Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/0QX5YT8_P3YoekwiNT6eEQOQ6EY.roa
File: 0QX5YT8_P3YoekwiNT6eEQOQ6EY.roa (raw, json)
Hash identifier: goLWIPZGD0Jw3932/zg1PZ6D7ftvcMwUPa82Nlh9UP8=
Subject key identifier: D1:05:F9:61:3F:3F:3F:76:28:7A:4C:22:35:3E:9E:11:03:90:E8:46
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 78AA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0QX5YT8_P3YoekwiNT6eEQOQ6EY.roa
Signing time: Sat 19 Jul 2025 02:42:10 +0000
ROA not before: Sat 19 Jul 2025 02:42:10 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30890 (0x78aa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 19 02:42:10 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=D105F9613F3F3F76287A4C22353E9E110390E846
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:b2:c2:0a:b1:ae:4c:96:61:97:25:da:18:7f:
16:28:27:31:8a:3d:d2:92:5a:e7:5b:8a:72:fe:08:
04:a9:d4:ca:9b:9b:29:1d:8d:40:4e:ab:c8:eb:b3:
2a:f9:c1:71:d1:b5:b2:95:dc:e3:d0:72:19:98:3e:
1c:d3:5d:92:97:1f:59:6a:71:7b:b8:ae:af:1e:84:
92:48:0d:a9:d8:04:54:31:68:99:99:39:55:f8:3d:
3f:56:f8:b3:b8:a8:f5:ee:57:62:98:03:96:d7:2f:
1c:fe:22:72:22:37:b0:1d:76:bb:b9:cd:ca:80:ee:
b5:8f:cf:83:15:18:1c:dc:64:08:9f:14:34:ac:01:
86:75:b0:29:38:57:80:14:19:eb:25:2a:f2:1a:87:
cb:52:74:ee:f5:1c:9c:42:d3:0b:a3:6e:05:6f:fa:
f1:2d:72:38:8e:63:1a:20:fb:aa:94:f5:7a:99:cf:
83:62:7a:04:88:89:7c:16:78:95:74:94:33:26:f2:
12:86:cb:01:20:b4:35:c7:84:6f:a4:49:c1:c9:fa:
41:12:d5:1a:82:68:e5:ca:13:23:c4:e2:3b:87:82:
6a:cb:94:a5:e1:d1:22:d2:96:25:1c:4c:b6:ef:47:
ea:51:3c:72:b8:22:04:f7:7f:44:2f:8e:82:13:90:
7b:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:05:F9:61:3F:3F:3F:76:28:7A:4C:22:35:3E:9E:11:03:90:E8:46
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0QX5YT8_P3YoekwiNT6eEQOQ6EY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
6d:01:ca:9b:07:70:0e:cd:fa:fd:d8:56:79:12:84:d7:b2:ca:
b2:97:12:f0:40:23:dc:ad:60:e0:35:bb:41:e3:62:b3:cf:9d:
55:06:0c:b7:03:a8:af:10:e6:d6:a3:ec:94:ac:6a:95:90:e8:
d7:61:60:ea:f5:f7:ea:b4:8b:16:a8:9c:d0:7d:ac:05:9c:54:
3f:04:1b:d5:ff:95:64:b5:f6:66:7c:45:de:14:66:48:80:81:
44:70:9e:b5:ab:91:18:e6:93:4f:aa:80:e8:96:5d:d0:15:d7:
50:b7:f4:b4:08:6d:d1:9a:12:26:83:a5:9e:13:6e:0c:70:70:
7e:14:4d:a3:c0:aa:56:f4:c0:4d:5c:7a:75:24:37:6f:45:0d:
cc:17:d3:48:c1:b4:e5:f4:35:3d:28:5d:b2:a1:75:66:75:d6:
a3:7a:9a:cb:0e:5d:00:32:9d:e9:12:a0:12:12:27:af:23:d6:
68:00:8f:31:d6:70:fd:ff:71:4b:cc:7c:60:42:1c:f9:91:c6:
08:d7:c2:b1:3c:0d:38:5a:20:96:de:de:ad:19:cf:39:10:df:
59:4e:b5:d4:47:48:94:12:7c:32:cd:84:35:de:71:67:92:09:
95:38:bc:42:0e:39:5d:fc:3a:8b:c0:0b:50:5f:25:7c:5f:b8:
4b:cc:16:31
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeKowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTkw
MjQyMTBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEQxMDVGOTYxM0YzRjNG
NzYyODdBNEMyMjM1M0U5RTExMDM5MEU4NDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9ssIKsa5MlmGXJdoYfxYoJzGKPdKSWudbinL+CASp1Mqbmykd
jUBOq8jrsyr5wXHRtbKV3OPQchmYPhzTXZKXH1lqcXu4rq8ehJJIDanYBFQxaJmZ
OVX4PT9W+LO4qPXuV2KYA5bXLxz+InIiN7Addru5zcqA7rWPz4MVGBzcZAifFDSs
AYZ1sCk4V4AUGeslKvIah8tSdO71HJxC0wujbgVv+vEtcjiOYxog+6qU9XqZz4Ni
egSIiXwWeJV0lDMm8hKGywEgtDXHhG+kScHJ+kES1RqCaOXKEyPE4juHgmrLlKXh
0SLSliUcTLbvR+pRPHK4IgT3f0QvjoITkHtdAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU0QX5YT8/P3YoekwiNT6eEQOQ6EYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzBRWDVZVDhfUDNZb2Vr
d2lOVDZlRVFPUTZFWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBtAcqb
B3AOzfr92FZ5EoTXssqylxLwQCPcrWDgNbtB42Kzz51VBgy3A6ivEObWo+yUrGqV
kOjXYWDq9ffqtIsWqJzQfawFnFQ/BBvV/5VktfZmfEXeFGZIgIFEcJ61q5EY5pNP
qoDoll3QFddQt/S0CG3RmhImg6WeE24McHB+FE2jwKpW9MBNXHp1JDdvRQ3MF9NI
wbTl9DU9KF2yoXVmddajeprLDl0AMp3pEqASEievI9ZoAI8x1nD9/3FLzHxgQhz5
kcYI18KxPA04WiCW3t6tGc85EN9ZTrXUR0iUEnwyzYQ13nFnkgmVOLxCDjld/DqL
wAtQXyV8X7hLzBYx
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:57:33 2025 by rpki-client