Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/RQcfDa2I4NWgrSqLlcVQaxDu11k.roa
File: RQcfDa2I4NWgrSqLlcVQaxDu11k.roa (raw, json)
Hash identifier: HsLBdfeC8OJKYZj0XSJUoPOH5EGejZj19yqBFgRcwB8=
Subject key identifier: 45:07:1F:0D:AD:88:E0:D5:A0:AD:2A:8B:95:C5:50:6B:10:EE:D7:59
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6EBC
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/RQcfDa2I4NWgrSqLlcVQaxDu11k.roa
Signing time: Sun 22 Jun 2025 20:44:16 +0000
ROA not before: Sun 22 Jun 2025 20:44:16 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28348 (0x6ebc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 22 20:44:16 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=45071F0DAD88E0D5A0AD2A8B95C5506B10EED759
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:3d:71:bd:ad:8e:b1:c1:5e:f7:f4:31:5e:e9:
62:27:d6:b6:c2:6b:47:54:3b:a6:8d:af:f4:f4:00:
7f:d9:49:a6:b8:7c:f4:02:e7:91:b7:8d:ab:6d:6e:
9c:f6:39:df:b9:39:a4:2b:7e:43:b7:fc:e4:d0:3d:
fb:59:58:9d:52:87:b2:1d:5a:e2:6b:2f:51:21:fc:
29:c1:9b:84:e1:1f:95:89:73:6e:09:0f:de:cb:c4:
ad:a2:55:f8:cb:95:2b:97:d9:70:85:1b:1a:d2:38:
0e:80:17:98:df:46:82:7b:cf:8a:33:b1:54:00:fc:
25:1d:da:be:c5:e1:b8:9a:16:1c:06:9c:a7:99:44:
81:3e:34:56:d0:ac:65:35:1e:dd:e9:47:f0:34:34:
17:7f:96:16:55:c5:79:63:7f:ea:62:5c:2d:15:1b:
90:35:e0:44:fd:74:14:a0:7d:f9:b0:bb:b7:ba:57:
fe:95:90:b5:99:12:7c:ca:62:8f:0c:8a:c3:de:3e:
ac:ee:56:7c:a5:56:e7:c3:04:57:7b:c5:f1:3b:51:
bd:46:18:68:15:8d:63:c9:71:71:67:48:45:80:09:
95:59:8a:10:f7:ff:89:65:0b:22:d1:b1:c3:d0:e8:
73:bc:90:de:67:83:28:e4:55:00:1e:21:f2:e5:51:
8b:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:07:1F:0D:AD:88:E0:D5:A0:AD:2A:8B:95:C5:50:6B:10:EE:D7:59
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/RQcfDa2I4NWgrSqLlcVQaxDu11k.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
3f:a3:99:f4:6e:f8:9e:b1:34:42:7e:7b:c2:ce:26:9a:a8:4d:
4e:af:24:04:ee:42:fa:9a:10:e6:50:52:b5:b8:65:8c:ce:9e:
07:9b:77:3b:b6:97:b4:5d:c1:5c:35:55:7e:ff:93:ed:50:78:
b7:31:b9:99:45:f9:45:fd:98:1f:a9:95:3e:ed:a1:6c:dd:72:
b2:a2:0b:45:39:a7:c1:06:75:3c:ae:f5:92:f4:08:b6:78:3d:
e6:17:5b:8a:72:be:32:6e:90:f1:8b:c1:f9:c0:df:a5:32:ea:
be:4c:21:ca:0f:9e:4c:b8:0d:7c:22:84:2d:56:af:26:e2:25:
9f:5d:12:9b:46:4b:77:3e:a8:90:b6:c3:61:0c:3e:d7:61:dd:
c4:fc:14:06:f0:27:cf:72:d6:e3:04:45:35:68:4d:f3:3b:7a:
2d:3e:d6:7d:3a:7c:88:a7:23:74:86:53:4d:3c:ac:0c:a5:c7:
e6:4b:9f:b1:3d:2a:46:5a:0d:1a:93:a3:6b:43:3a:50:73:f6:
eb:9f:6b:b2:39:80:76:a4:09:cc:d0:1b:de:1a:d4:c5:30:88:
26:01:2c:00:7c:1e:32:7b:99:c3:27:94:3a:99:bc:6a:02:99:
f0:c8:cf:f2:a1:48:35:3d:c0:91:83:f2:5c:04:e0:bb:4c:3f:
bf:a1:05:4c
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbrwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjIy
MDQ0MTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDQ1MDcxRjBEQUQ4OEUw
RDVBMEFEMkE4Qjk1QzU1MDZCMTBFRUQ3NTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC1PXG9rY6xwV739DFe6WIn1rbCa0dUO6aNr/T0AH/ZSaa4fPQC
55G3jattbpz2Od+5OaQrfkO3/OTQPftZWJ1Sh7IdWuJrL1Eh/CnBm4ThH5WJc24J
D97LxK2iVfjLlSuX2XCFGxrSOA6AF5jfRoJ7z4ozsVQA/CUd2r7F4biaFhwGnKeZ
RIE+NFbQrGU1Ht3pR/A0NBd/lhZVxXljf+piXC0VG5A14ET9dBSgffmwu7e6V/6V
kLWZEnzKYo8MisPePqzuVnylVufDBFd7xfE7Ub1GGGgVjWPJcXFnSEWACZVZihD3
/4llCyLRscPQ6HO8kN5ngyjkVQAeIfLlUYt1AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQURQcfDa2I4NWgrSqLlcVQaxDu11kwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1JRY2ZEYTJJNE5XZ3JT
cUxsY1ZRYXhEdTExay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA/o5n0
bviesTRCfnvCziaaqE1OryQE7kL6mhDmUFK1uGWMzp4Hm3c7tpe0XcFcNVV+/5Pt
UHi3MbmZRflF/ZgfqZU+7aFs3XKyogtFOafBBnU8rvWS9Ai2eD3mF1uKcr4ybpDx
i8H5wN+lMuq+TCHKD55MuA18IoQtVq8m4iWfXRKbRkt3PqiQtsNhDD7XYd3E/BQG
8CfPctbjBEU1aE3zO3otPtZ9OnyIpyN0hlNNPKwMpcfmS5+xPSpGWg0ak6NrQzpQ
c/brn2uyOYB2pAnM0BveGtTFMIgmASwAfB4ye5nDJ5Q6mbxqApnwyM/yoUg1PcCR
g/JcBOC7TD+/oQVM
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:36:15 2025 by rpki-client