Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Q_xmvXaL99BpBypDYtIunIKtg0c.roa
File: Q_xmvXaL99BpBypDYtIunIKtg0c.roa (raw, json)
Hash identifier: D2kmSejYDXh4hmpaXaPfzjSlSdLQ8KoX5RMwsxiGGTE=
Subject key identifier: 43:FC:66:BD:76:8B:F7:D0:69:07:2A:43:62:D2:2E:9C:82:AD:83:47
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6714
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Q_xmvXaL99BpBypDYtIunIKtg0c.roa
Signing time: Sun 01 Jun 2025 23:11:51 +0000
ROA not before: Sun 01 Jun 2025 23:11:51 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26388 (0x6714)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 1 23:11:51 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=43FC66BD768BF7D069072A4362D22E9C82AD8347
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:50:5d:52:21:a9:88:4d:6b:35:13:80:62:de:
85:6a:16:1e:41:25:79:9d:8c:0e:c8:c5:59:98:1c:
a6:25:cf:eb:89:b4:f1:3f:47:37:8f:5e:87:9a:aa:
ba:e0:80:dd:37:db:ce:1c:d0:86:e8:bc:a1:ed:29:
c4:68:04:59:1d:72:b8:72:69:07:ea:7f:af:51:56:
7e:54:a6:ef:14:55:c4:de:f6:a0:f3:a9:a0:00:b5:
bf:4c:18:b6:4f:a5:f3:c8:6d:6e:b3:7b:e2:55:f2:
22:e9:27:b8:2c:cc:52:86:2c:59:c9:69:85:0f:c6:
64:4c:33:8d:95:ac:fc:7e:0c:5c:55:df:6d:68:56:
d4:fd:e6:44:5c:db:26:bb:7f:20:87:e2:aa:4d:39:
8e:11:39:0f:56:7a:95:f7:4d:f7:82:59:d5:15:82:
27:84:b9:42:3b:73:2d:b1:dc:e1:d1:ae:5e:f1:68:
75:64:ce:3a:72:dc:16:d5:3e:69:cd:df:b3:77:a4:
4e:ef:ca:07:3a:cd:96:1b:80:9e:e5:62:73:f8:e8:
7d:d1:62:20:b7:83:60:0d:4b:4b:2e:8b:d7:32:9e:
99:e6:3a:43:c8:33:c7:6c:6a:d4:1b:a9:12:e8:6c:
86:b8:ac:3a:56:2a:f5:7e:02:f8:0b:c4:11:13:98:
8c:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:FC:66:BD:76:8B:F7:D0:69:07:2A:43:62:D2:2E:9C:82:AD:83:47
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Q_xmvXaL99BpBypDYtIunIKtg0c.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
af:6d:98:ef:4d:6e:3b:3f:f3:59:97:af:63:3e:35:82:ae:59:
ab:e7:b4:cc:4c:22:4b:d7:f4:fe:20:f5:3a:18:2d:99:a3:9e:
26:bb:14:e3:b4:92:c0:88:4f:c2:34:26:27:d3:cd:6a:4b:97:
b9:d1:b7:24:db:eb:ca:07:21:05:40:64:9f:1b:23:21:d3:e8:
ed:5d:b3:32:66:c3:3e:73:e2:95:29:d9:19:da:fb:f8:98:68:
98:27:79:44:72:5d:da:70:8b:db:10:60:2b:88:d3:dc:b5:52:
fe:8c:95:f9:9f:16:69:cc:87:d0:53:05:81:5b:1b:83:e3:05:
bb:a1:7d:d4:03:10:b6:af:b1:33:4c:35:00:f4:db:cd:50:13:
48:98:35:1d:ec:4c:d9:90:c8:e2:fe:aa:4c:1d:65:c9:1f:a9:
78:5c:48:a4:01:95:2c:6c:52:ee:90:cd:75:19:05:c9:ce:5a:
01:fe:8d:dd:97:8e:14:43:ab:c1:7e:52:56:7f:88:3d:37:aa:
7f:28:46:95:d6:64:32:52:55:80:9e:b4:06:ad:d5:30:e1:e1:
eb:b8:e4:90:5b:19:f1:5b:63:da:49:0f:21:a3:7e:cc:bf:22:
72:a9:06:15:ec:12:eb:23:6b:4d:09:e6:0a:37:c0:e9:4f:ba:
e8:f4:a9:cd
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZxQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDEy
MzExNTFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDQzRkM2NkJENzY4QkY3
RDA2OTA3MkE0MzYyRDIyRTlDODJBRDgzNDcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCUF1SIamITWs1E4Bi3oVqFh5BJXmdjA7IxVmYHKYlz+uJtPE/
RzePXoeaqrrggN03284c0IbovKHtKcRoBFkdcrhyaQfqf69RVn5Upu8UVcTe9qDz
qaAAtb9MGLZPpfPIbW6ze+JV8iLpJ7gszFKGLFnJaYUPxmRMM42VrPx+DFxV321o
VtT95kRc2ya7fyCH4qpNOY4ROQ9WepX3TfeCWdUVgieEuUI7cy2x3OHRrl7xaHVk
zjpy3BbVPmnN37N3pE7vygc6zZYbgJ7lYnP46H3RYiC3g2ANS0sui9cynpnmOkPI
M8dsatQbqRLobIa4rDpWKvV+AvgLxBETmIwbAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUQ/xmvXaL99BpBypDYtIunIKtg0cwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1FfeG12WGFMOTlCcEJ5
cERZdEl1bklLdGcwYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCvbZjv
TW47P/NZl69jPjWCrlmr57TMTCJL1/T+IPU6GC2Zo54muxTjtJLAiE/CNCYn081q
S5e50bck2+vKByEFQGSfGyMh0+jtXbMyZsM+c+KVKdkZ2vv4mGiYJ3lEcl3acIvb
EGAriNPctVL+jJX5nxZpzIfQUwWBWxuD4wW7oX3UAxC2r7EzTDUA9NvNUBNImDUd
7EzZkMji/qpMHWXJH6l4XEikAZUsbFLukM11GQXJzloB/o3dl44UQ6vBflJWf4g9
N6p/KEaV1mQyUlWAnrQGrdUw4eHruOSQWxnxW2PaSQ8ho37MvyJyqQYV7BLrI2tN
CeYKN8DpT7ro9KnN
-----END CERTIFICATE-----
Generated at Wed Jun 4 02:10:04 2025 by rpki-client