Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/qTdnLZMFE3R1lrnW2oCNCoce7-A.roa
File: qTdnLZMFE3R1lrnW2oCNCoce7-A.roa (raw, json)
Hash identifier: dCqNQps1xbq+p7p2pPC6LnizvpGWsZUNmP9FReK7qMU=
Subject key identifier: A9:37:67:2D:93:05:13:74:75:96:B9:D6:DA:80:8D:0A:87:1E:EF:E0
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7544
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qTdnLZMFE3R1lrnW2oCNCoce7-A.roa
Signing time: Thu 10 Jul 2025 00:45:08 +0000
ROA not before: Thu 10 Jul 2025 00:45:08 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30020 (0x7544)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 10 00:45:08 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=A937672D930513747596B9D6DA808D0A871EEFE0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:05:cb:23:0c:49:f6:9e:94:77:74:fa:4e:81:
5f:e5:ce:62:19:f6:03:89:94:eb:da:8b:96:e4:e8:
05:b4:17:5c:f6:c2:36:3a:81:de:fc:85:82:31:b7:
8e:9b:4e:53:65:dc:47:86:60:94:d8:57:fa:68:bc:
d2:1a:36:4f:a4:bf:ab:f2:2c:35:92:da:2b:64:52:
d8:8a:0c:c8:92:87:86:40:1d:62:0b:12:ca:90:fc:
ea:8a:ed:6d:52:6d:c7:ba:8d:8b:af:38:bd:95:67:
9a:54:3d:28:d2:7e:94:45:d4:61:c5:2d:5f:36:5d:
39:d7:7b:76:de:6d:39:eb:8c:68:0c:f5:ab:cc:76:
07:1e:9f:34:b3:bf:7d:c7:5b:dd:c0:82:10:27:d2:
c6:1e:4c:d9:05:32:27:1a:80:f2:95:75:df:7e:68:
9f:55:5b:6e:5d:02:ca:fe:96:33:2d:4b:9c:07:54:
0b:7f:f4:d9:6d:c5:62:1f:d0:9b:e2:fe:2b:33:8e:
82:54:80:5d:6c:04:d1:9c:95:2b:48:cc:c5:30:67:
66:cb:cc:cc:b5:33:91:87:2e:0b:a4:17:bb:e2:46:
18:45:ae:da:3c:76:ba:28:2d:60:c6:4c:8d:f1:87:
ea:6f:4d:75:29:20:a2:14:a5:89:61:33:1c:bc:84:
59:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:37:67:2D:93:05:13:74:75:96:B9:D6:DA:80:8D:0A:87:1E:EF:E0
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qTdnLZMFE3R1lrnW2oCNCoce7-A.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
55:0a:03:aa:f3:bd:e5:d0:45:54:d5:8f:48:6a:8c:1a:5d:19:
65:52:18:c9:77:9c:10:79:4f:a8:1f:5d:e8:c9:ff:49:1f:ab:
51:e6:3b:39:1c:2b:6a:a1:ca:3a:9a:f5:59:5a:5a:60:92:8e:
c3:2d:13:87:cb:e4:56:f8:3e:5c:f5:6d:a5:33:f2:be:ae:46:
27:93:4f:de:8c:df:1c:c8:f7:7a:d9:6d:46:c6:ed:86:b8:54:
d9:37:76:7f:5e:d6:40:5a:b3:b5:cc:75:8d:4c:8f:62:4c:0d:
ac:89:16:ae:ea:d6:7f:e8:33:6d:f9:59:11:09:a2:8c:05:9b:
69:9a:c4:82:cf:12:9c:97:70:68:58:c5:60:87:88:1e:55:a9:
5e:ec:8b:f5:d8:33:04:f0:f8:a6:fa:b4:8e:f6:d4:26:1d:60:
af:31:7d:ca:5c:f1:33:d9:39:6a:d9:d6:31:eb:11:bc:37:57:
30:2d:68:57:12:0e:4e:50:26:b6:40:e0:38:46:36:09:ca:5f:
a8:00:04:dd:92:78:a6:1c:85:4a:a3:75:50:c0:42:60:80:91:
d3:4e:eb:2f:bc:15:a9:bf:7f:c7:51:6d:b7:12:65:c8:4a:3f:
48:ef:1f:f7:87:df:70:bf:18:9c:e7:bd:8e:46:ba:35:fd:6f:
61:7a:ef:3e
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdUQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTAw
MDQ1MDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEE5Mzc2NzJEOTMwNTEz
NzQ3NTk2QjlENkRBODA4RDBBODcxRUVGRTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCgBcsjDEn2npR3dPpOgV/lzmIZ9gOJlOvai5bk6AW0F1z2wjY6
gd78hYIxt46bTlNl3EeGYJTYV/povNIaNk+kv6vyLDWS2itkUtiKDMiSh4ZAHWIL
EsqQ/OqK7W1Sbce6jYuvOL2VZ5pUPSjSfpRF1GHFLV82XTnXe3bebTnrjGgM9avM
dgcenzSzv33HW93AghAn0sYeTNkFMicagPKVdd9+aJ9VW25dAsr+ljMtS5wHVAt/
9NltxWIf0Jvi/iszjoJUgF1sBNGclStIzMUwZ2bLzMy1M5GHLgukF7viRhhFrto8
drooLWDGTI3xh+pvTXUpIKIUpYlhMxy8hFnPAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUqTdnLZMFE3R1lrnW2oCNCoce7+AwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3FUZG5MWk1GRTNSMWxy
blcyb0NOQ29jZTctQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBVCgOq
873l0EVU1Y9IaowaXRllUhjJd5wQeU+oH13oyf9JH6tR5js5HCtqoco6mvVZWlpg
ko7DLROHy+RW+D5c9W2lM/K+rkYnk0/ejN8cyPd62W1Gxu2GuFTZN3Z/XtZAWrO1
zHWNTI9iTA2siRau6tZ/6DNt+VkRCaKMBZtpmsSCzxKcl3BoWMVgh4geVale7Iv1
2DME8Pim+rSO9tQmHWCvMX3KXPEz2Tlq2dYx6xG8N1cwLWhXEg5OUCa2QOA4RjYJ
yl+oAATdknimHIVKo3VQwEJggJHTTusvvBWpv3/HUW23EmXISj9I7x/3h99wvxic
572ORro1/W9heu8+
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:37:48 2025 by rpki-client