Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/IPQtuhppDip3N7uChw3DsYmWLAc.roa
File: IPQtuhppDip3N7uChw3DsYmWLAc.roa (raw, json)
Hash identifier: ghOyaQW4fx+gpqYf/8AZXBRhMNO1vaCej5Afmb640uU=
Subject key identifier: 20:F4:2D:BA:1A:69:0E:2A:77:37:BB:82:87:0D:C3:B1:89:96:2C:07
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 63BA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/IPQtuhppDip3N7uChw3DsYmWLAc.roa
Signing time: Sat 24 May 2025 00:40:51 +0000
ROA not before: Sat 24 May 2025 00:40:51 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25530 (0x63ba)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 24 00:40:51 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=20F42DBA1A690E2A7737BB82870DC3B189962C07
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:f7:e5:db:c0:12:b2:2a:ac:87:76:6e:0b:04:
9f:7b:49:b8:bf:35:e8:40:ec:e7:9d:b3:17:df:32:
36:c8:2b:68:1f:e1:45:c6:a1:b4:64:c7:6f:51:60:
d0:51:c0:89:63:c1:e1:93:df:14:a5:83:2d:9a:f7:
73:d3:41:ed:a9:02:c7:ca:a4:66:fd:8a:ca:0d:12:
65:91:3c:83:16:ab:dc:65:cf:3d:43:b7:e9:80:0d:
2e:13:b4:19:77:43:d9:b9:f8:46:9e:b1:7c:1a:2e:
c3:af:16:89:c1:95:44:52:6a:fe:6d:ab:d7:cf:39:
76:ec:6f:c6:2f:2f:45:4f:46:98:16:97:2f:dc:d6:
00:f5:29:95:54:2a:f0:f0:8f:e2:2b:3d:9c:b2:f4:
b3:f1:94:0c:b3:7b:db:ad:ec:0c:77:97:6c:62:9e:
d8:25:dd:71:51:be:0b:5e:c2:16:4e:c9:a8:b2:8f:
49:d4:9f:ab:61:ee:a6:d0:55:f5:65:c0:1e:8a:90:
7d:60:4f:79:b4:2f:49:5f:7d:08:bb:eb:58:b2:9d:
a4:27:23:b9:0b:61:7f:22:6c:a4:71:48:63:e7:14:
c2:23:58:65:46:fb:3f:98:3b:04:b9:4c:81:e1:85:
03:d0:33:b5:0b:a7:f5:c5:12:ab:cf:5c:6d:e7:42:
c6:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:F4:2D:BA:1A:69:0E:2A:77:37:BB:82:87:0D:C3:B1:89:96:2C:07
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/IPQtuhppDip3N7uChw3DsYmWLAc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
52:0d:89:24:ff:d5:d6:2a:22:bf:dc:d9:96:42:d3:d9:74:08:
c9:75:21:5a:92:d4:1e:29:62:e5:dc:40:77:bb:b6:ff:9b:fe:
af:01:ef:52:f1:c8:17:8d:ba:59:2d:c3:ad:d7:63:df:60:24:
62:4f:8f:ea:7d:76:f7:dc:0b:25:20:4a:3f:d3:30:8e:5d:14:
3d:86:2e:30:6b:c9:00:83:ba:10:d5:e6:1c:5d:9c:58:64:01:
2c:1c:ed:a4:17:b3:10:23:51:8a:98:1a:72:02:6d:68:be:76:
3d:39:5b:fa:3f:45:a8:c5:15:b6:b5:e2:0e:fd:fa:54:a4:f3:
96:e4:ed:4f:9b:2c:af:f4:cc:c2:bb:a0:1f:f7:10:5e:10:8a:
6c:44:55:0b:8a:d4:b1:d0:68:4e:8d:c2:23:20:15:ab:b7:59:
09:d5:00:c7:f3:2e:5c:10:45:60:88:5c:58:9e:c3:1e:2b:dd:
b5:3d:49:ed:34:d6:86:b2:57:e8:24:b6:42:36:1a:20:68:57:
cd:74:8b:de:6a:58:9b:5c:e6:9a:2f:3d:ae:e4:ed:37:99:68:
34:14:f0:39:71:ad:7c:2b:2f:83:2a:e4:de:e0:06:ea:1a:13:
bb:1b:27:c2:aa:a7:a1:19:ef:be:a6:7d:34:ae:95:cc:6c:91:
ed:20:5f:6a
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICY7owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjQw
MDQwNTFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDIwRjQyREJBMUE2OTBF
MkE3NzM3QkI4Mjg3MERDM0IxODk5NjJDMDcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC59+XbwBKyKqyHdm4LBJ97Sbi/NehA7OedsxffMjbIK2gf4UXG
obRkx29RYNBRwIljweGT3xSlgy2a93PTQe2pAsfKpGb9isoNEmWRPIMWq9xlzz1D
t+mADS4TtBl3Q9m5+EaesXwaLsOvFonBlURSav5tq9fPOXbsb8YvL0VPRpgWly/c
1gD1KZVUKvDwj+IrPZyy9LPxlAyze9ut7Ax3l2xintgl3XFRvgtewhZOyaiyj0nU
n6th7qbQVfVlwB6KkH1gT3m0L0lffQi761iynaQnI7kLYX8ibKRxSGPnFMIjWGVG
+z+YOwS5TIHhhQPQM7ULp/XFEqvPXG3nQsbbAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUIPQtuhppDip3N7uChw3DsYmWLAcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0lQUXR1aHBwRGlwM043
dUNodzNEc1ltV0xBYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBSDYkk
/9XWKiK/3NmWQtPZdAjJdSFaktQeKWLl3EB3u7b/m/6vAe9S8cgXjbpZLcOt12Pf
YCRiT4/qfXb33AslIEo/0zCOXRQ9hi4wa8kAg7oQ1eYcXZxYZAEsHO2kF7MQI1GK
mBpyAm1ovnY9OVv6P0WoxRW2teIO/fpUpPOW5O1Pmyyv9MzCu6Af9xBeEIpsRFUL
itSx0GhOjcIjIBWrt1kJ1QDH8y5cEEVgiFxYnsMeK921PUntNNaGslfoJLZCNhog
aFfNdIvealibXOaaLz2u5O03mWg0FPA5ca18Ky+DKuTe4AbqGhO7GyfCqqehGe++
pn00rpXMbJHtIF9q
-----END CERTIFICATE-----
Generated at Sat Jun 7 04:25:15 2025 by rpki-client