Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/qiZvQfDLZGpYn0hJn_gTIwa1aew.roa
File: qiZvQfDLZGpYn0hJn_gTIwa1aew.roa (raw, json)
Hash identifier: HuzbEtTKA3GDAKWlnETL13ZGcpI7lUJv5vWsyxlddb0=
Subject key identifier: AA:26:6F:41:F0:CB:64:6A:58:9F:48:49:9F:F8:13:23:06:B5:69:EC
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 68D8
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qiZvQfDLZGpYn0hJn_gTIwa1aew.roa
Signing time: Fri 06 Jun 2025 16:11:50 +0000
ROA not before: Fri 06 Jun 2025 16:11:50 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26840 (0x68d8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 6 16:11:50 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=AA266F41F0CB646A589F48499FF8132306B569EC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:9e:8a:c8:c3:88:b4:62:c9:f6:13:d8:9a:34:
c4:f3:e8:77:8b:f3:16:15:b4:fe:30:85:94:b6:9c:
4f:22:1e:69:08:4a:2b:56:68:92:82:e3:65:52:e3:
db:44:a8:47:80:84:e1:7e:ac:42:94:66:74:21:21:
7a:11:db:01:b9:a1:02:54:45:50:69:68:89:9e:79:
9b:10:64:29:98:61:aa:7b:cd:f7:a7:c2:0a:a9:c4:
6c:85:a0:11:aa:4d:14:64:1f:ab:06:93:bc:14:dd:
ae:73:77:c3:72:91:17:af:cd:79:4e:80:22:d2:4e:
7d:e2:02:86:db:db:f8:b2:39:74:a5:1d:e2:5d:e5:
08:f1:bf:1d:ad:c8:10:ad:ec:18:f3:9a:a5:28:56:
f1:9d:56:24:f6:79:ab:52:82:75:9e:c7:62:34:9e:
65:0f:e2:5f:95:15:f8:69:06:2e:22:40:e6:39:f6:
a6:af:6a:07:6e:c6:1a:86:86:77:c9:36:01:a9:14:
55:be:56:ff:20:d2:e5:ed:58:91:e3:cc:bd:2b:c2:
04:b5:48:72:3f:26:d1:17:4a:fd:8b:7d:fc:e1:8e:
e1:d9:07:6e:74:ee:f0:df:19:78:9e:c6:ff:59:3a:
58:44:25:14:99:03:23:f0:f5:7f:cb:d2:61:9e:84:
e4:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:26:6F:41:F0:CB:64:6A:58:9F:48:49:9F:F8:13:23:06:B5:69:EC
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qiZvQfDLZGpYn0hJn_gTIwa1aew.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
34:22:00:48:27:cf:b5:49:07:c9:f9:ac:f0:db:5a:be:78:ce:
87:1b:91:3b:c3:9a:4b:f7:b1:5d:d3:40:54:c0:e3:d6:af:f1:
cf:56:7c:db:b8:19:d6:f0:c9:3d:1e:4a:7a:aa:9b:04:1f:a4:
b5:a2:32:55:0d:d8:07:d3:0b:82:66:77:f7:82:e2:55:c3:8a:
aa:9a:a9:c1:1f:08:2f:9e:59:9e:d2:da:7e:e6:8c:61:59:4c:
da:1b:4e:f1:0b:12:2f:9d:48:54:b9:13:6b:a2:0f:4b:ba:3a:
90:2f:34:3f:92:c1:2b:97:37:6e:0a:12:a0:0d:f9:0e:6d:de:
fa:bd:a0:cc:d8:32:2b:77:ef:36:7d:3a:c3:3a:30:5e:44:80:
bc:84:38:ce:16:e4:0a:fa:c7:ef:0e:c1:e8:df:57:7d:02:46:
04:9d:0c:7b:08:6a:f7:bb:14:27:a8:26:e3:47:6f:6c:1f:87:
fe:b3:1a:7f:42:23:e9:71:a6:84:5b:db:9e:94:ba:f8:e9:25:
d2:bd:df:53:57:df:97:70:2b:08:6c:72:bb:34:8b:68:82:33:
fa:78:b2:e6:b6:7a:ba:d0:26:60:70:4c:ef:7f:8d:07:ab:ba:
48:cc:13:de:f9:e2:4c:20:18:48:99:9a:85:a4:81:05:73:01:
6d:97:3c:8b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICaNgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDYx
NjExNTBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEFBMjY2RjQxRjBDQjY0
NkE1ODlGNDg0OTlGRjgxMzIzMDZCNTY5RUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDnnorIw4i0Ysn2E9iaNMTz6HeL8xYVtP4whZS2nE8iHmkISitW
aJKC42VS49tEqEeAhOF+rEKUZnQhIXoR2wG5oQJURVBpaImeeZsQZCmYYap7zfen
wgqpxGyFoBGqTRRkH6sGk7wU3a5zd8NykRevzXlOgCLSTn3iAobb2/iyOXSlHeJd
5Qjxvx2tyBCt7BjzmqUoVvGdViT2eatSgnWex2I0nmUP4l+VFfhpBi4iQOY59qav
agduxhqGhnfJNgGpFFW+Vv8g0uXtWJHjzL0rwgS1SHI/JtEXSv2LffzhjuHZB250
7vDfGXiexv9ZOlhEJRSZAyPw9X/L0mGehORXAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUqiZvQfDLZGpYn0hJn/gTIwa1aewwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3FpWnZRZkRMWkdwWW4w
aEpuX2dUSXdhMWFldy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA0IgBI
J8+1SQfJ+azw21q+eM6HG5E7w5pL97Fd00BUwOPWr/HPVnzbuBnW8Mk9Hkp6qpsE
H6S1ojJVDdgH0wuCZnf3guJVw4qqmqnBHwgvnlme0tp+5oxhWUzaG07xCxIvnUhU
uRNrog9LujqQLzQ/ksErlzduChKgDfkObd76vaDM2DIrd+82fTrDOjBeRIC8hDjO
FuQK+sfvDsHo31d9AkYEnQx7CGr3uxQnqCbjR29sH4f+sxp/QiPpcaaEW9uelLr4
6SXSvd9TV9+XcCsIbHK7NItogjP6eLLmtnq60CZgcEzvf40Hq7pIzBPe+eJMIBhI
mZqFpIEFcwFtlzyL
-----END CERTIFICATE-----
Generated at Sat Jun 21 13:13:20 2025 by rpki-client