Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/4QONSfuTHDtWmq4xHF-Y4WngC2k.roa
File: 4QONSfuTHDtWmq4xHF-Y4WngC2k.roa (raw, json)
Hash identifier: NjNE5tJNIEq0pZUV7PRCPEW0W3+DXmzYg2BJA1zUsxg=
Subject key identifier: E1:03:8D:49:FB:93:1C:3B:56:9A:AE:31:1C:5F:98:E1:69:E0:0B:69
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 64EE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4QONSfuTHDtWmq4xHF-Y4WngC2k.roa
Signing time: Tue 27 May 2025 05:41:16 +0000
ROA not before: Tue 27 May 2025 05:41:16 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25838 (0x64ee)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 27 05:41:16 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=E1038D49FB931C3B569AAE311C5F98E169E00B69
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:e9:56:2b:9b:78:4a:f9:a9:51:69:a5:89:6b:
99:e1:6c:ad:ff:1a:7c:35:40:bd:a9:bb:44:33:da:
f1:f5:e8:2a:a2:9e:ce:96:1f:e7:ae:6c:89:00:57:
97:72:02:d6:59:9f:e6:73:2f:51:81:59:57:f5:f7:
90:dc:44:6e:61:ed:c8:6d:5b:2e:ad:b9:d1:d1:0a:
02:02:ca:88:b6:fd:95:ee:04:db:e5:9b:03:5a:14:
64:fc:22:1a:4b:b6:7d:5f:2c:b4:a7:cf:71:ef:bc:
a9:2d:72:76:43:3f:62:e6:f6:4e:65:9a:82:38:76:
d1:52:64:ad:7b:74:c3:bd:cb:5f:84:5e:34:e9:86:
a1:05:7d:49:d2:00:14:06:60:66:f5:f9:67:54:3b:
bd:56:ea:76:d7:d7:93:0e:43:fd:be:e0:ce:12:6a:
ff:ae:67:d5:cf:b2:ad:57:b4:f1:95:84:fb:67:c4:
ab:26:a2:1c:b8:4e:9c:51:3a:13:b1:5b:5d:19:05:
3a:c2:ca:c0:28:e4:93:5e:15:f9:1b:09:d9:1e:bd:
c6:bb:cd:b6:f3:37:46:08:28:eb:d9:1a:12:3b:a2:
c1:e6:54:b5:d2:bd:27:0c:79:2e:91:99:6b:68:29:
8d:df:52:2f:af:2e:82:cb:93:fb:41:ff:ef:8a:9d:
ed:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:03:8D:49:FB:93:1C:3B:56:9A:AE:31:1C:5F:98:E1:69:E0:0B:69
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4QONSfuTHDtWmq4xHF-Y4WngC2k.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
99:a8:e3:6e:22:68:26:a2:26:3a:73:1b:d7:27:f7:99:90:61:
b3:4e:2e:46:db:bd:60:e3:1a:22:84:48:e0:da:45:8f:ee:a7:
5e:25:81:dd:3a:c6:88:06:4c:43:f4:dc:ed:9e:45:7d:df:b9:
3c:ba:e5:b8:64:67:38:6b:52:4a:5e:5a:8d:82:07:b6:42:20:
e6:eb:e3:44:57:7f:d7:e4:f9:87:98:d0:8b:40:f0:ae:b5:f2:
b4:d5:3f:11:83:5c:22:17:98:85:7a:f0:45:48:0e:6b:4f:f3:
54:d3:64:d2:c4:e3:10:8e:98:d0:c1:12:a5:97:44:39:99:6b:
80:17:f8:62:f6:aa:f1:09:47:03:9d:21:5e:59:ff:0c:11:c7:
2d:8e:fc:4b:df:35:08:b9:de:15:f1:45:21:46:42:03:e7:7d:
b3:ac:34:a3:89:37:f5:0e:1e:63:8a:73:ca:5d:12:bb:0b:07:
d3:9c:03:3f:63:08:8a:9c:0f:12:2a:d3:a6:5b:9f:46:9a:4b:
9d:d7:45:f4:c3:60:2d:c2:ac:4e:5e:2b:22:76:08:d7:b1:91:
98:72:6f:24:1f:4d:28:c0:a2:ac:e7:b3:89:7e:af:d3:f0:b5:
bc:6c:7b:1c:f8:cd:9c:63:22:65:42:52:80:8e:fc:26:17:7f:
10:e9:9a:52
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZO4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1Mjcw
NTQxMTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEUxMDM4RDQ5RkI5MzFD
M0I1NjlBQUUzMTFDNUY5OEUxNjlFMDBCNjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC56VYrm3hK+alRaaWJa5nhbK3/Gnw1QL2pu0Qz2vH16Cqins6W
H+eubIkAV5dyAtZZn+ZzL1GBWVf195DcRG5h7chtWy6tudHRCgICyoi2/ZXuBNvl
mwNaFGT8IhpLtn1fLLSnz3HvvKktcnZDP2Lm9k5lmoI4dtFSZK17dMO9y1+EXjTp
hqEFfUnSABQGYGb1+WdUO71W6nbX15MOQ/2+4M4Sav+uZ9XPsq1XtPGVhPtnxKsm
ohy4TpxROhOxW10ZBTrCysAo5JNeFfkbCdkevca7zbbzN0YIKOvZGhI7osHmVLXS
vScMeS6RmWtoKY3fUi+vLoLLk/tB/++Kne3/AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU4QONSfuTHDtWmq4xHF+Y4WngC2kwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzRRT05TZnVUSER0V21x
NHhIRi1ZNFduZ0Myay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCZqONu
ImgmoiY6cxvXJ/eZkGGzTi5G271g4xoihEjg2kWP7qdeJYHdOsaIBkxD9NztnkV9
37k8uuW4ZGc4a1JKXlqNgge2QiDm6+NEV3/X5PmHmNCLQPCutfK01T8Rg1wiF5iF
evBFSA5rT/NU02TSxOMQjpjQwRKll0Q5mWuAF/hi9qrxCUcDnSFeWf8MEcctjvxL
3zUIud4V8UUhRkID532zrDSjiTf1Dh5jinPKXRK7CwfTnAM/YwiKnA8SKtOmW59G
mkud10X0w2AtwqxOXisidgjXsZGYcm8kH00owKKs57OJfq/T8LW8bHsc+M2cYyJl
QlKAjvwmF38Q6ZpS
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:45:19 2025 by rpki-client