Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/rQojo4dX7VeMJOXGUea2sE7pCsM.roa
File: rQojo4dX7VeMJOXGUea2sE7pCsM.roa (raw, json)
Hash identifier: DHLbEKt0CVQi3g7NCVxEhJOU02Oi1t3vXhP3FngkmPI=
Subject key identifier: AD:0A:23:A3:87:57:ED:57:8C:24:E5:C6:51:E6:B6:B0:4E:E9:0A:C3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7140
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rQojo4dX7VeMJOXGUea2sE7pCsM.roa
Signing time: Sun 29 Jun 2025 07:44:38 +0000
ROA not before: Sun 29 Jun 2025 07:44:38 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28992 (0x7140)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 29 07:44:38 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=AD0A23A38757ED578C24E5C651E6B6B04EE90AC3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:3c:90:82:67:66:1c:c4:23:f8:cf:15:36:36:
05:ea:aa:9a:ce:78:50:3e:05:4f:11:6c:01:69:18:
aa:58:75:fe:ca:2e:3c:a7:8c:16:d2:cf:98:32:e4:
8d:8a:c7:61:39:c0:81:74:58:63:77:28:e5:f7:3e:
8b:e1:b7:aa:bb:89:0d:89:b9:54:fd:53:95:96:e5:
c9:fc:e2:ad:bb:15:22:cf:2a:f4:95:1b:b4:e0:79:
c0:c2:c5:79:29:d1:f3:89:72:89:04:4d:28:9a:b2:
87:bb:42:02:40:35:a0:71:c1:20:81:cb:8e:ba:11:
8d:cc:30:1e:5a:24:eb:0d:ab:4f:7f:67:78:4a:d8:
70:1d:f6:2d:23:20:28:43:da:d7:8d:1b:06:f0:a0:
59:36:e7:21:bb:12:c8:01:20:6b:c3:de:ca:47:22:
64:bd:ba:90:18:fa:e1:26:fe:59:6d:12:7a:84:ea:
d5:eb:58:aa:0b:cb:e6:95:d3:9f:64:37:52:19:00:
a8:a8:23:6f:38:9e:b3:71:c2:91:38:63:95:7c:c4:
85:81:1e:d4:53:db:12:ff:2d:f9:67:ea:03:e8:2e:
ab:62:c1:b1:a6:37:81:6f:20:5b:d7:f5:39:54:f6:
56:b9:f8:f6:88:29:29:69:79:72:e5:49:6d:3b:72:
1a:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:0A:23:A3:87:57:ED:57:8C:24:E5:C6:51:E6:B6:B0:4E:E9:0A:C3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rQojo4dX7VeMJOXGUea2sE7pCsM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
11:92:a2:fe:25:bb:6e:5f:2f:96:b1:5a:3c:e0:7f:18:46:83:
7b:c2:81:60:cd:f3:7a:6d:12:e4:6e:af:d0:dd:6c:3d:1f:5a:
c6:96:7b:c6:c3:4b:94:d8:5c:77:45:04:ff:49:81:1f:7a:27:
b1:ed:1b:16:a4:53:2b:be:e3:bc:98:ef:6e:e8:0b:63:af:6d:
52:03:d0:12:bf:bd:c0:57:c9:2d:06:ec:0b:fc:ac:b1:c4:e3:
cc:b8:5e:80:43:ea:ee:e5:a4:1e:eb:7c:0e:87:c6:1f:67:82:
a8:94:52:47:fc:a6:ef:1a:5d:97:ac:b6:57:ab:9e:98:77:63:
c9:04:3e:c4:6d:cb:fb:d7:b7:80:fe:d1:6e:37:59:5a:66:ad:
d2:30:b9:4e:fc:a6:6e:3a:61:ad:9a:97:f3:1e:2d:ee:92:0e:
6e:a8:74:db:53:18:99:cd:c2:70:46:e5:58:e9:b6:39:ee:52:
ed:29:11:91:09:dd:f9:ad:75:5b:09:a9:09:a9:a7:f8:09:1d:
4d:c3:7c:3b:9f:b0:cf:57:04:07:47:02:6d:d7:b8:95:b8:40:
a4:7a:3b:11:38:b2:6e:a1:82:7b:b6:91:e7:63:c1:4c:fe:35:
bc:c4:eb:37:05:84:37:84:c1:1a:f2:83:5b:91:4e:14:12:48:
c7:cf:c7:23
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcUAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2Mjkw
NzQ0MzhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEFEMEEyM0EzODc1N0VE
NTc4QzI0RTVDNjUxRTZCNkIwNEVFOTBBQzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCwPJCCZ2YcxCP4zxU2NgXqqprOeFA+BU8RbAFpGKpYdf7KLjyn
jBbSz5gy5I2Kx2E5wIF0WGN3KOX3Povht6q7iQ2JuVT9U5WW5cn84q27FSLPKvSV
G7TgecDCxXkp0fOJcokETSiasoe7QgJANaBxwSCBy466EY3MMB5aJOsNq09/Z3hK
2HAd9i0jIChD2teNGwbwoFk25yG7EsgBIGvD3spHImS9upAY+uEm/lltEnqE6tXr
WKoLy+aV059kN1IZAKioI284nrNxwpE4Y5V8xIWBHtRT2xL/Lfln6gPoLqtiwbGm
N4FvIFvX9TlU9la5+PaIKSlpeXLlSW07chp5AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUrQojo4dX7VeMJOXGUea2sE7pCsMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3JRb2pvNGRYN1ZlTUpP
WEdVZWEyc0U3cENzTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQARkqL+
JbtuXy+WsVo84H8YRoN7woFgzfN6bRLkbq/Q3Ww9H1rGlnvGw0uU2Fx3RQT/SYEf
eiex7RsWpFMrvuO8mO9u6Atjr21SA9ASv73AV8ktBuwL/KyxxOPMuF6AQ+ru5aQe
63wOh8YfZ4KolFJH/KbvGl2XrLZXq56Yd2PJBD7Ebcv717eA/tFuN1laZq3SMLlO
/KZuOmGtmpfzHi3ukg5uqHTbUxiZzcJwRuVY6bY57lLtKRGRCd35rXVbCakJqaf4
CR1Nw3w7n7DPVwQHRwJt17iVuECkejsROLJuoYJ7tpHnY8FM/jW8xOs3BYQ3hMEa
8oNbkU4UEkjHz8cj
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:32:55 2025 by rpki-client