Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/qdhyKfcL95XTt5T-o2w-W6t8iSY.roa
File: qdhyKfcL95XTt5T-o2w-W6t8iSY.roa (raw, json)
Hash identifier: hh2DSObGG6AgBTGkGv94EH+EA/FQa9tCBolwkhrHy3Q=
Subject key identifier: A9:D8:72:29:F7:0B:F7:95:D3:B7:94:FE:A3:6C:3E:5B:AB:7C:89:26
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6696
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qdhyKfcL95XTt5T-o2w-W6t8iSY.roa
Signing time: Sat 31 May 2025 15:41:33 +0000
ROA not before: Sat 31 May 2025 15:41:33 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26262 (0x6696)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 31 15:41:33 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=A9D87229F70BF795D3B794FEA36C3E5BAB7C8926
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:4c:b2:ea:a3:64:4f:72:59:07:f8:fa:3b:a9:
ec:d0:18:38:cf:58:59:67:8e:58:7b:cc:65:58:90:
15:5c:7e:69:cb:ea:e0:a0:c3:76:75:34:34:5e:bd:
6f:02:d3:7d:03:04:59:43:07:45:d1:ca:1a:e9:af:
56:83:3a:25:5c:57:63:c0:ac:04:66:4f:f1:40:69:
3b:b9:76:21:2a:e9:bf:93:22:38:5f:f5:b3:d0:44:
f5:3b:10:a6:35:e4:3a:82:a6:27:24:9e:f0:51:00:
16:19:74:5e:5d:fe:0b:6d:00:4c:b7:b8:68:bb:a7:
c2:e2:54:3d:72:e4:86:39:36:7d:d4:52:d7:a0:d2:
cd:60:c0:62:93:b8:60:f8:d7:dd:bb:39:9a:75:d5:
5c:de:1e:20:f8:ff:cb:ed:30:c0:a8:4f:cf:f3:4f:
bb:4a:32:2e:24:5f:6d:ec:1f:f6:9f:0d:1f:68:6f:
67:d9:60:bb:49:2f:92:09:eb:8a:e3:b8:a9:4e:34:
45:7a:94:1d:dc:e4:b6:d8:6e:ce:d9:16:c7:29:5e:
5f:9a:91:87:12:c3:45:3b:ad:c9:86:5b:01:e9:43:
a7:a2:43:31:bd:af:15:88:94:98:f0:b7:c7:25:08:
c1:41:13:9e:12:2f:7f:50:2e:f7:6f:62:da:20:d6:
7b:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:D8:72:29:F7:0B:F7:95:D3:B7:94:FE:A3:6C:3E:5B:AB:7C:89:26
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qdhyKfcL95XTt5T-o2w-W6t8iSY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
24:2d:87:28:60:06:c0:ef:16:a1:21:fd:cf:28:d4:00:3d:1f:
0e:c5:26:c4:0a:8d:b5:a5:12:1c:e6:d3:f0:77:5d:ef:60:50:
8c:f1:2a:89:16:5e:fe:30:fc:6b:8e:04:65:c4:7f:42:18:7d:
30:92:c2:4a:e5:07:c5:d2:94:8e:ce:63:a7:28:43:8a:e3:eb:
ed:41:7e:c3:d2:3a:f6:87:99:bd:1e:1e:c7:44:e7:1e:5f:98:
ed:f7:0b:ea:78:db:7c:ba:a9:b5:24:37:a7:03:f6:4a:a7:de:
73:53:07:68:8d:82:b1:99:a5:9a:d7:79:b8:14:49:a4:7c:94:
ca:70:e6:dd:32:51:74:1a:95:df:b2:e2:e6:97:fb:9a:e0:d3:
39:75:05:32:08:21:ce:cc:e6:1c:b3:a2:d0:60:63:d5:73:2f:
06:ab:00:14:b9:e9:d6:4e:c7:47:22:c7:42:cc:c4:00:c0:03:
80:70:7f:05:e3:5d:9f:a4:59:01:08:f6:bb:64:ba:fb:88:99:
db:ec:3f:a0:1e:12:f7:5a:3c:32:fb:c2:0d:da:d2:b4:0f:38:
23:dc:fc:de:6e:9d:45:d7:ee:b4:54:94:0c:c5:39:09:c4:aa:
ca:87:72:d5:c9:7e:b2:e8:26:ca:98:87:d8:55:47:bf:bf:4b:
19:8a:89:8f
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZpYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MzEx
NTQxMzNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEE5RDg3MjI5RjcwQkY3
OTVEM0I3OTRGRUEzNkMzRTVCQUI3Qzg5MjYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJTLLqo2RPclkH+Po7qezQGDjPWFlnjlh7zGVYkBVcfmnL6uCg
w3Z1NDRevW8C030DBFlDB0XRyhrpr1aDOiVcV2PArARmT/FAaTu5diEq6b+TIjhf
9bPQRPU7EKY15DqCpicknvBRABYZdF5d/gttAEy3uGi7p8LiVD1y5IY5Nn3UUteg
0s1gwGKTuGD41927OZp11VzeHiD4/8vtMMCoT8/zT7tKMi4kX23sH/afDR9ob2fZ
YLtJL5IJ64rjuKlONEV6lB3c5LbYbs7ZFscpXl+akYcSw0U7rcmGWwHpQ6eiQzG9
rxWIlJjwt8clCMFBE54SL39QLvdvYtog1nstAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUqdhyKfcL95XTt5T+o2w+W6t8iSYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3FkaHlLZmNMOTVYVHQ1
VC1vMnctVzZ0OGlTWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAkLYco
YAbA7xahIf3PKNQAPR8OxSbECo21pRIc5tPwd13vYFCM8SqJFl7+MPxrjgRlxH9C
GH0wksJK5QfF0pSOzmOnKEOK4+vtQX7D0jr2h5m9Hh7HROceX5jt9wvqeNt8uqm1
JDenA/ZKp95zUwdojYKxmaWa13m4FEmkfJTKcObdMlF0GpXfsuLml/ua4NM5dQUy
CCHOzOYcs6LQYGPVcy8GqwAUuenWTsdHIsdCzMQAwAOAcH8F412fpFkBCPa7ZLr7
iJnb7D+gHhL3Wjwy+8IN2tK0Dzgj3Pzebp1F1+60VJQMxTkJxKrKh3LVyX6y6CbK
mIfYVUe/v0sZiomP
-----END CERTIFICATE-----
Generated at Thu Jun 5 19:13:36 2025 by rpki-client