Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/jPxVYz7NBCqJoUCpHHWmTfSZC8w.roa
File: jPxVYz7NBCqJoUCpHHWmTfSZC8w.roa (raw, json)
Hash identifier: eqe06UDw7kSOmrxzJCGCy4JzK5Y1drQPD/cv+ZQ+RBM=
Subject key identifier: 8C:FC:55:63:3E:CD:04:2A:89:A1:40:A9:1C:75:A6:4D:F4:99:0B:CC
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 60F6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jPxVYz7NBCqJoUCpHHWmTfSZC8w.roa
Signing time: Fri 16 May 2025 15:40:27 +0000
ROA not before: Fri 16 May 2025 15:40:27 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24822 (0x60f6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 16 15:40:27 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=8CFC55633ECD042A89A140A91C75A64DF4990BCC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:5d:82:e4:ad:36:c1:a1:b3:b4:bf:aa:e3:b2:
5f:17:31:cc:46:ed:fb:df:14:b8:d4:2d:e0:c7:99:
c5:09:db:08:7b:8d:05:e8:04:66:b3:e6:de:76:7e:
d5:8f:d8:fc:00:29:70:5b:85:d4:2f:0b:68:6f:82:
d6:13:03:60:a9:4a:c9:02:43:a7:26:ee:1f:2e:9b:
11:f2:ca:7d:67:46:a6:2c:c3:95:b7:c9:a6:4b:8b:
2c:bd:32:4b:c3:1e:44:46:a4:2a:3f:d5:a7:4c:e0:
71:fc:4b:c8:5b:71:e2:dc:38:4f:5e:87:d3:eb:79:
98:c7:6b:45:31:31:79:89:b9:07:7f:57:30:28:42:
9b:67:57:85:f8:fb:08:98:f4:40:a1:74:95:7e:7d:
a0:3e:f5:23:ac:42:81:29:27:79:6d:dd:60:2f:3e:
61:2b:e9:12:84:3d:41:fe:54:66:ce:00:aa:16:f1:
b0:e7:c1:58:00:85:f0:13:58:1b:48:4b:03:ce:bd:
4f:d5:c1:22:db:ab:74:8e:67:e3:70:c4:f0:b0:77:
b3:8d:1e:95:6d:c5:0e:97:a8:95:3b:38:3f:49:90:
dd:a8:4b:ad:eb:de:0a:d9:66:ba:86:0b:d0:e9:82:
f1:0f:db:7b:c8:20:2f:ea:63:43:b0:ef:fb:a7:73:
9b:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:FC:55:63:3E:CD:04:2A:89:A1:40:A9:1C:75:A6:4D:F4:99:0B:CC
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jPxVYz7NBCqJoUCpHHWmTfSZC8w.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
8a:b4:46:3b:67:f8:0e:09:b4:85:6a:0c:a9:b4:0b:f7:3f:6b:
15:fb:ee:01:07:3e:97:72:fb:a2:9c:74:48:60:e7:93:0d:38:
ff:54:92:7e:0a:4e:3c:cd:92:20:6c:c5:66:24:d2:c1:95:45:
0e:41:71:0e:d5:34:b4:4e:e0:9e:c6:dd:a4:a6:91:ad:2c:cd:
b2:9e:5a:67:80:1e:bb:6a:26:9a:6c:7e:5d:bc:9a:a3:52:c3:
98:a5:86:2d:80:6b:9c:b8:95:89:a5:aa:2e:db:b5:62:ac:c3:
cc:d2:db:28:9f:03:d3:22:60:b9:dc:4e:03:6a:9b:48:6d:e8:
3a:79:b1:a0:3c:da:05:fa:a1:5f:22:0f:80:22:00:cd:8d:46:
5b:1c:0e:e3:55:fc:26:83:4f:ea:8f:73:a9:59:64:78:1e:95:
31:6e:8a:f7:ea:c5:11:bb:28:40:a8:e8:aa:03:38:19:92:4f:
e1:4c:5a:2a:56:58:0d:44:85:26:e6:0a:d5:9d:60:73:bd:27:
bb:e6:46:7b:0a:b1:be:5c:03:3d:fa:e9:0c:26:3f:b3:78:b4:
6c:84:83:ad:cc:9a:3b:18:04:9d:37:79:79:f5:e2:35:eb:bc:
d2:8b:f9:61:4d:ad:2b:04:e7:10:a8:f6:3d:53:e1:cb:0b:9e:
39:f0:d8:2c
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYPYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTYx
NTQwMjdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDhDRkM1NTYzM0VDRDA0
MkE4OUExNDBBOTFDNzVBNjRERjQ5OTBCQ0MwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDhXYLkrTbBobO0v6rjsl8XMcxG7fvfFLjULeDHmcUJ2wh7jQXo
BGaz5t52ftWP2PwAKXBbhdQvC2hvgtYTA2CpSskCQ6cm7h8umxHyyn1nRqYsw5W3
yaZLiyy9MkvDHkRGpCo/1adM4HH8S8hbceLcOE9eh9PreZjHa0UxMXmJuQd/VzAo
QptnV4X4+wiY9EChdJV+faA+9SOsQoEpJ3lt3WAvPmEr6RKEPUH+VGbOAKoW8bDn
wVgAhfATWBtISwPOvU/VwSLbq3SOZ+NwxPCwd7ONHpVtxQ6XqJU7OD9JkN2oS63r
3grZZrqGC9DpgvEP23vIIC/qY0Ow7/unc5uVAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUjPxVYz7NBCqJoUCpHHWmTfSZC8wwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2pQeFZZejdOQkNxSm9V
Q3BISFdtVGZTWkM4dy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCKtEY7
Z/gOCbSFagyptAv3P2sV++4BBz6XcvuinHRIYOeTDTj/VJJ+Ck48zZIgbMVmJNLB
lUUOQXEO1TS0TuCext2kppGtLM2ynlpngB67aiaabH5dvJqjUsOYpYYtgGucuJWJ
paou27VirMPM0tsonwPTImC53E4DaptIbeg6ebGgPNoF+qFfIg+AIgDNjUZbHA7j
Vfwmg0/qj3OpWWR4HpUxbor36sURuyhAqOiqAzgZkk/hTFoqVlgNRIUm5grVnWBz
vSe75kZ7CrG+XAM9+ukMJj+zeLRshIOtzJo7GASdN3l59eI167zSi/lhTa0rBOcQ
qPY9U+HLC5458Ngs
-----END CERTIFICATE-----
Generated at Sun May 18 03:49:42 2025 by rpki-client