Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/QLxFen8Gt4BKVYiSH6PEUZrHe_Q.roa
File: QLxFen8Gt4BKVYiSH6PEUZrHe_Q.roa (raw, json)
Hash identifier: kcCx5MaD2zm+JomNCywcDWXKKc1RyC3IKaiSmXrLNlM=
Subject key identifier: 40:BC:45:7A:7F:06:B7:80:4A:55:88:92:1F:A3:C4:51:9A:C7:7B:F4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 69B2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/QLxFen8Gt4BKVYiSH6PEUZrHe_Q.roa
Signing time: Sun 08 Jun 2025 22:42:06 +0000
ROA not before: Sun 08 Jun 2025 22:42:06 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27058 (0x69b2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 8 22:42:06 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=40BC457A7F06B7804A5588921FA3C4519AC77BF4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:0a:44:25:6c:69:80:32:6f:35:54:a8:a8:23:
09:a8:e6:da:8b:c1:1b:2c:2a:e6:9f:26:64:cd:c3:
1d:f3:2b:b3:89:fd:54:80:56:26:a4:19:74:fd:6e:
87:2c:e9:79:f5:ac:7a:99:85:08:4e:fd:92:25:87:
cf:f0:37:81:f4:7c:9c:f9:ed:0a:13:7f:20:b1:65:
48:19:b0:62:69:ea:d9:e2:4e:6d:88:d3:ea:6c:62:
91:d7:49:75:00:af:aa:f5:2d:74:5c:91:9b:6f:cb:
2f:77:33:2f:2c:cd:11:09:3d:32:29:1d:ea:47:53:
1a:75:04:61:3a:72:a5:ce:c6:27:9d:25:14:a6:84:
d8:4b:56:8a:5e:ee:4b:d9:9f:e1:63:f9:79:0c:ef:
f9:c6:ea:ae:f8:d9:02:5e:99:06:c8:65:70:72:b0:
3e:f8:3e:e8:2a:b6:16:69:db:ad:0a:6c:09:85:01:
1d:80:4b:96:cd:67:43:9e:83:d7:ca:f6:8a:c6:a6:
db:10:56:b1:a1:6c:3f:a0:ab:f6:72:ab:d6:8b:56:
fb:59:0c:de:a6:c1:63:35:a7:7f:ab:11:c2:ce:c7:
49:d5:09:0e:94:a0:1f:ac:ed:66:c3:4c:ff:13:98:
a5:fd:c0:1b:44:be:1e:32:dd:c0:84:da:fd:f7:9e:
98:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:BC:45:7A:7F:06:B7:80:4A:55:88:92:1F:A3:C4:51:9A:C7:7B:F4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/QLxFen8Gt4BKVYiSH6PEUZrHe_Q.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
ba:d6:ad:13:68:fb:2f:87:ca:8c:bb:bb:e3:f6:43:0b:0e:e3:
f8:06:26:ff:7c:fe:af:6e:4a:0b:e9:66:86:30:6a:e6:53:86:
f1:fa:07:dd:ea:8e:67:bd:65:fb:85:a2:88:cb:d1:43:4d:bd:
07:6d:a5:07:e7:66:e2:b5:21:c3:76:9e:53:55:a3:55:b1:ef:
31:da:95:fa:56:00:c9:dc:6f:78:70:a8:43:cc:ff:7a:34:88:
86:35:66:f5:fd:11:a3:c1:96:e2:b8:e1:f1:01:2f:00:76:54:
f4:15:1e:b9:4c:92:32:15:06:7d:e4:3d:90:80:25:5b:6f:12:
29:15:62:3a:5f:e0:32:9f:47:b7:a0:68:9e:d1:ef:e0:3a:c6:
fe:b4:da:90:37:f8:5b:7b:59:c8:80:54:5d:cb:e3:1f:d5:6b:
86:3a:0e:48:73:cd:66:5f:3e:20:cd:a6:98:34:dd:d7:f9:cd:
d5:52:a3:20:39:0c:4f:d8:1f:ff:c4:8e:cc:bd:11:e6:7d:d4:
70:4b:1e:e0:c4:14:f8:3d:6e:41:c3:53:a5:29:b7:e5:38:ce:
ac:c9:22:f0:d0:63:df:ac:95:00:40:0b:a3:b5:c4:61:ea:8e:
ef:b4:cc:2e:65:0a:91:56:a2:fb:0f:5b:34:54:4b:d4:d7:52:
82:29:d3:2d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICabIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDgy
MjQyMDZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDQwQkM0NTdBN0YwNkI3
ODA0QTU1ODg5MjFGQTNDNDUxOUFDNzdCRjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJCkQlbGmAMm81VKioIwmo5tqLwRssKuafJmTNwx3zK7OJ/VSA
ViakGXT9bocs6Xn1rHqZhQhO/ZIlh8/wN4H0fJz57QoTfyCxZUgZsGJp6tniTm2I
0+psYpHXSXUAr6r1LXRckZtvyy93My8szREJPTIpHepHUxp1BGE6cqXOxiedJRSm
hNhLVope7kvZn+Fj+XkM7/nG6q742QJemQbIZXBysD74PugqthZp260KbAmFAR2A
S5bNZ0Oeg9fK9orGptsQVrGhbD+gq/Zyq9aLVvtZDN6mwWM1p3+rEcLOx0nVCQ6U
oB+s7WbDTP8TmKX9wBtEvh4y3cCE2v33npgFAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUQLxFen8Gt4BKVYiSH6PEUZrHe/QwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1FMeEZlbjhHdDRCS1ZZ
aVNINlBFVVpySGVfUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQC61q0T
aPsvh8qMu7vj9kMLDuP4Bib/fP6vbkoL6WaGMGrmU4bx+gfd6o5nvWX7haKIy9FD
Tb0HbaUH52bitSHDdp5TVaNVse8x2pX6VgDJ3G94cKhDzP96NIiGNWb1/RGjwZbi
uOHxAS8AdlT0FR65TJIyFQZ95D2QgCVbbxIpFWI6X+Ayn0e3oGie0e/gOsb+tNqQ
N/hbe1nIgFRdy+Mf1WuGOg5Ic81mXz4gzaaYNN3X+c3VUqMgOQxP2B//xI7MvRHm
fdRwSx7gxBT4PW5Bw1OlKbflOM6sySLw0GPfrJUAQAujtcRh6o7vtMwuZQqRVqL7
D1s0VEvU11KCKdMt
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:52:45 2025 by rpki-client