Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/qkzW0jpWzk_ok_rYHvCGlHjY5RM.roa
File: qkzW0jpWzk_ok_rYHvCGlHjY5RM.roa (raw, json)
Hash identifier: x6nwAl5DpgYRJ7P5qP/PMA17mE9pJCtX3LQWTrjf4ko=
Subject key identifier: AA:4C:D6:D2:3A:56:CE:4F:E8:93:FA:D8:1E:F0:86:94:78:D8:E5:13
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6D28
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qkzW0jpWzk_ok_rYHvCGlHjY5RM.roa
Signing time: Wed 18 Jun 2025 04:12:28 +0000
ROA not before: Wed 18 Jun 2025 04:12:28 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27944 (0x6d28)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 18 04:12:28 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=AA4CD6D23A56CE4FE893FAD81EF0869478D8E513
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:81:87:7a:b6:66:04:b8:ef:6b:dc:47:e1:39:
9a:8e:e9:a8:53:86:93:6a:45:3b:2e:8f:8e:7b:16:
8b:e8:68:1e:e8:c1:57:d8:c6:63:f0:12:cc:62:c6:
1d:13:47:da:0a:bc:d4:24:ea:4a:42:a7:0c:22:1f:
34:df:14:64:9e:42:86:6a:66:ad:f5:86:a2:15:1e:
0a:b8:bb:d1:f3:c6:63:3d:e3:07:47:92:b3:3f:3f:
95:84:70:e9:d8:a2:77:95:b3:25:6f:e2:8c:ab:40:
e9:05:ac:5e:d9:b3:31:d4:f6:c3:2c:20:12:4d:a8:
40:56:34:e3:1a:69:e3:35:9d:18:31:21:73:c2:9a:
aa:5f:aa:43:2a:fb:9b:79:84:77:1f:21:9b:d7:4b:
2a:c2:2a:46:bf:8c:60:1f:05:0c:44:81:4f:88:f2:
7e:62:5a:1e:15:75:01:ed:48:a5:6a:97:f2:b9:f8:
93:15:e0:b5:4f:cc:0b:77:1d:f4:f5:db:9e:33:04:
37:a7:15:a6:83:86:ac:21:8f:7e:2d:b5:40:2b:0e:
86:93:27:96:a5:53:65:e6:c8:a5:ef:a0:e4:e2:99:
9f:7c:90:6d:66:38:aa:08:8f:4e:d7:3b:00:e7:52:
5f:77:0a:38:40:c8:de:ae:36:6c:9d:b6:88:0b:67:
5c:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:4C:D6:D2:3A:56:CE:4F:E8:93:FA:D8:1E:F0:86:94:78:D8:E5:13
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qkzW0jpWzk_ok_rYHvCGlHjY5RM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
72:aa:8c:2d:a3:76:01:7e:96:a3:90:2c:bd:70:ab:21:f1:17:
35:46:37:4e:b3:50:d4:29:4e:4d:0e:21:c5:69:93:9a:67:be:
13:60:19:5f:f7:2a:a4:38:79:b3:7a:dd:40:40:e4:93:30:e8:
87:d9:40:f6:9d:02:34:df:7a:27:be:5a:77:5b:55:f2:cc:48:
44:55:0a:76:e5:5e:ed:46:c1:59:4f:e6:02:43:09:4c:f1:6c:
c3:a7:89:e1:ce:47:97:7a:93:7f:44:a6:35:b9:56:9c:7f:2a:
10:ad:b1:c7:63:e0:af:df:e4:b8:d8:75:1e:d9:4d:41:06:8d:
66:9e:4f:c1:90:3a:e7:a2:fc:a8:23:8f:c5:56:b3:05:97:80:
e4:d1:89:c0:fc:15:d7:fd:46:99:4a:4a:77:e3:a9:61:30:2e:
ee:da:2c:ba:45:26:3e:a7:02:02:a1:9b:88:9e:d7:2d:77:34:
34:6f:dd:bf:9b:b4:bc:0b:18:42:1f:e7:eb:1c:0a:98:df:df:
f6:be:30:59:65:fd:35:c1:4c:bc:6c:17:aa:8f:6d:17:75:d8:
bd:18:30:e7:b7:97:37:9d:a2:20:49:79:ca:a4:02:e9:f2:0d:
6f:d6:8c:60:6a:e4:03:70:ed:ab:a0:4f:cb:de:b3:79:07:73:
2e:bf:7b:f7
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbSgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTgw
NDEyMjhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEFBNENENkQyM0E1NkNF
NEZFODkzRkFEODFFRjA4Njk0NzhEOEU1MTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDIgYd6tmYEuO9r3EfhOZqO6ahThpNqRTsuj457FovoaB7owVfY
xmPwEsxixh0TR9oKvNQk6kpCpwwiHzTfFGSeQoZqZq31hqIVHgq4u9HzxmM94wdH
krM/P5WEcOnYoneVsyVv4oyrQOkFrF7ZszHU9sMsIBJNqEBWNOMaaeM1nRgxIXPC
mqpfqkMq+5t5hHcfIZvXSyrCKka/jGAfBQxEgU+I8n5iWh4VdQHtSKVql/K5+JMV
4LVPzAt3HfT1254zBDenFaaDhqwhj34ttUArDoaTJ5alU2XmyKXvoOTimZ98kG1m
OKoIj07XOwDnUl93CjhAyN6uNmydtogLZ1xxAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUqkzW0jpWzk/ok/rYHvCGlHjY5RMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3FrelcwanBXemtfb2tf
cllIdkNHbEhqWTVSTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQByqowt
o3YBfpajkCy9cKsh8Rc1RjdOs1DUKU5NDiHFaZOaZ74TYBlf9yqkOHmzet1AQOST
MOiH2UD2nQI033onvlp3W1XyzEhEVQp25V7tRsFZT+YCQwlM8WzDp4nhzkeXepN/
RKY1uVacfyoQrbHHY+Cv3+S42HUe2U1BBo1mnk/BkDrnovyoI4/FVrMFl4Dk0YnA
/BXX/UaZSkp346lhMC7u2iy6RSY+pwICoZuIntctdzQ0b92/m7S8CxhCH+frHAqY
39/2vjBZZf01wUy8bBeqj20Xddi9GDDnt5c3naIgSXnKpALp8g1v1oxgauQDcO2r
oE/L3rN5B3Muv3v3
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:55:42 2025 by rpki-client