Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/qS5JOhG1J5FD5v7Y4L13yTtlfFY.roa
File: qS5JOhG1J5FD5v7Y4L13yTtlfFY.roa (raw, json)
Hash identifier: RGr32mcBB3+Ie/BnfK5Co5icFYO6A5DeEmRILjmRGTE=
Subject key identifier: A9:2E:49:3A:11:B5:27:91:43:E6:FE:D8:E0:BD:77:C9:3B:65:7C:56
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6128
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qS5JOhG1J5FD5v7Y4L13yTtlfFY.roa
Signing time: Sat 17 May 2025 04:10:34 +0000
ROA not before: Sat 17 May 2025 04:10:34 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24872 (0x6128)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 17 04:10:34 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=A92E493A11B5279143E6FED8E0BD77C93B657C56
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:74:5c:07:9f:ac:5e:e0:f1:35:0e:51:fe:70:
b2:27:2d:6e:9c:e5:e9:06:e7:e6:bf:fb:ef:6c:73:
23:32:d2:16:cc:58:d4:9d:e1:d0:85:fa:b4:7e:3a:
17:66:0e:3c:b7:fa:7f:77:e1:ae:dc:16:a9:42:b8:
f9:1d:e6:5e:46:77:90:62:8a:36:2e:af:93:6c:c5:
f6:53:7a:d0:40:4b:28:98:d9:10:bf:28:03:09:f7:
86:6b:33:de:f5:17:e4:05:e3:a8:e9:21:46:27:44:
05:a7:09:ea:e0:56:4b:7b:6f:00:63:3f:fb:33:10:
45:32:38:c6:49:be:61:7e:6e:61:f8:9d:11:ed:d0:
56:be:11:8c:d1:36:0a:f6:7d:af:08:a4:d2:68:50:
29:a2:c0:a1:45:39:61:fd:cf:81:c3:c9:97:a8:f9:
83:b9:85:b4:d3:99:be:6a:ec:a0:15:23:8b:6e:c4:
4b:46:fe:4b:b2:e7:f7:c1:6f:97:03:17:44:9d:24:
b1:38:eb:3a:04:67:ee:3a:db:97:30:a5:a9:1a:b1:
75:4a:24:ab:de:01:a7:e3:57:b3:9c:fc:7a:1e:a6:
21:dd:47:f3:62:a8:62:c6:bf:ac:b0:8a:b7:c9:46:
6a:00:c4:57:7a:19:ac:8b:4a:c8:b1:77:e8:4d:d4:
e7:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:2E:49:3A:11:B5:27:91:43:E6:FE:D8:E0:BD:77:C9:3B:65:7C:56
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qS5JOhG1J5FD5v7Y4L13yTtlfFY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
79:92:77:f8:74:86:fb:7d:6e:51:cf:19:0a:25:b3:fd:b5:59:
5e:e3:91:eb:34:97:4b:cd:fb:7f:64:6c:74:36:ef:89:81:35:
9c:17:58:eb:8c:e3:89:43:cc:33:fc:93:6b:7e:5b:db:ca:fb:
db:f1:db:d7:35:dd:aa:32:d6:c3:33:6a:e2:9d:61:85:b3:d8:
56:c4:79:40:94:64:25:ae:e0:79:58:b2:ea:8b:8d:3b:25:77:
90:ed:57:45:b5:3e:50:26:af:34:74:06:65:d8:8d:0d:c7:23:
a5:28:ff:93:a8:31:9e:ec:51:05:07:ef:f4:f0:e6:ce:55:37:
64:45:8e:f2:e0:5c:65:b0:35:eb:cb:a0:94:0e:d6:81:80:32:
47:b5:f2:9a:26:1c:44:8b:b1:a3:e8:4c:c0:a9:f2:8a:c7:76:
45:c8:4f:cf:ad:d5:42:51:20:12:92:18:d2:42:a1:0f:84:75:
e1:6d:9a:bd:39:db:26:5b:87:f2:a9:5f:3b:b6:ac:a2:20:6e:
be:25:97:59:35:90:26:4e:4c:60:c7:4c:38:91:d4:db:e4:d5:
14:e4:40:1f:77:32:ec:c8:1a:84:01:7f:dd:16:17:29:e2:cc:
1e:ba:69:88:77:11:50:51:d1:10:ae:02:a1:0d:07:de:14:03:
71:98:83:13
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYSgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTcw
NDEwMzRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEE5MkU0OTNBMTFCNTI3
OTE0M0U2RkVEOEUwQkQ3N0M5M0I2NTdDNTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDXdFwHn6xe4PE1DlH+cLInLW6c5ekG5+a/++9scyMy0hbMWNSd
4dCF+rR+OhdmDjy3+n934a7cFqlCuPkd5l5Gd5BiijYur5NsxfZTetBASyiY2RC/
KAMJ94ZrM971F+QF46jpIUYnRAWnCergVkt7bwBjP/szEEUyOMZJvmF+bmH4nRHt
0Fa+EYzRNgr2fa8IpNJoUCmiwKFFOWH9z4HDyZeo+YO5hbTTmb5q7KAVI4tuxEtG
/kuy5/fBb5cDF0SdJLE46zoEZ+4625cwpakasXVKJKveAafjV7Oc/HoepiHdR/Ni
qGLGv6ywirfJRmoAxFd6GayLSsixd+hN1OdlAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUqS5JOhG1J5FD5v7Y4L13yTtlfFYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3FTNUpPaEcxSjVGRDV2
N1k0TDEzeVR0bGZGWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB5knf4
dIb7fW5RzxkKJbP9tVle45HrNJdLzft/ZGx0Nu+JgTWcF1jrjOOJQ8wz/JNrflvb
yvvb8dvXNd2qMtbDM2rinWGFs9hWxHlAlGQlruB5WLLqi407JXeQ7VdFtT5QJq80
dAZl2I0NxyOlKP+TqDGe7FEFB+/08ObOVTdkRY7y4FxlsDXry6CUDtaBgDJHtfKa
JhxEi7Gj6EzAqfKKx3ZFyE/PrdVCUSASkhjSQqEPhHXhbZq9OdsmW4fyqV87tqyi
IG6+JZdZNZAmTkxgx0w4kdTb5NUU5EAfdzLsyBqEAX/dFhcp4sweummIdxFQUdEQ
rgKhDQfeFANxmIMT
-----END CERTIFICATE-----
Generated at Sat Jun 21 08:50:59 2025 by rpki-client