Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/BKQyO-76bae-fp5q-XeG2tKBEj0.roa
File: BKQyO-76bae-fp5q-XeG2tKBEj0.roa (raw, json)
Hash identifier: UV+Qvp1jli46TXhVbiAWetA68p8vPwieZWjDvHgHtM4=
Subject key identifier: 04:A4:32:3B:EE:FA:6D:A7:BE:7E:9E:6A:F9:77:86:DA:D2:81:12:3D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7286
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/BKQyO-76bae-fp5q-XeG2tKBEj0.roa
Signing time: Wed 02 Jul 2025 17:15:05 +0000
ROA not before: Wed 02 Jul 2025 17:15:05 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29318 (0x7286)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 2 17:15:05 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=04A4323BEEFA6DA7BE7E9E6AF97786DAD281123D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:71:81:a2:ba:d0:ab:b1:48:04:43:b3:2a:45:
66:42:f5:a6:3d:e4:d6:21:d7:57:b8:ed:fc:c9:35:
08:a4:20:8e:b1:3c:7c:6c:1e:ff:6d:ad:61:2c:b1:
a3:40:5f:4b:e4:4d:35:09:75:c4:57:83:8e:ea:ef:
98:cb:43:6c:8e:62:a2:2b:c9:15:ee:66:c5:0e:7b:
ae:78:fc:24:5f:9b:a0:45:46:b3:3a:87:ea:c2:65:
49:06:53:e4:5a:97:6b:65:c7:a4:70:e4:b9:84:51:
dd:a7:0b:88:25:ca:f9:01:da:75:74:b4:52:ae:c7:
90:5a:1d:a6:91:bb:8f:35:f8:c8:d0:26:c8:aa:78:
f2:e1:da:34:3d:fc:1d:6b:fc:10:c3:57:59:35:41:
db:58:b3:4e:69:8b:42:52:b4:aa:63:1f:64:71:fd:
17:a0:cf:f9:dd:33:74:70:2a:81:5f:85:f9:e4:a8:
3d:29:87:fe:06:ae:e3:13:5f:0a:3d:6a:07:e0:57:
4b:9c:16:71:1b:3d:58:d6:0c:40:8a:f3:03:05:cb:
53:6c:f4:64:7a:8e:ef:09:3a:bc:bf:1e:27:9e:cc:
23:dc:ee:be:56:c1:4c:79:bd:3b:e8:34:29:2b:e5:
24:0a:3b:de:91:cf:c6:f2:9f:06:d9:4b:f2:4c:9d:
23:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:A4:32:3B:EE:FA:6D:A7:BE:7E:9E:6A:F9:77:86:DA:D2:81:12:3D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/BKQyO-76bae-fp5q-XeG2tKBEj0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
6f:01:d0:1b:3f:b6:04:07:08:11:ac:c1:d1:1e:5e:3a:d2:aa:
39:4d:99:a5:10:59:a0:9a:da:40:bb:43:0b:5b:ee:c8:83:e5:
3f:e7:4c:bf:08:24:09:40:ac:b2:0f:58:a3:b4:f1:bd:6a:bf:
42:b8:e6:9d:11:bd:5c:96:1c:3f:64:15:9e:5f:6e:be:7d:cb:
d4:4c:e8:10:6b:01:16:ee:78:39:f5:d6:5f:c2:85:69:11:9f:
49:ae:ea:4b:f3:85:d7:63:0b:7b:eb:3a:2f:b5:93:a2:af:6f:
66:b6:1f:0b:87:72:6f:c0:7c:1a:3f:f5:da:6e:3f:09:75:c8:
33:5e:ea:0d:8d:6e:19:35:71:65:56:87:18:db:64:21:36:4e:
b0:fa:37:94:44:eb:89:01:69:03:6b:9e:a4:0e:ff:a3:3a:e2:
a4:cb:d8:2d:16:0c:08:00:63:27:48:b5:cb:f6:af:23:7d:f8:
22:a7:31:30:f7:f8:83:77:14:af:7b:f1:bc:f8:64:91:a9:3f:
8f:ab:61:05:cf:d0:bf:6f:69:9b:53:26:6c:94:9d:48:f4:10:
27:ff:0d:16:24:62:ec:d5:18:52:8f:d9:64:85:e7:58:34:7b:
ce:a2:b2:f5:83:93:e7:d7:97:b1:bf:ca:b9:c9:9a:7c:bc:bb:
fc:0a:3a:0c
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcoYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDIx
NzE1MDVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDA0QTQzMjNCRUVGQTZE
QTdCRTdFOUU2QUY5Nzc4NkRBRDI4MTEyM0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDOcYGiutCrsUgEQ7MqRWZC9aY95NYh11e47fzJNQikII6xPHxs
Hv9trWEssaNAX0vkTTUJdcRXg47q75jLQ2yOYqIryRXuZsUOe654/CRfm6BFRrM6
h+rCZUkGU+Ral2tlx6Rw5LmEUd2nC4glyvkB2nV0tFKux5BaHaaRu481+MjQJsiq
ePLh2jQ9/B1r/BDDV1k1QdtYs05pi0JStKpjH2Rx/Regz/ndM3RwKoFfhfnkqD0p
h/4GruMTXwo9agfgV0ucFnEbPVjWDECK8wMFy1Ns9GR6ju8JOry/HieezCPc7r5W
wUx5vTvoNCkr5SQKO96Rz8bynwbZS/JMnSO9AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUBKQyO+76bae+fp5q+XeG2tKBEj0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0JLUXlPLTc2YmFlLWZw
NXEtWGVHMnRLQkVqMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBvAdAb
P7YEBwgRrMHRHl460qo5TZmlEFmgmtpAu0MLW+7Ig+U/50y/CCQJQKyyD1ijtPG9
ar9CuOadEb1clhw/ZBWeX26+fcvUTOgQawEW7ng59dZfwoVpEZ9JrupL84XXYwt7
6zovtZOir29mth8Lh3JvwHwaP/Xabj8JdcgzXuoNjW4ZNXFlVocY22QhNk6w+jeU
ROuJAWkDa56kDv+jOuKky9gtFgwIAGMnSLXL9q8jffgipzEw9/iDdxSve/G8+GSR
qT+Pq2EFz9C/b2mbUyZslJ1I9BAn/w0WJGLs1RhSj9lkhedYNHvOorL1g5Pn15ex
v8q5yZp8vLv8CjoM
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:57:53 2025 by rpki-client