Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/jkP5W57fXVFSm13W2xS4FMkJblA.roa
File: jkP5W57fXVFSm13W2xS4FMkJblA.roa (raw, json)
Hash identifier: 6Nw27yB3xI2HHXNJ4fCXHgmZ7v0io3TlOuo4LjmKNVo=
Subject key identifier: 8E:43:F9:5B:9E:DF:5D:51:52:9B:5D:D6:DB:14:B8:14:C9:09:6E:50
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7386
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jkP5W57fXVFSm13W2xS4FMkJblA.roa
Signing time: Sat 05 Jul 2025 09:15:08 +0000
ROA not before: Sat 05 Jul 2025 09:15:08 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29574 (0x7386)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 5 09:15:08 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=8E43F95B9EDF5D51529B5DD6DB14B814C9096E50
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:e4:f6:39:2f:5a:38:41:90:65:b3:30:3b:f0:
cf:d2:99:ab:40:14:71:1b:04:a5:c5:11:78:dd:d7:
64:6a:84:de:60:0d:99:3b:5d:d6:7f:ff:30:a6:1b:
24:92:30:ea:d3:28:cf:63:f3:e2:32:52:f6:60:d9:
7a:0b:e4:c7:e2:f8:88:fb:1b:f1:c8:93:06:65:82:
a1:36:85:ad:a5:9e:c5:8c:57:27:25:71:1c:13:e0:
7f:9b:6b:5e:25:ee:3b:81:3e:67:c3:59:0a:4a:c8:
48:d2:d8:60:88:d4:83:2f:07:a8:5a:39:39:74:93:
bd:bd:73:0d:0d:d1:91:1f:ea:eb:96:4b:46:3b:1b:
ef:a8:4d:ab:30:05:05:7f:80:52:db:3d:b1:d0:18:
37:0a:aa:48:93:77:f9:b3:52:00:72:00:9b:9b:30:
7a:3e:4a:95:7f:5c:d2:18:98:95:6b:f5:9f:56:d0:
f0:12:f5:dd:95:54:84:c6:36:b7:6a:7c:b5:6b:0d:
b9:47:7e:fe:a0:19:8d:3e:e7:c9:6a:68:c3:61:33:
f7:a7:ae:3b:9b:f7:c8:2a:ea:b6:45:7c:37:89:12:
98:13:82:29:ae:af:49:7f:d6:80:57:9a:ce:99:10:
d4:10:c6:82:14:84:1a:51:b3:4e:b4:ae:e3:ae:cc:
cc:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8E:43:F9:5B:9E:DF:5D:51:52:9B:5D:D6:DB:14:B8:14:C9:09:6E:50
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jkP5W57fXVFSm13W2xS4FMkJblA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
83:5e:1b:aa:e1:2e:8e:ad:4e:02:c9:c5:fb:bf:f7:32:04:e6:
c3:55:4d:bb:ea:93:fb:3d:05:05:e5:e2:5e:91:16:f8:24:04:
03:fb:74:03:54:3b:c7:08:39:fd:b6:02:97:bf:0f:2e:74:6e:
ef:f3:bf:73:0f:9a:49:29:6b:57:1d:25:77:bf:53:ec:21:d1:
20:13:25:eb:00:e8:5a:af:a4:1d:39:d4:69:23:53:77:d4:05:
d5:e6:15:2c:ee:e1:51:fe:29:06:20:16:ae:ff:97:6e:d7:3b:
ac:fa:21:4d:88:88:51:64:1d:88:d2:6a:db:35:c1:d2:dc:d3:
16:0d:95:64:c6:7c:c3:d4:1b:94:96:6c:dc:d0:72:bc:5c:26:
70:b7:29:17:02:b5:01:d1:58:8e:0d:c0:b6:f6:4d:c3:5a:0e:
32:df:b6:4c:38:bf:cb:72:e7:59:7f:4f:18:c9:f0:05:63:d5:
7d:cf:ff:bc:e3:75:78:49:c2:93:b0:12:86:aa:00:e8:41:fe:
ea:e7:ba:42:c6:32:c1:62:2c:2f:dc:1d:5c:f4:4b:c3:b1:2f:
1b:a9:63:66:e8:21:51:9a:31:d7:93:7d:c2:b6:80:de:5e:28:
06:66:5e:78:38:44:69:16:7c:07:2b:be:84:87:3b:db:fa:7d:
2b:6d:a8:ca
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICc4YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDUw
OTE1MDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDhFNDNGOTVCOUVERjVE
NTE1MjlCNURENkRCMTRCODE0QzkwOTZFNTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/5PY5L1o4QZBlszA78M/SmatAFHEbBKXFEXjd12RqhN5gDZk7
XdZ//zCmGySSMOrTKM9j8+IyUvZg2XoL5Mfi+Ij7G/HIkwZlgqE2ha2lnsWMVycl
cRwT4H+ba14l7juBPmfDWQpKyEjS2GCI1IMvB6haOTl0k729cw0N0ZEf6uuWS0Y7
G++oTaswBQV/gFLbPbHQGDcKqkiTd/mzUgByAJubMHo+SpV/XNIYmJVr9Z9W0PAS
9d2VVITGNrdqfLVrDblHfv6gGY0+58lqaMNhM/enrjub98gq6rZFfDeJEpgTgimu
r0l/1oBXms6ZENQQxoIUhBpRs060ruOuzMx/AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUjkP5W57fXVFSm13W2xS4FMkJblAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2prUDVXNTdmWFZGU20x
M1cyeFM0Rk1rSmJsQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCDXhuq
4S6OrU4CycX7v/cyBObDVU276pP7PQUF5eJekRb4JAQD+3QDVDvHCDn9tgKXvw8u
dG7v879zD5pJKWtXHSV3v1PsIdEgEyXrAOhar6QdOdRpI1N31AXV5hUs7uFR/ikG
IBau/5du1zus+iFNiIhRZB2I0mrbNcHS3NMWDZVkxnzD1BuUlmzc0HK8XCZwtykX
ArUB0ViODcC29k3DWg4y37ZMOL/LcudZf08YyfAFY9V9z/+843V4ScKTsBKGqgDo
Qf7q57pCxjLBYiwv3B1c9EvDsS8bqWNm6CFRmjHXk33CtoDeXigGZl54OERpFnwH
K76Ehzvb+n0rbajK
-----END CERTIFICATE-----
Generated at Sat Jul 5 15:04:39 2025 by rpki-client