Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/tQYl9-Wr7VnM_rSTSGXRhWI4k64.roa
File: tQYl9-Wr7VnM_rSTSGXRhWI4k64.roa (raw, json)
Hash identifier: T5qqywTwNx7RP1bS0nmlPZKrgVl2wGxdHymMJ1AlThI=
Subject key identifier: B5:06:25:F7:E5:AB:ED:59:CC:FE:B4:93:48:65:D1:85:62:38:93:AE
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6682
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tQYl9-Wr7VnM_rSTSGXRhWI4k64.roa
Signing time: Sat 31 May 2025 10:41:33 +0000
ROA not before: Sat 31 May 2025 10:41:33 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26242 (0x6682)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 31 10:41:33 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B50625F7E5ABED59CCFEB4934865D185623893AE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:0a:b0:66:99:5a:7f:53:e7:e7:37:cb:98:e6:
d8:87:f3:77:5f:f7:84:fd:c6:be:2b:57:16:44:a3:
ac:d5:0c:57:80:15:cb:f8:f7:dd:f7:7c:7c:17:23:
b8:e9:49:61:d2:51:ed:b1:0e:26:9a:b8:68:11:3c:
8a:bd:4d:7a:1d:e8:db:05:52:91:48:c4:9e:4c:12:
64:4e:80:10:2b:b5:e0:7f:80:e3:3b:48:26:76:bf:
5b:8d:76:45:94:2f:ae:b3:5c:65:e8:1c:9d:96:04:
a8:57:df:4d:1f:c5:1c:08:af:72:0f:b4:51:ce:d8:
a2:05:c1:28:e9:3c:ae:ce:1c:53:cf:13:98:53:9e:
5a:5c:e9:f2:b1:ad:7d:38:02:f9:8c:cb:69:77:98:
f0:35:0a:7c:41:b5:5d:03:bd:15:fb:fa:11:fc:c1:
d2:08:95:dc:18:fc:a3:7b:bc:9d:e8:a3:34:89:a3:
7f:60:e6:f8:e4:09:e6:ac:eb:ab:b8:30:ae:3d:7c:
42:9d:dd:33:22:91:33:b7:11:36:76:18:06:fb:27:
e2:27:bb:7f:b9:fd:22:d5:e0:7d:1b:5b:4b:4a:0d:
b7:a1:d6:7f:94:7d:6a:f5:30:ac:f5:48:08:6f:39:
6a:cd:02:3f:8c:d1:99:7e:0d:2a:63:29:29:99:52:
24:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:06:25:F7:E5:AB:ED:59:CC:FE:B4:93:48:65:D1:85:62:38:93:AE
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/tQYl9-Wr7VnM_rSTSGXRhWI4k64.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
61:4d:84:00:5a:be:b9:e2:22:ff:bd:bf:84:47:e8:96:9e:63:
a9:4d:25:d0:0e:f1:c1:8d:95:16:d2:66:00:4b:cc:f9:98:2c:
f2:a0:02:fd:66:16:ee:70:6f:a0:b2:d2:58:49:c4:3f:23:86:
d6:f9:18:63:58:0b:a7:65:cd:2c:6f:1f:bd:3b:89:1f:cf:68:
eb:e7:9b:b6:0e:b9:88:77:66:51:c8:d2:4f:c5:b7:78:71:36:
ef:e7:76:6c:c3:7c:07:ac:8c:ea:07:83:cb:0d:77:ce:c0:02:
f6:f1:f9:69:78:2f:4e:0e:e4:07:01:f1:92:f9:16:91:6e:f4:
b3:4a:4d:30:e2:9f:07:ef:c1:75:34:26:1d:e9:a9:72:c9:07:
f9:f5:5b:9a:45:d3:90:03:b1:26:71:0e:76:d4:4c:13:d1:13:
15:88:e7:cc:8d:0f:37:62:13:25:2d:46:94:3f:36:d0:c4:71:
e0:17:7e:9b:75:25:b1:a7:b7:89:ee:8d:2a:74:46:65:1b:9a:
4a:00:a5:6f:66:a9:89:02:fa:6d:ee:06:ae:d1:83:d4:2e:47:
28:7a:a4:a7:9d:f8:97:4f:52:3f:ed:c4:cf:28:ce:fc:b7:0a:
7b:5a:55:ec:62:93:f2:69:4f:e6:e1:d5:e7:f2:35:18:a1:b8:
a0:c1:0e:e2
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZoIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MzEx
MDQxMzNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEI1MDYyNUY3RTVBQkVE
NTlDQ0ZFQjQ5MzQ4NjVEMTg1NjIzODkzQUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDaCrBmmVp/U+fnN8uY5tiH83df94T9xr4rVxZEo6zVDFeAFcv4
9933fHwXI7jpSWHSUe2xDiaauGgRPIq9TXod6NsFUpFIxJ5MEmROgBArteB/gOM7
SCZ2v1uNdkWUL66zXGXoHJ2WBKhX300fxRwIr3IPtFHO2KIFwSjpPK7OHFPPE5hT
nlpc6fKxrX04AvmMy2l3mPA1CnxBtV0DvRX7+hH8wdIIldwY/KN7vJ3oozSJo39g
5vjkCeas66u4MK49fEKd3TMikTO3ETZ2GAb7J+Inu3+5/SLV4H0bW0tKDbeh1n+U
fWr1MKz1SAhvOWrNAj+M0Zl+DSpjKSmZUiT3AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUtQYl9+Wr7VnM/rSTSGXRhWI4k64wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3RRWWw5LVdyN1ZuTV9y
U1RTR1hSaFdJNGs2NC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBhTYQA
Wr654iL/vb+ER+iWnmOpTSXQDvHBjZUW0mYAS8z5mCzyoAL9ZhbucG+gstJYScQ/
I4bW+RhjWAunZc0sbx+9O4kfz2jr55u2DrmId2ZRyNJPxbd4cTbv53Zsw3wHrIzq
B4PLDXfOwAL28flpeC9ODuQHAfGS+RaRbvSzSk0w4p8H78F1NCYd6alyyQf59Vua
RdOQA7EmcQ521EwT0RMViOfMjQ83YhMlLUaUPzbQxHHgF36bdSWxp7eJ7o0qdEZl
G5pKAKVvZqmJAvpt7gau0YPULkcoeqSnnfiXT1I/7cTPKM78twp7WlXsYpPyaU/m
4dXn8jUYobigwQ7i
-----END CERTIFICATE-----
Generated at Sun Jun 22 01:51:00 2025 by rpki-client