Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/mQPZPzAGQwwDEHkrui-HGzcga0o.roa
File: mQPZPzAGQwwDEHkrui-HGzcga0o.roa (raw, json)
Hash identifier: H8QNm7zIbn6L9O0m0iDTgXtsW/dNASnIeYT3T+DJPEs=
Subject key identifier: 99:03:D9:3F:30:06:43:0C:03:10:79:2B:BA:2F:87:1B:37:20:6B:4A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 70E2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/mQPZPzAGQwwDEHkrui-HGzcga0o.roa
Signing time: Sat 28 Jun 2025 08:14:40 +0000
ROA not before: Sat 28 Jun 2025 08:14:40 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28898 (0x70e2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 28 08:14:40 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=9903D93F3006430C0310792BBA2F871B37206B4A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:cf:84:cd:0f:2b:5d:b9:d0:fa:ef:d5:97:43:
25:52:16:cf:da:da:f7:88:a9:eb:4a:ac:31:ce:47:
d1:5e:c8:34:50:12:02:08:82:6e:b7:21:a4:67:11:
8f:6e:4c:35:14:00:9c:0f:91:62:52:d5:0b:08:17:
47:29:87:b8:d1:64:55:b2:c6:a5:e0:42:58:ba:a5:
ed:12:99:7d:9e:97:b5:71:9d:8d:e3:b5:3b:ac:16:
0f:af:ed:4b:e3:11:4c:13:7a:f4:08:04:24:17:32:
67:0a:53:f0:0d:60:d9:d1:34:1a:8a:2b:c6:3b:0f:
e7:53:0f:ee:39:98:02:ff:13:51:8a:ca:f5:7b:0c:
d7:2b:24:72:d2:79:65:30:16:c7:81:1b:c9:45:42:
8b:1b:c4:ff:d7:7d:c6:c1:d4:84:07:49:9c:de:c1:
9e:2c:cd:93:24:73:d5:9d:87:0d:39:4e:d5:05:db:
b0:ea:51:23:7c:7f:fe:bf:47:17:b1:9b:db:f3:c3:
4e:bf:ed:b2:da:5e:3d:45:ec:c2:00:b1:f0:df:b6:
b0:aa:b9:f8:b5:09:a2:c1:0c:ac:39:9d:85:fe:49:
13:f4:09:66:2c:37:31:98:31:bb:fc:88:94:0b:10:
7a:ed:d3:cc:4c:27:35:a9:9e:df:04:3e:19:3a:71:
75:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:03:D9:3F:30:06:43:0C:03:10:79:2B:BA:2F:87:1B:37:20:6B:4A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/mQPZPzAGQwwDEHkrui-HGzcga0o.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
24:cf:bf:33:3f:99:64:b1:2a:5b:3a:40:9c:44:44:92:19:4a:
76:aa:ee:9c:2d:6a:a6:57:48:3f:b9:58:51:c0:2c:2a:7c:cc:
af:6d:57:d1:94:a5:c8:f6:9b:e5:36:33:d7:63:ec:e1:44:4a:
6d:ba:cf:db:08:28:f6:3b:51:5e:e4:dc:58:a2:10:b8:83:4c:
7e:be:05:c8:99:c8:ae:c2:e9:92:19:24:f3:b3:f5:d8:22:fb:
90:5f:62:f3:81:4e:28:bf:f7:2a:37:0f:7b:ac:0d:12:33:53:
4b:f9:0a:82:dd:c3:9e:7a:34:ae:46:96:11:93:e5:ae:ff:a2:
95:d1:b4:86:59:24:59:ef:c0:eb:38:f8:50:48:78:f0:d8:f1:
03:0c:3b:51:25:4f:62:0f:aa:b8:90:d4:07:1f:31:76:d2:0f:
a1:68:e7:8d:da:5e:e8:51:d4:9f:d4:68:b9:f3:94:98:b8:5e:
d2:eb:81:88:35:f8:5b:a6:fc:30:b5:8a:9e:05:14:25:78:9f:
63:f5:9b:37:80:f4:c0:32:ad:e6:a4:1b:73:f9:4f:a3:b8:5a:
db:91:47:ff:7e:b4:5f:b9:58:db:f6:c4:2c:ba:e6:9f:91:4d:
c0:64:53:d1:e9:80:c7:9f:94:d0:df:eb:fb:17:ec:01:69:29:
fb:42:3c:eb
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcOIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2Mjgw
ODE0NDBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDk5MDNEOTNGMzAwNjQz
MEMwMzEwNzkyQkJBMkY4NzFCMzcyMDZCNEEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCpz4TNDytdudD679WXQyVSFs/a2veIqetKrDHOR9FeyDRQEgII
gm63IaRnEY9uTDUUAJwPkWJS1QsIF0cph7jRZFWyxqXgQli6pe0SmX2el7VxnY3j
tTusFg+v7UvjEUwTevQIBCQXMmcKU/ANYNnRNBqKK8Y7D+dTD+45mAL/E1GKyvV7
DNcrJHLSeWUwFseBG8lFQosbxP/XfcbB1IQHSZzewZ4szZMkc9Wdhw05TtUF27Dq
USN8f/6/Rxexm9vzw06/7bLaXj1F7MIAsfDftrCqufi1CaLBDKw5nYX+SRP0CWYs
NzGYMbv8iJQLEHrt08xMJzWpnt8EPhk6cXV3AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUmQPZPzAGQwwDEHkrui+HGzcga0owHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L21RUFpQekFHUXd3REVI
a3J1aS1IR3pjZ2Ewby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAkz78z
P5lksSpbOkCcRESSGUp2qu6cLWqmV0g/uVhRwCwqfMyvbVfRlKXI9pvlNjPXY+zh
REptus/bCCj2O1Fe5NxYohC4g0x+vgXImciuwumSGSTzs/XYIvuQX2LzgU4ov/cq
Nw97rA0SM1NL+QqC3cOeejSuRpYRk+Wu/6KV0bSGWSRZ78DrOPhQSHjw2PEDDDtR
JU9iD6q4kNQHHzF20g+haOeN2l7oUdSf1Gi585SYuF7S64GINfhbpvwwtYqeBRQl
eJ9j9Zs3gPTAMq3mpBtz+U+juFrbkUf/frRfuVjb9sQsuuafkU3AZFPR6YDHn5TQ
3+v7F+wBaSn7Qjzr
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:45:04 2025 by rpki-client