Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/jaJiDr5q4bqXk6TZFokbO8TJz50.roa
File: jaJiDr5q4bqXk6TZFokbO8TJz50.roa (raw, json)
Hash identifier: WioNFZ5OGCg1YX94wHMk0gITzTHQFMvzd8UQGt5Zga0=
Subject key identifier: 8D:A2:62:0E:BE:6A:E1:BA:97:93:A4:D9:16:89:1B:3B:C4:C9:CF:9D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 605E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jaJiDr5q4bqXk6TZFokbO8TJz50.roa
Signing time: Thu 15 May 2025 01:42:51 +0000
ROA not before: Thu 15 May 2025 01:42:51 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24670 (0x605e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 15 01:42:51 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=8DA2620EBE6AE1BA9793A4D916891B3BC4C9CF9D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:dc:ac:e8:e5:22:86:59:c0:10:d0:8f:58:0f:
34:81:79:11:6c:ce:45:68:b9:c9:35:08:e0:50:f1:
82:4d:83:51:5f:a4:10:85:a9:e7:30:59:e2:8e:53:
63:0c:11:2d:e6:92:a5:fa:2f:83:c7:3b:0b:64:b7:
88:b6:e7:8f:f0:58:fd:70:c9:b2:c8:e2:39:c7:63:
de:dd:ee:b1:8b:36:9a:cb:0e:d9:78:75:83:04:4a:
f2:ad:bd:d1:32:2e:e0:47:8a:8d:7c:3e:0b:a8:3e:
b8:55:52:60:89:fa:7e:cc:59:be:41:cc:c1:24:09:
fe:18:94:db:26:c9:5f:11:ec:39:55:f0:ae:b6:04:
ab:22:71:21:3d:e6:71:03:b0:4e:24:7f:05:9c:c9:
77:f5:89:52:04:14:ae:fb:8a:df:40:21:c7:cf:3f:
3e:b1:db:03:f4:ca:1a:d7:84:0a:4c:0a:3d:7c:47:
19:d4:5c:7e:c8:14:9b:f3:6f:31:21:a5:4c:b1:ff:
7f:e9:ea:d8:7e:49:d0:94:50:3a:c4:42:f5:94:a1:
d6:9a:0a:e0:3d:1e:bf:6a:38:9c:5d:52:f0:e6:da:
01:72:f4:29:10:dd:23:c4:00:db:2f:3f:a7:94:14:
e2:f1:51:eb:00:0b:9f:0e:44:97:a3:a0:c2:2f:da:
3b:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:A2:62:0E:BE:6A:E1:BA:97:93:A4:D9:16:89:1B:3B:C4:C9:CF:9D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jaJiDr5q4bqXk6TZFokbO8TJz50.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
7d:2a:20:f0:c5:27:25:28:ac:6c:ec:4c:b9:3c:d4:dd:bf:4b:
d7:ea:ba:c7:46:ca:6a:3b:7e:98:78:b3:70:74:24:e2:f5:f9:
85:90:91:a2:7d:8f:19:20:ea:11:b9:8d:9d:ea:8e:c3:26:c0:
1c:57:85:00:47:41:d6:2e:43:6a:ad:b0:85:23:fc:3b:19:71:
c7:96:4e:92:f2:c6:01:18:8b:ad:64:04:e9:09:72:74:57:4d:
51:53:37:8e:98:ec:fc:a2:60:38:8a:21:ce:59:c9:db:33:bd:
48:f4:51:e2:23:c4:77:f1:44:b1:61:03:d9:c9:0f:d3:be:ab:
1b:9c:3c:30:4c:3d:7e:ac:f4:17:13:db:d3:3a:ea:2a:df:52:
ab:5b:3a:f5:65:22:a0:1b:68:b0:4e:39:54:70:93:66:be:46:
3d:91:11:7d:01:3c:af:bd:1c:37:a4:56:06:9c:81:4f:21:4a:
2a:63:71:8f:b7:f0:a1:c2:5e:3a:04:d5:0b:fe:00:c0:29:c7:
e9:4f:77:e3:a8:9b:cb:1e:19:28:fe:c6:dc:34:32:44:ff:1c:
2a:2a:a3:0f:7d:ad:1c:09:d8:cf:7c:73:8e:a6:41:d8:b0:fe:
81:11:f2:f3:e9:d3:d5:a8:ce:f0:28:0d:8b:5d:18:67:da:f7:
32:ab:5d:0c
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYF4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTUw
MTQyNTFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDhEQTI2MjBFQkU2QUUx
QkE5NzkzQTREOTE2ODkxQjNCQzRDOUNGOUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCn3Kzo5SKGWcAQ0I9YDzSBeRFszkVouck1COBQ8YJNg1FfpBCF
qecwWeKOU2MMES3mkqX6L4PHOwtkt4i254/wWP1wybLI4jnHY97d7rGLNprLDtl4
dYMESvKtvdEyLuBHio18PguoPrhVUmCJ+n7MWb5BzMEkCf4YlNsmyV8R7DlV8K62
BKsicSE95nEDsE4kfwWcyXf1iVIEFK77it9AIcfPPz6x2wP0yhrXhApMCj18RxnU
XH7IFJvzbzEhpUyx/3/p6th+SdCUUDrEQvWUodaaCuA9Hr9qOJxdUvDm2gFy9CkQ
3SPEANsvP6eUFOLxUesAC58ORJejoMIv2jvvAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUjaJiDr5q4bqXk6TZFokbO8TJz50wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2phSmlEcjVxNGJxWGs2
VFpGb2tiTzhUSno1MC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB9KiDw
xSclKKxs7Ey5PNTdv0vX6rrHRspqO36YeLNwdCTi9fmFkJGifY8ZIOoRuY2d6o7D
JsAcV4UAR0HWLkNqrbCFI/w7GXHHlk6S8sYBGIutZATpCXJ0V01RUzeOmOz8omA4
iiHOWcnbM71I9FHiI8R38USxYQPZyQ/TvqsbnDwwTD1+rPQXE9vTOuoq31KrWzr1
ZSKgG2iwTjlUcJNmvkY9kRF9ATyvvRw3pFYGnIFPIUoqY3GPt/Chwl46BNUL/gDA
KcfpT3fjqJvLHhko/sbcNDJE/xwqKqMPfa0cCdjPfHOOpkHYsP6BEfLz6dPVqM7w
KA2LXRhn2vcyq10M
-----END CERTIFICATE-----
Generated at Mon May 19 03:51:03 2025 by rpki-client