Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Q0-K_E8xV8XDPwrygQSKckPKmHU.roa
File: Q0-K_E8xV8XDPwrygQSKckPKmHU.roa (raw, json)
Hash identifier: 47NLhNiqTbePwxrJXsoXfAxaIoiX7M4pke5UpIpy1YY=
Subject key identifier: 43:4F:8A:FC:4F:31:57:C5:C3:3F:0A:F2:81:04:8A:72:43:CA:98:75
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 60C0
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Q0-K_E8xV8XDPwrygQSKckPKmHU.roa
Signing time: Fri 16 May 2025 02:10:30 +0000
ROA not before: Fri 16 May 2025 02:10:30 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24768 (0x60c0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 16 02:10:30 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=434F8AFC4F3157C5C33F0AF281048A7243CA9875
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:67:4f:54:17:1b:3a:38:85:04:24:d9:5e:6d:
24:e7:8c:ab:bd:48:15:61:2f:24:f6:56:41:4a:28:
62:4f:78:f3:fb:63:83:09:6d:f2:86:29:7c:bc:1c:
7e:6c:78:8d:47:74:77:bb:ee:ca:40:94:30:c4:eb:
70:b8:16:2d:dc:f1:0e:da:d0:fd:19:61:16:c8:24:
a4:b0:78:cb:ff:ec:f3:89:70:a9:c9:45:9d:60:68:
52:e2:da:4c:61:fd:7a:d2:20:60:05:82:34:7d:79:
88:06:d8:b7:89:b9:a9:2a:70:14:8f:0b:2e:50:f5:
71:6d:4b:88:6c:0f:d6:8e:14:92:93:d4:fe:19:81:
92:66:b1:85:e4:e1:a2:31:47:09:d6:dc:f9:e4:e2:
3a:bf:6e:1f:1c:30:9f:5b:9c:ee:e7:e9:5a:b1:cb:
18:da:50:8f:8b:5d:e4:94:8a:cb:3e:03:2d:40:18:
f8:e3:38:c8:d2:15:3d:63:28:05:be:37:39:a9:d9:
86:4e:6f:5c:13:d1:07:47:1b:8c:75:f1:02:62:aa:
da:83:9e:90:ca:d8:0a:4a:a6:0c:d9:83:1a:85:8c:
42:28:5e:9b:48:8b:1e:5a:ab:08:09:71:9b:2e:7a:
c7:a6:fa:7c:fa:4e:22:93:28:04:ad:aa:f0:7e:1a:
de:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:4F:8A:FC:4F:31:57:C5:C3:3F:0A:F2:81:04:8A:72:43:CA:98:75
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Q0-K_E8xV8XDPwrygQSKckPKmHU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
8f:16:6f:c6:87:c3:b1:da:bf:2f:3d:96:da:d4:ac:5e:ed:50:
bf:e2:d5:8f:fd:a8:3d:21:83:14:de:05:20:56:76:fa:47:5e:
75:58:02:ce:5a:9c:e3:ca:78:8a:10:e3:56:80:52:ca:eb:4e:
ef:b7:21:de:b5:6b:a5:56:17:06:83:d1:b2:87:dd:7f:1e:46:
bc:ac:73:14:89:e4:2c:cf:64:cd:f9:f7:d7:ff:c2:05:26:a2:
ed:6a:6e:b8:9d:80:b2:b6:5e:aa:af:d9:c1:a3:31:0c:1c:81:
6e:b7:5b:d3:12:53:eb:5f:db:a2:40:4b:61:50:ad:80:65:4a:
e7:be:a5:92:cc:42:e0:57:e3:39:3a:6f:0e:8f:4e:cc:26:14:
e8:5d:2c:e6:2f:1c:80:f3:a7:b2:d3:3d:59:95:5a:89:69:d7:
19:b2:ab:20:1d:15:64:7d:b7:bc:c6:f5:22:c3:32:60:eb:b8:
8d:c2:bc:01:92:4c:56:ba:f0:43:3a:40:3f:73:b5:8b:8c:ca:
eb:e9:38:0c:1c:c7:00:4d:71:bc:17:12:39:67:97:65:82:cb:
57:01:79:fd:fb:4c:c6:44:21:c7:b9:c5:53:3b:7c:5e:4c:1c:
c8:3b:68:19:fa:d1:ca:a0:77:dc:ea:86:69:5f:79:19:86:6b:
38:3d:b4:a2
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYMAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTYw
MjEwMzBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDQzNEY4QUZDNEYzMTU3
QzVDMzNGMEFGMjgxMDQ4QTcyNDNDQTk4NzUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCnZ09UFxs6OIUEJNlebSTnjKu9SBVhLyT2VkFKKGJPePP7Y4MJ
bfKGKXy8HH5seI1HdHe77spAlDDE63C4Fi3c8Q7a0P0ZYRbIJKSweMv/7POJcKnJ
RZ1gaFLi2kxh/XrSIGAFgjR9eYgG2LeJuakqcBSPCy5Q9XFtS4hsD9aOFJKT1P4Z
gZJmsYXk4aIxRwnW3Pnk4jq/bh8cMJ9bnO7n6VqxyxjaUI+LXeSUiss+Ay1AGPjj
OMjSFT1jKAW+Nzmp2YZOb1wT0QdHG4x18QJiqtqDnpDK2ApKpgzZgxqFjEIoXptI
ix5aqwgJcZsuesem+nz6TiKTKAStqvB+Gt6fAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUQ0+K/E8xV8XDPwrygQSKckPKmHUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1EwLUtfRTh4VjhYRFB3
cnlnUVNLY2tQS21IVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCPFm/G
h8Ox2r8vPZba1Kxe7VC/4tWP/ag9IYMU3gUgVnb6R151WALOWpzjyniKEONWgFLK
607vtyHetWulVhcGg9Gyh91/Hka8rHMUieQsz2TN+ffX/8IFJqLtam64nYCytl6q
r9nBozEMHIFut1vTElPrX9uiQEthUK2AZUrnvqWSzELgV+M5Om8Oj07MJhToXSzm
LxyA86ey0z1ZlVqJadcZsqsgHRVkfbe8xvUiwzJg67iNwrwBkkxWuvBDOkA/c7WL
jMrr6TgMHMcATXG8FxI5Z5dlgstXAXn9+0zGRCHHucVTO3xeTBzIO2gZ+tHKoHfc
6oZpX3kZhms4PbSi
-----END CERTIFICATE-----
Generated at Sat May 17 21:55:44 2025 by rpki-client