Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Q9fKJ--jYbEr-VXDmhvd313Bido.roa
File: Q9fKJ--jYbEr-VXDmhvd313Bido.roa (raw, json)
Hash identifier: ecB8SJ0EqM+FZRxKhayDJJgpce3obxcfxDpaWH1T+xA=
Subject key identifier: 43:D7:CA:27:EF:A3:61:B1:2B:F9:55:C3:9A:1B:DD:DF:5D:C1:89:DA
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 60EE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Q9fKJ--jYbEr-VXDmhvd313Bido.roa
Signing time: Fri 16 May 2025 13:40:27 +0000
ROA not before: Fri 16 May 2025 13:40:27 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24814 (0x60ee)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 16 13:40:27 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=43D7CA27EFA361B12BF955C39A1BDDDF5DC189DA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:9f:8d:6c:29:51:67:f8:f2:78:40:61:fa:1f:
49:03:ea:45:62:b8:7e:95:99:18:1e:32:99:a4:8d:
a0:96:4b:ef:46:2e:69:ca:35:30:e4:29:82:4c:50:
bc:f5:f9:c2:64:33:7a:98:19:13:ed:5c:27:b6:fe:
3b:3c:4d:99:15:27:c8:1a:10:79:07:4c:8e:85:97:
66:6d:aa:13:d2:42:b3:87:5a:ce:35:35:3e:53:1c:
91:47:84:65:b3:bb:b9:5b:14:99:06:d2:c6:21:87:
73:a0:7a:ff:59:ea:9f:cc:83:46:a8:db:34:ff:cd:
94:3d:e8:a7:6c:3d:c3:97:93:86:b0:8e:a0:d2:36:
ad:84:98:d5:05:3b:aa:53:bc:04:f6:27:ae:21:f7:
a7:ce:16:3d:a5:0d:16:ee:fe:26:ad:98:c4:66:f4:
db:db:cc:b0:be:08:a7:91:74:c3:3a:74:93:36:f8:
4e:f3:56:59:8f:92:21:2e:97:59:5b:84:92:43:e0:
de:8f:46:3b:99:91:ae:11:0f:74:dc:0d:b6:b5:cd:
4a:0a:3c:f7:08:01:ae:21:0a:ae:77:f9:c4:0f:55:
d9:cf:9f:77:f0:3d:ad:d2:ce:57:cc:46:16:d4:a2:
fd:86:d5:a0:87:d6:e8:b7:59:a1:62:bd:f2:93:08:
79:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:D7:CA:27:EF:A3:61:B1:2B:F9:55:C3:9A:1B:DD:DF:5D:C1:89:DA
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Q9fKJ--jYbEr-VXDmhvd313Bido.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
8a:33:0e:35:ed:25:7b:32:7c:ce:24:2f:a6:72:e4:79:7f:26:
06:f0:84:c2:4b:28:b7:db:b3:f2:6c:41:3e:cd:47:bd:a5:c2:
00:73:22:0d:3f:d8:d0:90:8e:eb:84:69:8c:5b:4e:8c:d2:31:
da:21:d2:19:31:86:00:bd:72:f4:49:b7:67:08:ef:7f:d2:73:
71:dc:e3:a6:f6:9a:9a:f5:c8:13:e3:94:2f:fd:6b:2f:1b:94:
c9:16:d7:fe:b6:c7:f3:da:4a:1c:72:b9:ec:73:dd:5f:4b:f8:
f8:18:ed:23:72:c6:d5:b8:5f:fa:ed:c4:0b:d3:57:28:5a:36:
96:74:b5:04:c0:d7:4e:0f:63:78:61:83:83:88:09:fe:20:58:
5b:0f:b4:3e:d4:84:3e:1c:de:b5:e2:92:96:a4:a7:75:fd:aa:
90:94:e1:1e:1f:c3:6d:38:b1:07:53:25:f7:63:09:71:40:18:
db:50:34:84:0d:0b:bf:57:1d:8a:f5:7e:38:c6:d9:dc:72:a5:
e1:76:09:a8:bd:f6:69:2c:42:e8:7f:05:39:45:d9:2e:3c:6f:
12:51:f1:b2:c1:c4:ef:83:43:cb:60:68:20:de:19:82:20:03:
af:3b:83:18:7f:0e:57:6b:09:10:c0:70:5f:93:54:7b:77:e3:
3d:18:84:1d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYO4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTYx
MzQwMjdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDQzRDdDQTI3RUZBMzYx
QjEyQkY5NTVDMzlBMUJERERGNURDMTg5REEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDbn41sKVFn+PJ4QGH6H0kD6kViuH6VmRgeMpmkjaCWS+9GLmnK
NTDkKYJMULz1+cJkM3qYGRPtXCe2/js8TZkVJ8gaEHkHTI6Fl2ZtqhPSQrOHWs41
NT5THJFHhGWzu7lbFJkG0sYhh3Ogev9Z6p/Mg0ao2zT/zZQ96KdsPcOXk4awjqDS
Nq2EmNUFO6pTvAT2J64h96fOFj2lDRbu/iatmMRm9NvbzLC+CKeRdMM6dJM2+E7z
VlmPkiEul1lbhJJD4N6PRjuZka4RD3TcDba1zUoKPPcIAa4hCq53+cQPVdnPn3fw
Pa3SzlfMRhbUov2G1aCH1ui3WaFivfKTCHmtAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUQ9fKJ++jYbEr+VXDmhvd313BidowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1E5ZktKLS1qWWJFci1W
WERtaHZkMzEzQmlkby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCKMw41
7SV7MnzOJC+mcuR5fyYG8ITCSyi327PybEE+zUe9pcIAcyINP9jQkI7rhGmMW06M
0jHaIdIZMYYAvXL0SbdnCO9/0nNx3OOm9pqa9cgT45Qv/WsvG5TJFtf+tsfz2koc
crnsc91fS/j4GO0jcsbVuF/67cQL01coWjaWdLUEwNdOD2N4YYODiAn+IFhbD7Q+
1IQ+HN614pKWpKd1/aqQlOEeH8NtOLEHUyX3YwlxQBjbUDSEDQu/Vx2K9X44xtnc
cqXhdgmovfZpLELofwU5RdkuPG8SUfGywcTvg0PLYGgg3hmCIAOvO4MYfw5XawkQ
wHBfk1R7d+M9GIQd
-----END CERTIFICATE-----
Generated at Sat May 17 23:34:10 2025 by rpki-client