Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Q4JHjbVDlQGYO6hmxnqDRyWsIPQ.roa
File: Q4JHjbVDlQGYO6hmxnqDRyWsIPQ.roa (raw, json)
Hash identifier: 1nUzAkuoIQNRrXoUpXK62abrUVjbq/QtOUl/T6Ni8hE=
Subject key identifier: 43:82:47:8D:B5:43:95:01:98:3B:A8:66:C6:7A:83:47:25:AC:20:F4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 76A0
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Q4JHjbVDlQGYO6hmxnqDRyWsIPQ.roa
Signing time: Sun 13 Jul 2025 16:11:46 +0000
ROA not before: Sun 13 Jul 2025 16:11:46 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30368 (0x76a0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 13 16:11:46 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=4382478DB5439501983BA866C67A834725AC20F4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:7c:24:79:e7:e8:08:8e:9a:62:e4:9c:a5:96:
c6:f6:6f:1e:e4:40:9d:43:4c:eb:17:e8:e7:15:03:
ef:1a:3c:e2:82:d4:40:35:59:78:b9:98:47:fa:95:
4f:de:04:97:f6:69:af:a6:34:7d:3d:30:5b:8c:fd:
01:79:78:84:92:c7:f0:78:94:ba:47:af:73:b7:e0:
2e:1d:3e:76:85:7f:a7:54:ea:c4:36:f7:3c:db:74:
c8:da:46:6a:21:b0:f5:2b:49:72:74:be:2a:9b:a6:
56:9c:2d:0e:b5:39:e1:74:39:e7:22:3b:86:51:40:
b1:da:cb:ee:f8:4b:44:a8:d1:39:28:62:b4:56:c5:
cf:c4:7e:b6:6b:f7:f2:9d:4c:b8:7c:c2:e6:2d:47:
e3:97:0d:3c:48:97:c9:1c:c4:7c:c3:d9:79:68:65:
60:ba:f6:54:21:8c:6c:a3:2c:47:4d:da:48:9e:e6:
c0:22:d1:1a:9d:06:7b:28:29:84:bb:dc:d7:80:58:
04:d6:bd:88:e9:f6:48:72:37:a4:31:4f:df:90:4a:
cc:06:bf:b7:ab:ef:dd:83:b5:88:9d:ab:05:ed:77:
04:c7:0c:1f:ad:a5:e2:0e:9c:c1:52:44:6e:ed:d0:
05:5d:16:e6:d9:ff:07:93:4b:47:8b:1e:5e:d7:30:
0d:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:82:47:8D:B5:43:95:01:98:3B:A8:66:C6:7A:83:47:25:AC:20:F4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Q4JHjbVDlQGYO6hmxnqDRyWsIPQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
04:9e:cf:5e:68:b2:08:f8:4a:00:9e:44:c1:e1:d1:58:87:f1:
3f:7d:32:12:6f:26:9e:f0:07:8b:23:d4:71:48:09:d2:04:1e:
85:2e:39:1c:4b:7b:e5:f9:7a:42:ed:50:89:d4:c8:39:54:5c:
b7:77:74:4c:10:ce:e7:d0:26:34:24:33:c2:6b:7a:70:68:cb:
09:31:c6:d7:4a:be:75:5e:56:02:c1:b0:6b:35:de:4f:50:6a:
05:52:24:1e:a8:5c:0c:20:a6:87:4d:5b:9f:4c:cc:f2:b4:6b:
40:1f:54:b8:3b:7a:ac:b6:e7:e5:33:3f:a3:96:dc:39:55:d6:
dd:05:3e:e6:22:49:52:5f:b3:c8:73:24:79:5a:0a:36:8f:5f:
c7:b4:14:9f:94:14:c8:68:b7:f4:75:ad:17:94:dd:5b:d6:ee:
58:9c:2a:5c:5e:90:62:ef:45:93:1f:5c:73:93:ab:da:a2:ce:
f8:59:e2:a8:11:d4:00:f9:ec:71:0b:5f:ec:a5:42:22:8a:16:
51:e7:c2:f5:ba:1e:5f:1a:9d:75:42:f9:75:ba:06:fc:8f:a2:
22:fd:d8:36:e9:5b:9c:8c:d8:8d:a1:f2:9d:41:45:64:0f:b4:
17:09:22:d0:27:63:34:9e:a0:c8:bb:de:42:5c:1c:d2:4e:dd:
b5:29:10:bf
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdqAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTMx
NjExNDZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDQzODI0NzhEQjU0Mzk1
MDE5ODNCQTg2NkM2N0E4MzQ3MjVBQzIwRjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCXfCR55+gIjppi5Jyllsb2bx7kQJ1DTOsX6OcVA+8aPOKC1EA1
WXi5mEf6lU/eBJf2aa+mNH09MFuM/QF5eISSx/B4lLpHr3O34C4dPnaFf6dU6sQ2
9zzbdMjaRmohsPUrSXJ0viqbplacLQ61OeF0OeciO4ZRQLHay+74S0So0TkoYrRW
xc/EfrZr9/KdTLh8wuYtR+OXDTxIl8kcxHzD2XloZWC69lQhjGyjLEdN2kie5sAi
0RqdBnsoKYS73NeAWATWvYjp9khyN6QxT9+QSswGv7er792DtYidqwXtdwTHDB+t
peIOnMFSRG7t0AVdFubZ/weTS0eLHl7XMA1xAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUQ4JHjbVDlQGYO6hmxnqDRyWsIPQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1E0SkhqYlZEbFFHWU82
aG14bnFEUnlXc0lQUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAEns9e
aLII+EoAnkTB4dFYh/E/fTISbyae8AeLI9RxSAnSBB6FLjkcS3vl+XpC7VCJ1Mg5
VFy3d3RMEM7n0CY0JDPCa3pwaMsJMcbXSr51XlYCwbBrNd5PUGoFUiQeqFwMIKaH
TVufTMzytGtAH1S4O3qstuflMz+jltw5VdbdBT7mIklSX7PIcyR5Wgo2j1/HtBSf
lBTIaLf0da0XlN1b1u5YnCpcXpBi70WTH1xzk6vaos74WeKoEdQA+exxC1/spUIi
ihZR58L1uh5fGp11Qvl1ugb8j6Ii/dg26VucjNiNofKdQUVkD7QXCSLQJ2M0nqDI
u95CXBzSTt21KRC/
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:37:47 2025 by rpki-client