Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/CqxW0c7NbaH_3fVlAtDH9PkG_PM.roa
File: CqxW0c7NbaH_3fVlAtDH9PkG_PM.roa (raw, json)
Hash identifier: O1PughSFbOzSZGykl7WaFn0v88EMIq6y2bpA4iVKTV4=
Subject key identifier: 0A:AC:56:D1:CE:CD:6D:A1:FF:DD:F5:65:02:D0:C7:F4:F9:06:FC:F3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7620
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/CqxW0c7NbaH_3fVlAtDH9PkG_PM.roa
Signing time: Sat 12 Jul 2025 08:15:03 +0000
ROA not before: Sat 12 Jul 2025 08:15:03 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30240 (0x7620)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 12 08:15:03 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=0AAC56D1CECD6DA1FFDDF56502D0C7F4F906FCF3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:34:7f:ef:6c:36:08:82:4b:c5:72:72:6e:77:
0d:f6:1d:c2:e8:e9:1e:a9:b2:94:9c:ea:05:4c:d6:
07:2c:ca:06:d8:86:a7:d1:c3:07:2f:86:e7:71:b4:
f5:7a:65:b0:d5:3a:47:14:b6:63:06:54:3f:73:96:
5f:fe:a0:a5:56:6a:75:60:c4:7a:27:8e:19:4b:10:
79:12:6b:b3:2e:ad:06:af:1d:f1:3c:53:b2:90:32:
18:16:6b:61:77:6a:40:f6:e1:ec:40:12:38:5d:b5:
06:a4:aa:4a:c3:24:89:a7:41:72:62:73:93:92:a5:
39:9f:57:0a:c5:f8:0f:cc:73:f3:29:1d:49:89:7a:
22:36:eb:c2:6e:09:2b:fe:e7:bb:18:35:e3:8c:94:
3b:d9:02:74:6c:69:e2:c1:04:33:1b:e2:09:a7:61:
97:9d:68:de:b5:24:f1:93:d9:83:36:71:1b:f2:6e:
33:0b:17:94:64:9c:0c:da:b8:9c:bb:c9:79:29:c8:
fd:93:24:0d:01:ee:51:7a:27:58:fd:3f:af:89:77:
b6:75:4a:9a:ae:e0:d4:fc:c5:25:37:9c:aa:ed:6f:
97:24:b6:5b:0d:1d:a4:c1:85:53:b8:f5:72:61:80:
d0:68:b4:95:fa:a4:87:c6:e8:67:a9:cc:55:0c:96:
79:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:AC:56:D1:CE:CD:6D:A1:FF:DD:F5:65:02:D0:C7:F4:F9:06:FC:F3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/CqxW0c7NbaH_3fVlAtDH9PkG_PM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
36:b4:ea:12:9d:2f:af:ce:9b:2e:b2:ca:a6:ee:d9:92:84:78:
6b:a4:29:ab:6f:60:5f:80:91:97:eb:3c:fd:5b:64:49:eb:1a:
51:54:31:af:99:da:28:bf:7f:10:f8:40:a1:09:00:44:77:18:
16:84:da:25:60:13:ad:11:23:6a:69:b9:64:c4:dd:c4:b8:04:
6b:b2:62:c1:da:0c:9c:be:97:aa:0a:26:f5:2f:f1:07:4a:09:
fb:9b:95:0b:4b:15:11:15:57:4e:e8:0f:a2:c9:a7:83:7c:10:
7d:0d:e4:c0:b2:79:cc:a9:09:d9:81:aa:6b:40:9c:38:f6:14:
ec:66:45:0a:bd:86:ce:18:53:da:f4:93:c3:98:d1:42:a8:58:
4c:08:66:25:e5:a8:18:75:37:14:9e:40:65:14:ca:32:6e:0b:
9e:d7:d6:1e:fc:9a:2b:2f:1a:6d:f1:fe:b0:8a:07:35:01:7f:
74:a3:5f:9f:7d:bb:d5:d4:03:cb:81:f6:bb:01:e7:5d:1f:72:
95:59:e8:22:50:db:c0:22:73:73:e0:65:e9:be:9f:26:48:5c:
cb:7d:e5:2e:a0:a2:77:c3:a3:22:c3:24:f4:84:3f:7c:9b:4f:
4f:44:69:3a:c2:20:12:33:01:7f:4a:a6:c8:ef:52:a3:da:1a:
b5:20:54:62
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdiAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTIw
ODE1MDNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDBBQUM1NkQxQ0VDRDZE
QTFGRkRERjU2NTAyRDBDN0Y0RjkwNkZDRjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9NH/vbDYIgkvFcnJudw32HcLo6R6pspSc6gVM1gcsygbYhqfR
wwcvhudxtPV6ZbDVOkcUtmMGVD9zll/+oKVWanVgxHonjhlLEHkSa7MurQavHfE8
U7KQMhgWa2F3akD24exAEjhdtQakqkrDJImnQXJic5OSpTmfVwrF+A/Mc/MpHUmJ
eiI268JuCSv+57sYNeOMlDvZAnRsaeLBBDMb4gmnYZedaN61JPGT2YM2cRvybjML
F5RknAzauJy7yXkpyP2TJA0B7lF6J1j9P6+Jd7Z1Spqu4NT8xSU3nKrtb5cktlsN
HaTBhVO49XJhgNBotJX6pIfG6GepzFUMlnmTAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUCqxW0c7NbaH/3fVlAtDH9PkG/PMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0NxeFcwYzdOYmFIXzNm
VmxBdERIOVBrR19QTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA2tOoS
nS+vzpsussqm7tmShHhrpCmrb2BfgJGX6zz9W2RJ6xpRVDGvmdoov38Q+EChCQBE
dxgWhNolYBOtESNqablkxN3EuARrsmLB2gycvpeqCib1L/EHSgn7m5ULSxURFVdO
6A+iyaeDfBB9DeTAsnnMqQnZgaprQJw49hTsZkUKvYbOGFPa9JPDmNFCqFhMCGYl
5agYdTcUnkBlFMoybgue19Ye/JorLxpt8f6wigc1AX90o1+ffbvV1APLgfa7Aedd
H3KVWegiUNvAInNz4GXpvp8mSFzLfeUuoKJ3w6MiwyT0hD98m09PRGk6wiASMwF/
SqbI71Kj2hq1IFRi
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:33:53 2025 by rpki-client