Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Q2quYJ2dFX40x-8KxjO-p5IiKQw.roa
File: Q2quYJ2dFX40x-8KxjO-p5IiKQw.roa (raw, json)
Hash identifier: 7zHwIvTuB+86525VOmDkCSjGs6/6F1PfDv3IKvDSOLc=
Subject key identifier: 43:6A:AE:60:9D:9D:15:7E:34:C7:EF:0A:C6:33:BE:A7:92:22:29:0C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6980
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Q2quYJ2dFX40x-8KxjO-p5IiKQw.roa
Signing time: Sun 08 Jun 2025 10:11:56 +0000
ROA not before: Sun 08 Jun 2025 10:11:56 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27008 (0x6980)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 8 10:11:56 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=436AAE609D9D157E34C7EF0AC633BEA79222290C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:d9:94:ee:f9:78:65:50:f4:57:97:f8:4b:fd:
1b:93:e6:77:96:a5:ae:f8:d4:c4:3c:c1:27:01:f9:
0d:83:45:a6:b0:df:ea:c1:e6:1b:d2:6a:83:d2:b4:
d5:14:d1:dc:fb:4b:35:08:f8:1d:32:25:8e:e4:52:
7a:10:7b:fe:c6:dd:ec:58:91:17:01:d3:c4:e1:6d:
07:fb:66:3f:36:f4:9a:05:a9:c7:6e:dc:5e:43:25:
3a:e3:ca:9c:db:15:24:0f:44:35:c3:9e:dc:ac:a6:
6a:53:58:1f:aa:2d:14:80:eb:45:5f:08:35:5a:94:
00:a0:fc:06:24:2a:ad:d0:91:41:57:3a:fb:91:82:
33:2c:5d:e4:62:82:72:04:7a:7e:2f:03:2c:3f:18:
7a:7c:7c:80:e0:30:b3:44:6e:d0:9c:5d:74:06:9b:
ae:f9:35:15:ec:9b:b7:a3:09:f4:6e:89:21:05:fb:
ea:8c:3c:45:2e:e3:34:a0:8f:bd:72:d7:39:c5:2b:
2f:90:db:a3:f0:78:41:a3:39:53:3a:11:b1:e1:d3:
d6:f6:23:90:c3:b3:4c:72:96:65:a3:6f:a3:29:6c:
fd:20:41:23:14:50:87:fb:d8:01:4a:f1:89:3a:a8:
9d:e8:a9:8a:8a:78:fe:61:68:b5:3f:21:a7:8f:a4:
d6:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:6A:AE:60:9D:9D:15:7E:34:C7:EF:0A:C6:33:BE:A7:92:22:29:0C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Q2quYJ2dFX40x-8KxjO-p5IiKQw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
38:92:82:6d:c3:7b:8a:e1:6f:b9:73:15:b7:f6:56:ac:92:a7:
11:20:52:42:2f:6a:3f:ec:59:9c:d0:90:44:ab:38:64:b9:86:
c0:a6:85:60:0e:4e:fb:3a:95:9c:90:94:7b:f2:cb:da:b8:4f:
07:84:7f:9a:77:46:d0:fc:c5:4a:2d:4c:3c:59:3f:13:f5:bc:
31:ee:16:f9:2b:20:60:f5:e0:61:eb:20:79:86:8d:57:13:3c:
a7:62:bf:49:57:e5:56:24:63:c1:48:42:7f:92:7c:a2:0c:b4:
ac:69:00:80:cd:05:0b:ec:be:dd:5c:52:27:4c:7e:a3:59:ea:
a4:1a:ee:8b:6b:b9:14:d0:6b:6e:e5:e7:69:8a:bc:3c:10:ce:
16:0c:af:94:d9:a4:45:25:8f:0e:10:b7:e0:59:c0:e9:f5:c6:
49:c2:61:bf:76:aa:7b:97:4b:eb:4d:15:0d:c5:73:65:1e:df:
a4:56:8c:e4:40:53:3d:3f:2e:d8:8e:8a:8e:d4:4f:76:a2:cd:
c7:4f:68:58:06:75:09:a5:61:e4:85:82:9f:0b:00:31:24:ba:
aa:43:0d:dd:19:4a:df:a2:f5:dc:91:27:20:4d:33:4f:1a:b8:
48:b0:48:d1:10:32:de:35:eb:6b:60:d9:df:28:b8:f7:6b:74:
24:e2:9f:ea
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICaYAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDgx
MDExNTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDQzNkFBRTYwOUQ5RDE1
N0UzNEM3RUYwQUM2MzNCRUE3OTIyMjI5MEMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDL2ZTu+XhlUPRXl/hL/RuT5neWpa741MQ8wScB+Q2DRaaw3+rB
5hvSaoPStNUU0dz7SzUI+B0yJY7kUnoQe/7G3exYkRcB08ThbQf7Zj829JoFqcdu
3F5DJTrjypzbFSQPRDXDntyspmpTWB+qLRSA60VfCDValACg/AYkKq3QkUFXOvuR
gjMsXeRignIEen4vAyw/GHp8fIDgMLNEbtCcXXQGm675NRXsm7ejCfRuiSEF++qM
PEUu4zSgj71y1znFKy+Q26PweEGjOVM6EbHh09b2I5DDs0xylmWjb6MpbP0gQSMU
UIf72AFK8Yk6qJ3oqYqKeP5haLU/IaePpNZ5AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUQ2quYJ2dFX40x+8KxjO+p5IiKQwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1EycXVZSjJkRlg0MHgt
OEt4ak8tcDVJaUtRdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA4koJt
w3uK4W+5cxW39laskqcRIFJCL2o/7Fmc0JBEqzhkuYbApoVgDk77OpWckJR78sva
uE8HhH+ad0bQ/MVKLUw8WT8T9bwx7hb5KyBg9eBh6yB5ho1XEzynYr9JV+VWJGPB
SEJ/knyiDLSsaQCAzQUL7L7dXFInTH6jWeqkGu6La7kU0Gtu5edpirw8EM4WDK+U
2aRFJY8OELfgWcDp9cZJwmG/dqp7l0vrTRUNxXNlHt+kVozkQFM9Py7YjoqO1E92
os3HT2hYBnUJpWHkhYKfCwAxJLqqQw3dGUrfovXckScgTTNPGrhIsEjREDLeNetr
YNnfKLj3a3Qk4p/q
-----END CERTIFICATE-----
Generated at Sun Jun 22 01:13:11 2025 by rpki-client