Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/QjjRDbp_rntvJ2gUA0onGQSd-wM.roa
File: QjjRDbp_rntvJ2gUA0onGQSd-wM.roa (raw, json)
Hash identifier: kWpq4CncuWCXxsVITALNPO7s3lYcnVMUzhCyX5+I3o0=
Subject key identifier: 42:38:D1:0D:BA:7F:AE:7B:6F:27:68:14:03:4A:27:19:04:9D:FB:03
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7774
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/QjjRDbp_rntvJ2gUA0onGQSd-wM.roa
Signing time: Tue 15 Jul 2025 21:11:54 +0000
ROA not before: Tue 15 Jul 2025 21:11:54 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30580 (0x7774)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 15 21:11:54 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=4238D10DBA7FAE7B6F276814034A2719049DFB03
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:75:69:f0:96:f4:d6:e4:88:71:3a:51:65:26:
48:89:0a:e2:a3:22:e6:0f:d9:8f:7d:ca:05:6e:d1:
4f:d0:8f:47:58:54:50:25:c6:7c:86:4d:06:a3:b4:
5e:e6:c9:2d:4f:56:88:e1:49:3c:ea:a7:c2:8e:cb:
fd:01:79:9d:d4:2f:b0:dc:93:45:f7:eb:69:ba:4d:
b6:f0:cc:2e:c6:60:b0:64:74:54:f1:09:7c:2f:77:
c9:a5:5a:43:9f:46:a6:ad:ea:c2:c1:91:63:fb:59:
94:81:33:9a:f4:19:dc:b3:db:b8:7b:ac:35:c0:0b:
a5:95:40:41:d1:9d:39:2c:93:df:9a:1d:c5:b3:8c:
c6:0a:4e:03:a8:0f:3d:73:ce:99:ac:b1:ae:50:22:
01:58:9f:35:c1:6c:4d:96:50:35:6e:fe:73:c3:35:
1b:4a:06:26:5c:b0:4d:8c:10:0e:44:b7:51:ee:3c:
ec:d3:59:e3:ef:b4:4e:ac:19:44:cb:e4:6a:57:31:
b8:fd:28:c6:b3:55:0e:b7:7a:e1:a0:8d:36:36:59:
fb:25:8e:a2:0c:fc:45:6b:a6:29:6c:80:30:6e:14:
bb:98:ab:78:90:a5:a3:de:e1:80:a7:eb:74:98:41:
31:ab:4b:69:9b:f2:3e:3d:51:7c:51:5a:78:65:4c:
17:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:38:D1:0D:BA:7F:AE:7B:6F:27:68:14:03:4A:27:19:04:9D:FB:03
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/QjjRDbp_rntvJ2gUA0onGQSd-wM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
97:96:23:e7:1d:27:4d:dc:1a:5a:cf:06:c3:cf:6a:c6:72:6d:
25:d8:8a:10:06:56:fe:3d:a2:97:d3:59:f8:58:67:86:9c:ce:
d2:a3:3e:5f:7a:81:c9:66:10:85:07:c0:84:18:ef:d1:22:3c:
3c:5c:0a:18:ba:b7:73:34:f9:be:ed:29:04:ec:c5:04:e3:a4:
6d:b0:3f:2f:99:e0:89:70:55:f5:7f:7c:bc:1f:8d:7f:3d:89:
b8:a0:d5:91:77:d7:1f:d9:08:3e:1f:70:c0:42:2e:d4:c9:3b:
00:cd:0f:1f:cd:71:08:e1:3d:98:07:ef:85:4f:16:fe:29:64:
71:37:80:a8:0c:26:01:bd:10:dd:3f:9c:cf:34:8e:a7:00:4a:
50:ae:09:4c:37:bc:21:04:8a:f7:ee:8b:3d:39:95:b6:61:ab:
4b:bd:b8:ed:2f:4f:47:d9:8e:94:44:af:f3:70:5d:d9:e4:42:
b5:6e:90:70:46:06:5b:d8:b2:c4:f0:09:16:41:6f:af:a2:bf:
64:56:e5:47:a4:a5:56:fc:6e:57:7c:dd:3f:fa:7f:93:01:07:
d8:ef:43:89:1d:02:b8:04:e3:e1:fa:94:46:44:d9:8f:89:43:
21:07:d1:b6:b3:e9:e6:c6:38:ca:59:f1:80:22:86:f2:b7:f8:
81:51:99:a7
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICd3QwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTUy
MTExNTRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDQyMzhEMTBEQkE3RkFF
N0I2RjI3NjgxNDAzNEEyNzE5MDQ5REZCMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDIdWnwlvTW5IhxOlFlJkiJCuKjIuYP2Y99ygVu0U/Qj0dYVFAl
xnyGTQajtF7myS1PVojhSTzqp8KOy/0BeZ3UL7Dck0X362m6TbbwzC7GYLBkdFTx
CXwvd8mlWkOfRqat6sLBkWP7WZSBM5r0Gdyz27h7rDXAC6WVQEHRnTksk9+aHcWz
jMYKTgOoDz1zzpmssa5QIgFYnzXBbE2WUDVu/nPDNRtKBiZcsE2MEA5Et1HuPOzT
WePvtE6sGUTL5GpXMbj9KMazVQ63euGgjTY2WfsljqIM/EVrpilsgDBuFLuYq3iQ
paPe4YCn63SYQTGrS2mb8j49UXxRWnhlTBdTAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUQjjRDbp/rntvJ2gUA0onGQSd+wMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1FqalJEYnBfcm50dkoy
Z1VBMG9uR1FTZC13TS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCXliPn
HSdN3BpazwbDz2rGcm0l2IoQBlb+PaKX01n4WGeGnM7Soz5feoHJZhCFB8CEGO/R
Ijw8XAoYurdzNPm+7SkE7MUE46RtsD8vmeCJcFX1f3y8H41/PYm4oNWRd9cf2Qg+
H3DAQi7UyTsAzQ8fzXEI4T2YB++FTxb+KWRxN4CoDCYBvRDdP5zPNI6nAEpQrglM
N7whBIr37os9OZW2YatLvbjtL09H2Y6URK/zcF3Z5EK1bpBwRgZb2LLE8AkWQW+v
or9kVuVHpKVW/G5XfN0/+n+TAQfY70OJHQK4BOPh+pRGRNmPiUMhB9G2s+nmxjjK
WfGAIobyt/iBUZmn
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:46:42 2025 by rpki-client