Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/rMQceaPJATK9BffTX9H_gJtvzu0.roa
File: rMQceaPJATK9BffTX9H_gJtvzu0.roa (raw, json)
Hash identifier: 7gKxqfGkF4FOM4/RpY4tQRc9qfRSWSQ2bFfn8AvVJ+M=
Subject key identifier: AC:C4:1C:79:A3:C9:01:32:BD:05:F7:D3:5F:D1:FF:80:9B:6F:CE:ED
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 71B4
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rMQceaPJATK9BffTX9H_gJtvzu0.roa
Signing time: Mon 30 Jun 2025 12:44:52 +0000
ROA not before: Mon 30 Jun 2025 12:44:52 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29108 (0x71b4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 30 12:44:52 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=ACC41C79A3C90132BD05F7D35FD1FF809B6FCEED
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:06:7c:cd:4b:56:45:07:f7:fe:79:7a:f2:70:
a6:27:7b:1c:57:42:03:95:30:dc:88:03:da:0a:bb:
0f:03:74:91:98:b5:63:54:d9:a0:43:31:88:84:9e:
50:6b:f2:d6:91:4e:77:ac:cc:ca:f9:e3:d0:3e:97:
0a:b3:88:19:d8:6d:bc:d4:0b:60:18:40:0c:2a:d3:
b1:78:8c:3b:59:40:b7:53:22:60:84:42:77:8d:92:
8d:15:df:c6:e4:09:78:ac:e6:25:85:85:dc:02:b9:
e6:58:36:8e:2e:99:ce:77:ab:a4:bb:94:7f:03:e8:
d7:f5:fd:cc:cc:b6:2f:36:67:73:17:60:7a:72:af:
ac:3d:a3:28:c8:57:55:8f:4e:10:a6:c9:d6:eb:ee:
31:d0:4d:67:f9:8a:c7:b7:c1:6b:c4:4f:0d:a9:99:
a9:7d:79:40:03:96:e5:70:00:50:14:9e:38:19:a4:
35:84:78:f6:82:ed:a1:01:cf:41:42:41:57:e8:63:
33:38:81:a6:f6:08:68:45:3b:b8:a4:dc:79:7d:a1:
90:44:df:3c:28:f1:20:9e:98:e3:15:df:12:98:b8:
bc:57:0f:4e:00:d4:21:96:40:2d:f5:39:a2:ba:0e:
8d:23:91:15:a6:b7:d9:ec:0f:f7:34:96:66:7d:1e:
0b:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:C4:1C:79:A3:C9:01:32:BD:05:F7:D3:5F:D1:FF:80:9B:6F:CE:ED
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rMQceaPJATK9BffTX9H_gJtvzu0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
9d:72:c3:6a:6f:45:26:26:9d:74:5e:f7:ec:a9:71:d6:e9:1f:
a2:17:e3:fd:85:d7:4f:fe:06:87:87:8d:ca:c0:7e:00:4c:4b:
65:77:12:2b:04:8c:05:2c:3a:1f:61:78:82:c0:e4:e0:41:63:
43:89:00:48:2c:15:3b:c5:fa:22:4a:bd:87:4f:e3:6b:c5:21:
0a:1a:b8:14:e0:fb:84:3d:af:1f:3f:a4:4d:37:92:c4:46:f6:
14:a8:c0:84:ad:73:e6:ce:95:d0:cc:40:49:6e:9e:d4:e0:83:
33:ac:74:8a:75:7b:ff:8d:17:d2:dc:8d:99:88:86:c2:a3:e5:
fa:db:8f:cc:9c:67:72:9d:48:5e:4e:29:19:1d:9f:fb:85:24:
a0:1f:08:36:6b:af:df:18:be:55:a9:82:bb:fe:e6:74:0d:3d:
49:f0:f8:bb:2c:18:20:64:bd:19:98:1d:a3:53:f4:10:5e:16:
8e:ce:e6:3c:3e:60:7f:d8:cc:d9:5b:12:9e:a6:6f:12:07:80:
42:31:40:93:c4:c9:18:d9:d6:7b:57:e1:b4:57:17:40:84:67:
6d:19:02:67:2d:0f:b8:4c:c4:44:63:39:57:d3:ca:ec:d5:54:
86:44:40:d9:93:93:68:24:e6:4d:4a:3d:f5:60:d7:af:b9:76:
af:0d:6f:11
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcbQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MzAx
MjQ0NTJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEFDQzQxQzc5QTNDOTAx
MzJCRDA1RjdEMzVGRDFGRjgwOUI2RkNFRUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDBnzNS1ZFB/f+eXrycKYnexxXQgOVMNyIA9oKuw8DdJGYtWNU
2aBDMYiEnlBr8taRTneszMr549A+lwqziBnYbbzUC2AYQAwq07F4jDtZQLdTImCE
QneNko0V38bkCXis5iWFhdwCueZYNo4umc53q6S7lH8D6Nf1/czMti82Z3MXYHpy
r6w9oyjIV1WPThCmydbr7jHQTWf5ise3wWvETw2pmal9eUADluVwAFAUnjgZpDWE
ePaC7aEBz0FCQVfoYzM4gab2CGhFO7ik3Hl9oZBE3zwo8SCemOMV3xKYuLxXD04A
1CGWQC31OaK6Do0jkRWmt9nsD/c0lmZ9Hgu/AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUrMQceaPJATK9BffTX9H/gJtvzu0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3JNUWNlYVBKQVRLOUJm
ZlRYOUhfZ0p0dnp1MC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCdcsNq
b0UmJp10XvfsqXHW6R+iF+P9hddP/gaHh43KwH4ATEtldxIrBIwFLDofYXiCwOTg
QWNDiQBILBU7xfoiSr2HT+NrxSEKGrgU4PuEPa8fP6RNN5LERvYUqMCErXPmzpXQ
zEBJbp7U4IMzrHSKdXv/jRfS3I2ZiIbCo+X624/MnGdynUheTikZHZ/7hSSgHwg2
a6/fGL5VqYK7/uZ0DT1J8Pi7LBggZL0ZmB2jU/QQXhaOzuY8PmB/2MzZWxKepm8S
B4BCMUCTxMkY2dZ7V+G0VxdAhGdtGQJnLQ+4TMREYzlX08rs1VSGREDZk5NoJOZN
Sj31YNevuXavDW8R
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:37:01 2025 by rpki-client