a2:2f:
4d:7f:cf:f8:f7:ab:4c:ea:c1:81:e0:eb:b5:02:19:36:1a:0a:
60:91:3f:63:cc:6b:0a:89:14:f4:77:7f:3e:d0:cf:55:7b:cd:
41:cd:d0:ea:95:6d:cf:03:33:63:3c:db:3c:bc:c6:2a:f3:be:
60:7c:5a:de:84:64:7f:b8:86:34:c2:ee:f2:5f:7b:1c:b0:66:
86:9e:92:a9:d1:05:af:35:28:34:c8:01:36:7a:18:46:56:b4:
43:a5:5e:c3:81:5b:8c:9c:44:b4:8c:95:9f:da:5c:d7:59:4c:
b9:b5:c2:fc:1d:60:48:c7:d0:39:08:49:c3:2c:c8:4d:a6:80:
79:9b:0b:3a:a4:95:84:17:37:11:a3:cd:ec:52:23:ce:e9:f7:
01:9c:7e:68:22:06:ec:ef:52:57:4f:d9:a3:fc:94:f6:e4:55:
00:55:47:ac
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICclowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDIw
NjIzMzBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEI0OTk3MEI5Q0ZGQjgz
MEU5NkE5MDcyMDdEMjc5RUREMDMyNzc5ODAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCy3Zf6F41gg6GQhvkAAwiChp7GkfGYhC7XsSTTV3nF8s+0rxjt
VYUq+Z49mTXhvQoDIpyUxBCMduVt/8lBMm3ghbreTDqqu39Z+jTI6z+do3HUxjtI
Fgr1DyM8hknOKP9Xcg/8qidfxangCj4qVZlAIPwbOWfxC87ZmTFlYiXFOmx2ZCyc
/FE1nV3VOEC4mT0SrmaHapeQ0HGz6JMdXIz0oXDBV51XS6RYGscLI9+/PReg6i4z
vynxHlgz++uVw/muzIR9eg4USjy7H/wZmBFqheddRz1/1gTd33c3kRPRhMSaUGGu
3H2G5aRWcVhN7rTSKhGck302fxILktFGQUbDAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUtJlwuc/7gw6WqQcgfSee3QMneYAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3RKbHd1Y183Z3c2V3FR
Y2dmU2VlM1FNbmVZQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAYrEKO
Fwb9hYW82KJZLOHBCJ4AgAukjWZd3P7TBYUBKSL322RQN91rAq3X7nuNaZaP1/1d
2SzN3E/NG6TN+HessiuYP8hVDCHJTh2ahlmOi8wobQ05FPJ1oi9Nf8/496tM6sGB
4Ou1Ahk2GgpgkT9jzGsKiRT0d38+0M9Ve81BzdDqlW3PAzNjPNs8vMYq875gfFre
hGR/uIY0wu7yX3scsGaGnpKp0QWvNSg0yAE2ehhGVrRDpV7DgVuMnES0jJWf2lzX
WUy5tcL8HWBIx9A5CEnDLMhNpoB5mws6pJWEFzcRo83sUiPO6fcBnH5oIgbs71JX
T9mj/JT25FUAVUes
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:55:35 2025 by rpki-client