Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Xqfv2Nrdk7b-UnxdHnJ81JX7Quc.roa
File: Xqfv2Nrdk7b-UnxdHnJ81JX7Quc.roa (raw, json)
Hash identifier: 5zJJOttcExvoNuruL8y5E642sN2VoXPlcRE3v6s9W2U=
Subject key identifier: 5E:A7:EF:D8:DA:DD:93:B6:FE:52:7C:5D:1E:72:7C:D4:95:FB:42:E7
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 681E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Xqfv2Nrdk7b-UnxdHnJ81JX7Quc.roa
Signing time: Wed 04 Jun 2025 17:41:47 +0000
ROA not before: Wed 04 Jun 2025 17:41:47 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26654 (0x681e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 4 17:41:47 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=5EA7EFD8DADD93B6FE527C5D1E727CD495FB42E7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:b4:f5:55:4c:7f:bd:27:20:f4:f1:69:a6:f7:
b5:22:11:9a:e2:4a:29:e2:49:86:c6:6d:73:1b:34:
4a:21:46:35:a5:de:56:35:ad:87:db:52:03:7d:02:
38:16:14:66:1c:01:ca:4c:80:03:04:6d:79:18:89:
8b:56:f5:fc:56:28:99:ec:18:a4:fa:5e:77:03:ae:
c0:0a:7d:01:31:0b:f0:92:79:d5:6a:86:5e:85:d1:
96:8a:ab:6d:22:86:32:88:70:b5:0b:60:33:d3:46:
03:d8:b7:6e:a4:b9:e9:47:06:a8:e9:39:22:ea:35:
0b:7a:30:2b:2b:f5:15:2e:f7:91:58:30:f1:c1:b8:
f9:66:83:36:24:49:f5:a6:b0:f4:3b:85:ef:bf:13:
e6:11:8e:86:24:71:5a:92:6f:a9:1e:79:0c:53:89:
32:91:e0:5f:d0:6a:9f:7e:79:0e:64:87:55:e7:87:
24:4d:81:7c:45:5c:6a:49:18:06:1f:24:73:a3:0f:
ea:81:c5:f1:b9:39:3a:9e:aa:c4:b1:3f:ec:91:5b:
6d:cb:e1:a9:40:77:a6:bc:1d:c5:aa:dd:81:c2:2e:
5e:3f:6b:59:2c:16:e8:e5:a2:95:ba:64:72:0b:c9:
ed:9b:0e:42:2b:15:4a:cd:fe:e9:4d:95:94:43:6d:
3e:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:A7:EF:D8:DA:DD:93:B6:FE:52:7C:5D:1E:72:7C:D4:95:FB:42:E7
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Xqfv2Nrdk7b-UnxdHnJ81JX7Quc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
3c:12:64:e9:d9:9e:fa:71:c1:5f:37:09:5c:6f:77:4e:25:ad:
2a:b6:f5:08:38:cc:fe:d8:92:70:5e:46:8a:01:74:87:06:b4:
2b:16:46:28:83:cf:49:fc:7e:ae:36:0b:9a:13:06:97:08:82:
45:80:75:83:4d:2d:e1:6f:2c:85:a5:f9:27:9a:cf:02:60:18:
ee:c3:c6:e2:5b:15:4b:df:c3:f8:b8:c6:e8:c1:9a:31:dd:41:
c0:cc:07:e3:c9:18:af:df:31:52:f6:13:04:d4:d3:13:3d:57:
13:dc:32:a0:da:9f:3c:2f:15:f6:bb:f7:0f:d5:d2:e0:b0:95:
69:a0:d0:a4:80:c8:29:b0:20:4c:04:eb:e0:e6:3e:ef:35:3d:
7a:c6:66:c4:b3:81:51:e9:e7:ea:90:e1:05:3f:86:90:c6:7b:
15:54:68:1b:9e:c7:49:51:e2:09:8e:fc:6e:0e:aa:ad:f6:51:
a9:1a:23:39:ea:08:cf:cf:8c:6b:37:6a:7f:fc:c6:7a:9e:cc:
2b:0f:15:1b:08:64:50:05:76:5a:2a:6a:90:75:00:3a:40:de:
31:1f:e5:29:5e:b2:50:cd:83:5c:e9:5d:08:1a:0f:d4:80:c1:
f3:69:e4:34:f9:2a:1d:c0:75:71:c4:da:78:ff:2c:a1:5b:6e:
1d:4b:a4:59
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICaB4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDQx
NzQxNDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDVFQTdFRkQ4REFERDkz
QjZGRTUyN0M1RDFFNzI3Q0Q0OTVGQjQyRTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC5tPVVTH+9JyD08Wmm97UiEZriSiniSYbGbXMbNEohRjWl3lY1
rYfbUgN9AjgWFGYcAcpMgAMEbXkYiYtW9fxWKJnsGKT6XncDrsAKfQExC/CSedVq
hl6F0ZaKq20ihjKIcLULYDPTRgPYt26kuelHBqjpOSLqNQt6MCsr9RUu95FYMPHB
uPlmgzYkSfWmsPQ7he+/E+YRjoYkcVqSb6keeQxTiTKR4F/Qap9+eQ5kh1XnhyRN
gXxFXGpJGAYfJHOjD+qBxfG5OTqeqsSxP+yRW23L4alAd6a8HcWq3YHCLl4/a1ks
FujlopW6ZHILye2bDkIrFUrN/ulNlZRDbT63AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUXqfv2Nrdk7b+UnxdHnJ81JX7QucwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1hxZnYyTnJkazdiLVVu
eGRIbko4MUpYN1F1Yy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA8EmTp
2Z76ccFfNwlcb3dOJa0qtvUIOMz+2JJwXkaKAXSHBrQrFkYog89J/H6uNguaEwaX
CIJFgHWDTS3hbyyFpfknms8CYBjuw8biWxVL38P4uMbowZox3UHAzAfjyRiv3zFS
9hME1NMTPVcT3DKg2p88LxX2u/cP1dLgsJVpoNCkgMgpsCBMBOvg5j7vNT16xmbE
s4FR6efqkOEFP4aQxnsVVGgbnsdJUeIJjvxuDqqt9lGpGiM56gjPz4xrN2p//MZ6
nswrDxUbCGRQBXZaKmqQdQA6QN4xH+UpXrJQzYNc6V0IGg/UgMHzaeQ0+SodwHVx
xNp4/yyhW24dS6RZ
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:41:17 2025 by rpki-client