Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/QNjph2U6BqBz-eGnlFZjqSHcsEw.roa
File: QNjph2U6BqBz-eGnlFZjqSHcsEw.roa (raw, json)
Hash identifier: s/YDO3mhrL995huFM2lvGRtkChr54J1/932XiRmjsag=
Subject key identifier: 40:D8:E9:87:65:3A:06:A0:73:F9:E1:A7:94:56:63:A9:21:DC:B0:4C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6400
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/QNjph2U6BqBz-eGnlFZjqSHcsEw.roa
Signing time: Sat 24 May 2025 18:10:56 +0000
ROA not before: Sat 24 May 2025 18:10:56 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25600 (0x6400)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 24 18:10:56 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=40D8E987653A06A073F9E1A7945663A921DCB04C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:8c:22:49:57:c8:83:10:e6:a5:99:61:14:b4:
c0:3f:22:4e:e3:22:c1:e8:bb:00:91:3b:2f:a1:2e:
3d:a4:e8:45:11:db:10:b8:e9:3a:2f:be:1a:9d:97:
e3:14:55:04:3a:ee:1b:bc:ff:04:6c:15:ac:e4:d1:
76:87:1a:a0:bf:40:68:85:99:46:df:3f:13:19:4e:
6d:99:18:1a:cb:fb:63:7d:92:f7:79:62:02:5f:15:
6d:6c:9b:f6:59:40:69:ac:2d:9c:cd:2e:5b:bb:32:
64:0b:66:ef:e5:98:8b:cc:fe:bf:0d:42:6e:1f:de:
b8:5f:36:18:64:41:1f:7d:22:b3:e2:e3:cc:a7:1f:
a9:c4:a4:50:b4:54:e7:c4:37:8c:ec:37:0e:87:d3:
89:96:a1:04:ca:2f:d9:fe:74:5d:23:2a:20:13:0d:
56:41:6d:4c:ad:cf:38:1d:93:1e:c7:a7:54:84:07:
44:23:30:ab:f8:b0:71:e7:65:a1:52:c8:ae:81:e4:
71:91:fd:62:57:40:8d:c8:e3:3a:04:a5:6d:cc:08:
2a:2a:2e:f0:94:93:18:de:33:af:bc:df:04:a3:63:
1e:5a:64:5a:a2:38:b2:63:24:b1:7c:b6:09:db:89:
15:78:25:5a:7f:a0:3a:3c:e7:14:07:cc:22:1f:9d:
9e:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:D8:E9:87:65:3A:06:A0:73:F9:E1:A7:94:56:63:A9:21:DC:B0:4C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/QNjph2U6BqBz-eGnlFZjqSHcsEw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
00:47:07:49:ec:2d:14:33:e9:44:83:79:35:0b:a2:3f:02:b9:
de:e2:4a:98:ca:2a:f0:e1:a5:ef:87:db:68:67:a5:11:bd:2f:
c1:f3:b3:ec:28:32:fe:a4:db:d9:06:ff:cf:7c:ff:9c:57:90:
ff:cf:a3:26:33:6b:6a:a9:81:d5:6f:75:40:b5:c1:df:26:a6:
fe:44:c5:a6:da:06:80:d2:26:bf:c8:dc:25:33:6a:eb:84:5d:
f5:97:b2:e2:9d:b3:a6:50:4f:8f:0e:3b:90:ce:1f:8c:07:ed:
20:cf:55:56:4e:08:b5:29:ab:4c:6d:5d:84:3b:c8:f5:92:a7:
70:78:51:30:4c:8a:ec:31:ea:fc:78:23:3e:95:5c:6d:ee:7a:
82:59:3f:fd:8d:a7:e0:97:d2:2e:a1:dd:bf:a9:a2:e0:e5:ce:
03:eb:0a:d4:2f:03:e1:d5:e1:c7:37:23:76:1f:e4:17:54:ac:
28:87:fa:ff:87:bb:20:94:76:00:40:e2:cd:92:8f:16:3e:e3:
10:e9:c7:ea:cc:de:58:21:7d:e9:10:c6:ff:22:7e:c8:c5:ea:
4c:c5:b2:4b:21:44:58:2d:67:99:bb:6b:7c:ad:8d:54:6c:37:
9e:95:63:ae:72:9d:6e:bf:3f:9c:ad:60:30:98:e3:ab:5f:2f:
1b:66:d5:81
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZAAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjQx
ODEwNTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDQwRDhFOTg3NjUzQTA2
QTA3M0Y5RTFBNzk0NTY2M0E5MjFEQ0IwNEMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDrjCJJV8iDEOalmWEUtMA/Ik7jIsHouwCROy+hLj2k6EUR2xC4
6Tovvhqdl+MUVQQ67hu8/wRsFazk0XaHGqC/QGiFmUbfPxMZTm2ZGBrL+2N9kvd5
YgJfFW1sm/ZZQGmsLZzNLlu7MmQLZu/lmIvM/r8NQm4f3rhfNhhkQR99IrPi48yn
H6nEpFC0VOfEN4zsNw6H04mWoQTKL9n+dF0jKiATDVZBbUytzzgdkx7Hp1SEB0Qj
MKv4sHHnZaFSyK6B5HGR/WJXQI3I4zoEpW3MCCoqLvCUkxjeM6+83wSjYx5aZFqi
OLJjJLF8tgnbiRV4JVp/oDo85xQHzCIfnZ6xAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUQNjph2U6BqBz+eGnlFZjqSHcsEwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1FOanBoMlU2QnFCei1l
R25sRlpqcVNIY3NFdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAARwdJ
7C0UM+lEg3k1C6I/Arne4kqYyirw4aXvh9toZ6URvS/B87PsKDL+pNvZBv/PfP+c
V5D/z6MmM2tqqYHVb3VAtcHfJqb+RMWm2gaA0ia/yNwlM2rrhF31l7LinbOmUE+P
DjuQzh+MB+0gz1VWTgi1KatMbV2EO8j1kqdweFEwTIrsMer8eCM+lVxt7nqCWT/9
jafgl9Iuod2/qaLg5c4D6wrULwPh1eHHNyN2H+QXVKwoh/r/h7sglHYAQOLNko8W
PuMQ6cfqzN5YIX3pEMb/In7IxepMxbJLIURYLWeZu2t8rY1UbDeelWOucp1uvz+c
rWAwmOOrXy8bZtWB
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:40:01 2025 by rpki-client