Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/QbEmq628RpzTrAYBwlytCizuyF8.roa
File: QbEmq628RpzTrAYBwlytCizuyF8.roa (raw, json)
Hash identifier: 3V3z8SHDHhAR2AHtpKHp5BivYrIgg/M/s/RO+zFS3Cs=
Subject key identifier: 41:B1:26:AB:AD:BC:46:9C:D3:AC:06:01:C2:5C:AD:0A:2C:EE:C8:5F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 75F0
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/QbEmq628RpzTrAYBwlytCizuyF8.roa
Signing time: Fri 11 Jul 2025 20:12:22 +0000
ROA not before: Fri 11 Jul 2025 20:12:22 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30192 (0x75f0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 11 20:12:22 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=41B126ABADBC469CD3AC0601C25CAD0A2CEEC85F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:2e:01:d3:29:a8:b9:c3:ac:d7:2b:bf:dc:91:
b7:16:15:f1:1c:80:82:4d:32:7c:3f:30:e3:09:45:
ca:c1:aa:25:a2:d1:53:0e:ca:75:c2:ea:57:9d:20:
c2:2f:47:50:8e:8d:b5:ff:a8:e1:03:e2:99:4b:b2:
3b:8d:ad:fd:8c:d3:35:d7:8a:30:44:bd:cb:69:70:
9c:1f:36:2f:1b:0f:1e:e9:5e:a2:47:82:6c:9f:ce:
e6:34:0c:43:38:3d:c2:27:60:da:b6:9a:d2:49:f7:
90:04:86:05:d1:c8:f6:c3:7a:d7:3d:b4:88:20:93:
d4:b5:2d:2e:87:83:6e:32:eb:2f:85:8f:10:4a:32:
f6:c5:1b:a8:8c:12:01:b5:19:e4:5a:fe:49:0d:32:
17:95:db:5e:eb:96:39:2c:50:51:5c:79:f3:3f:7b:
0c:16:e1:f6:55:73:24:0c:0f:c1:f9:47:36:0f:81:
1f:11:37:6f:c5:4b:92:99:20:5f:77:0f:3f:12:cc:
b3:de:d0:db:1b:fe:b1:df:63:43:86:0f:36:cf:66:
93:7b:b3:04:85:66:fc:07:e7:8d:20:98:ee:2d:7f:
e2:a3:ee:13:01:64:ef:c3:fc:62:69:05:21:92:33:
c3:5f:7f:cb:e0:99:22:82:a5:1b:47:b3:f6:e2:01:
ac:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:B1:26:AB:AD:BC:46:9C:D3:AC:06:01:C2:5C:AD:0A:2C:EE:C8:5F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/QbEmq628RpzTrAYBwlytCizuyF8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
01:a1:88:6f:0f:67:30:8f:3a:6e:3d:25:47:50:2f:93:7c:77:
66:d6:2c:9e:f2:32:75:57:50:93:e3:e7:a0:c2:4a:bd:e7:12:
a2:01:a9:b7:a1:5f:ae:0a:2b:43:e2:51:40:73:53:03:41:55:
62:c7:a9:f8:ad:d1:c6:fa:e1:fe:7a:a4:20:8c:34:de:2e:43:
f7:73:80:7d:62:bc:69:de:5c:70:e4:40:48:0c:e6:1c:3f:18:
a8:83:b5:7d:d3:82:7b:bb:ea:1f:de:d7:af:a1:cc:e1:c4:f6:
7b:f8:94:a8:f2:74:30:a1:67:29:31:80:db:90:e5:bf:14:ac:
2b:0d:80:38:df:d9:ed:d1:a7:73:38:a5:26:da:89:47:3e:7e:
8a:54:19:0b:d3:d8:0e:e1:02:c0:78:0b:55:4d:b9:0f:4a:a9:
ac:36:05:ee:ff:6a:86:3c:68:83:7b:14:e0:0d:42:ea:b2:08:
cf:eb:20:2f:a0:89:a2:fd:bf:f6:98:7c:56:cb:bc:be:d2:d7:
ee:ae:a5:8b:d9:e2:8e:7c:f5:74:ee:f2:24:a5:e5:82:34:7d:
5b:a7:3c:fa:d4:11:43:20:b3:dd:dc:a7:5d:34:4b:3d:1e:e6:
a0:e9:30:41:90:f1:21:4b:d5:c2:18:75:99:4e:0b:a5:4e:95:
50:79:9c:cd
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdfAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTEy
MDEyMjJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDQxQjEyNkFCQURCQzQ2
OUNEM0FDMDYwMUMyNUNBRDBBMkNFRUM4NUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQChLgHTKai5w6zXK7/ckbcWFfEcgIJNMnw/MOMJRcrBqiWi0VMO
ynXC6ledIMIvR1COjbX/qOED4plLsjuNrf2M0zXXijBEvctpcJwfNi8bDx7pXqJH
gmyfzuY0DEM4PcInYNq2mtJJ95AEhgXRyPbDetc9tIggk9S1LS6Hg24y6y+FjxBK
MvbFG6iMEgG1GeRa/kkNMheV217rljksUFFcefM/ewwW4fZVcyQMD8H5RzYPgR8R
N2/FS5KZIF93Dz8SzLPe0Nsb/rHfY0OGDzbPZpN7swSFZvwH540gmO4tf+Kj7hMB
ZO/D/GJpBSGSM8Nff8vgmSKCpRtHs/biAaxbAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUQbEmq628RpzTrAYBwlytCizuyF8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1FiRW1xNjI4UnB6VHJB
WUJ3bHl0Q2l6dXlGOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQABoYhv
D2cwjzpuPSVHUC+TfHdm1iye8jJ1V1CT4+egwkq95xKiAam3oV+uCitD4lFAc1MD
QVVix6n4rdHG+uH+eqQgjDTeLkP3c4B9Yrxp3lxw5EBIDOYcPxiog7V904J7u+of
3tevoczhxPZ7+JSo8nQwoWcpMYDbkOW/FKwrDYA439nt0adzOKUm2olHPn6KVBkL
09gO4QLAeAtVTbkPSqmsNgXu/2qGPGiDexTgDULqsgjP6yAvoImi/b/2mHxWy7y+
0tfurqWL2eKOfPV07vIkpeWCNH1bpzz61BFDILPd3KddNEs9Huag6TBBkPEhS9XC
GHWZTgulTpVQeZzN
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:58:00 2025 by rpki-client