Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/qpnXzxurLAUYzYfA0y98S-AIU6U.roa
File: qpnXzxurLAUYzYfA0y98S-AIU6U.roa (raw, json)
Hash identifier: ayZXYPmnzp7LzX9nGlNx7SE4m0zk3eLzlYrScdy4Uos=
Subject key identifier: AA:99:D7:CF:1B:AB:2C:05:18:CD:87:C0:D3:2F:7C:4B:E0:08:53:A5
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 761E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qpnXzxurLAUYzYfA0y98S-AIU6U.roa
Signing time: Sat 12 Jul 2025 07:41:45 +0000
ROA not before: Sat 12 Jul 2025 07:41:45 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30238 (0x761e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 12 07:41:45 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=AA99D7CF1BAB2C0518CD87C0D32F7C4BE00853A5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:48:21:a4:a3:28:1c:3c:84:8c:1d:e4:d2:05:
c7:9f:60:76:30:3e:71:90:1a:1d:b8:72:1f:1d:a3:
38:87:e3:45:1d:a6:85:22:53:6b:e5:68:29:35:24:
2e:45:95:c1:d5:20:ab:69:7c:21:e5:47:ee:2d:6a:
b3:5d:0b:0f:eb:13:f9:dd:3b:68:31:26:3c:87:27:
94:94:1d:c6:81:08:58:15:68:5b:c5:cb:f6:11:82:
0b:96:7d:5b:cf:80:78:1e:65:e5:37:cf:6a:82:7b:
e1:1c:66:97:49:56:b5:c4:62:cf:57:3c:86:ed:ce:
b0:24:2b:39:46:23:19:73:7e:96:84:f7:12:44:1a:
72:11:a7:36:13:1f:c2:c2:40:48:08:43:9e:4d:48:
af:17:c2:ea:d9:69:fb:11:82:84:5e:70:a5:bf:65:
9e:91:3c:76:99:3e:07:02:c2:10:bd:8d:40:71:43:
96:58:66:3c:d2:43:cc:d8:ce:7e:17:07:4a:3b:78:
3b:cc:1c:90:28:fa:2e:30:f9:71:c8:3d:65:d4:89:
ab:41:1a:59:22:e1:e1:36:4b:9d:4a:34:6c:33:85:
a2:c0:38:40:fa:00:39:2d:14:aa:d3:ef:37:a2:a5:
71:52:94:d7:6e:6b:df:54:aa:7b:98:70:aa:e5:0b:
64:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:99:D7:CF:1B:AB:2C:05:18:CD:87:C0:D3:2F:7C:4B:E0:08:53:A5
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qpnXzxurLAUYzYfA0y98S-AIU6U.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
32:25:48:61:b0:69:bc:32:c1:b8:f5:00:51:1e:9b:6c:56:b0:
2f:6e:94:09:37:9d:e2:01:fa:47:11:6b:bb:84:27:7b:20:36:
e4:8f:1b:59:66:35:ef:e0:59:02:f4:dc:71:cb:a0:9a:10:c6:
ac:02:22:4c:6c:56:45:b1:c1:60:1d:73:d6:8c:df:0a:59:94:
4f:0a:00:74:39:e3:98:77:ee:5d:2c:d6:f0:ef:34:7d:84:d9:
97:69:5d:b5:2b:e1:97:0e:76:51:1f:70:97:35:cc:39:4a:23:
6d:4f:bb:73:d5:28:22:f9:a8:41:d0:d8:80:9e:64:66:c3:d7:
c4:39:7d:b0:e4:e8:82:db:f6:3c:17:8b:56:e7:1c:7a:d7:93:
46:a9:ac:e7:e7:0b:8e:59:c1:2d:57:9f:c8:2e:81:36:c6:72:
e3:9b:df:3a:de:9e:5a:07:a0:e3:75:5a:d2:c1:b8:64:9a:26:
65:60:6a:c3:6d:7e:34:4b:3e:55:94:83:68:60:73:49:89:81:
6c:08:26:98:21:f4:2a:7c:fe:cd:11:97:d0:f0:f0:19:da:92:
8c:74:80:52:00:8b:b9:0b:fe:53:ac:8f:fb:3b:7c:43:f5:fe:
2d:66:0d:c8:bc:f8:fc:a7:b9:64:70:61:29:80:2e:42:8e:93:
67:d1:2b:9a
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdh4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTIw
NzQxNDVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEFBOTlEN0NGMUJBQjJD
MDUxOENEODdDMEQzMkY3QzRCRTAwODUzQTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJSCGkoygcPISMHeTSBcefYHYwPnGQGh24ch8doziH40UdpoUi
U2vlaCk1JC5FlcHVIKtpfCHlR+4tarNdCw/rE/ndO2gxJjyHJ5SUHcaBCFgVaFvF
y/YRgguWfVvPgHgeZeU3z2qCe+EcZpdJVrXEYs9XPIbtzrAkKzlGIxlzfpaE9xJE
GnIRpzYTH8LCQEgIQ55NSK8XwurZafsRgoRecKW/ZZ6RPHaZPgcCwhC9jUBxQ5ZY
ZjzSQ8zYzn4XB0o7eDvMHJAo+i4w+XHIPWXUiatBGlki4eE2S51KNGwzhaLAOED6
ADktFKrT7zeipXFSlNdua99UqnuYcKrlC2R3AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUqpnXzxurLAUYzYfA0y98S+AIU6UwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3Fwblh6eHVyTEFVWXpZ
ZkEweTk4Uy1BSVU2VS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAyJUhh
sGm8MsG49QBRHptsVrAvbpQJN53iAfpHEWu7hCd7IDbkjxtZZjXv4FkC9Nxxy6Ca
EMasAiJMbFZFscFgHXPWjN8KWZRPCgB0OeOYd+5dLNbw7zR9hNmXaV21K+GXDnZR
H3CXNcw5SiNtT7tz1Sgi+ahB0NiAnmRmw9fEOX2w5OiC2/Y8F4tW5xx615NGqazn
5wuOWcEtV5/ILoE2xnLjm9863p5aB6DjdVrSwbhkmiZlYGrDbX40Sz5VlINoYHNJ
iYFsCCaYIfQqfP7NEZfQ8PAZ2pKMdIBSAIu5C/5TrI/7O3xD9f4tZg3IvPj8p7lk
cGEpgC5CjpNn0Sua
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:44:51 2025 by rpki-client