Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/qRS6XVVmB4jBr-knlN4WjYTnqvc.roa
File: qRS6XVVmB4jBr-knlN4WjYTnqvc.roa (raw, json)
Hash identifier: Ce8nDEGhfIzbmk+PVqfweBoUEnmkz6N6yL+2eICHYQo=
Subject key identifier: A9:14:BA:5D:55:66:07:88:C1:AF:E9:27:94:DE:16:8D:84:E7:AA:F7
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 60BC
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qRS6XVVmB4jBr-knlN4WjYTnqvc.roa
Signing time: Fri 16 May 2025 01:10:24 +0000
ROA not before: Fri 16 May 2025 01:10:24 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24764 (0x60bc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 16 01:10:24 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=A914BA5D55660788C1AFE92794DE168D84E7AAF7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:36:59:2d:47:2a:80:ca:4f:0e:e3:68:ef:34:
f2:4c:e8:f1:bf:bd:1f:fc:19:eb:f6:c2:8c:29:a6:
70:9f:d4:b9:7a:6b:b1:75:58:c9:90:91:f8:55:af:
c2:4f:9a:a3:84:b1:44:fe:d1:33:7f:6a:7a:81:73:
de:12:cf:ef:10:56:9d:8b:00:d5:15:43:11:33:f8:
aa:63:30:88:89:53:53:a3:65:83:51:ea:74:66:84:
0d:43:08:89:e6:d0:3c:02:4f:3e:4e:42:e1:15:2d:
01:5e:3d:0d:e0:d5:88:6d:9f:43:3a:46:94:10:44:
0f:d0:01:53:fa:8d:4e:ce:84:9f:9a:f7:b6:c2:51:
38:de:93:74:de:16:52:7c:79:10:85:c9:91:df:a7:
e6:2b:6f:f7:a0:a9:b5:34:64:af:2a:87:88:59:ab:
d1:07:e4:78:29:7a:e1:fb:60:b1:c4:53:2e:59:5a:
54:6f:30:77:66:34:9e:20:05:b4:70:ce:f5:c2:89:
a3:a3:98:41:bc:be:13:52:bb:95:bd:ef:92:d4:99:
c7:ee:14:79:18:61:08:a5:ad:0c:9b:2c:86:3e:00:
9f:7b:e3:0c:ee:3d:a0:80:81:e0:b5:d2:29:43:8b:
a4:18:cf:33:a8:e1:94:6d:fe:ce:34:98:41:b5:7b:
21:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:14:BA:5D:55:66:07:88:C1:AF:E9:27:94:DE:16:8D:84:E7:AA:F7
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/qRS6XVVmB4jBr-knlN4WjYTnqvc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
a0:16:c5:cd:59:1f:1c:1a:a8:82:35:ef:50:4d:55:f7:15:bb:
30:16:59:e0:9e:6b:48:a9:72:ad:e9:e5:b5:24:4f:d6:88:83:
3c:cc:82:cb:47:4b:01:9d:a9:48:b6:88:3f:94:92:42:5a:53:
6c:87:3d:3c:0e:15:79:bb:4e:4f:58:1d:c2:4d:3c:dd:8a:bb:
03:f1:e1:26:a6:82:24:3d:77:28:6b:34:26:fd:8d:65:c5:7e:
8b:ee:22:21:ea:60:82:2c:5b:3b:05:3b:e5:9e:85:5b:8b:ec:
6c:c7:3e:66:48:46:bc:2a:c7:6c:a4:eb:b2:f1:4b:6f:b1:2e:
25:27:76:f6:37:61:f6:17:8d:60:9e:f3:6f:27:e4:37:25:fd:
d8:a5:35:3c:0f:b6:a1:0d:e4:05:92:f5:5a:37:fb:9a:49:58:
8c:cd:9b:b4:69:18:0a:d1:79:38:06:2f:4e:8c:fd:8a:d6:12:
43:9c:22:9c:ae:7e:b0:22:49:90:07:14:db:3e:df:6a:d9:dc:
a9:01:7a:e3:d9:de:82:2f:4f:97:99:3c:53:3f:94:01:8b:a3:
fa:1d:2a:d0:22:e5:7a:8e:19:26:82:a6:d0:54:57:ea:36:66:
c6:67:7f:ea:38:94:50:8f:68:f2:59:d3:69:d7:c9:00:70:41:
2e:a1:97:59
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYLwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTYw
MTEwMjRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEE5MTRCQTVENTU2NjA3
ODhDMUFGRTkyNzk0REUxNjhEODRFN0FBRjcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9NlktRyqAyk8O42jvNPJM6PG/vR/8Gev2wowppnCf1Ll6a7F1
WMmQkfhVr8JPmqOEsUT+0TN/anqBc94Sz+8QVp2LANUVQxEz+KpjMIiJU1OjZYNR
6nRmhA1DCInm0DwCTz5OQuEVLQFePQ3g1Yhtn0M6RpQQRA/QAVP6jU7OhJ+a97bC
UTjek3TeFlJ8eRCFyZHfp+Yrb/egqbU0ZK8qh4hZq9EH5HgpeuH7YLHEUy5ZWlRv
MHdmNJ4gBbRwzvXCiaOjmEG8vhNSu5W975LUmcfuFHkYYQilrQybLIY+AJ974wzu
PaCAgeC10ilDi6QYzzOo4ZRt/s40mEG1eyGpAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUqRS6XVVmB4jBr+knlN4WjYTnqvcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3FSUzZYVlZtQjRqQnIt
a25sTjRXallUbnF2Yy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCgFsXN
WR8cGqiCNe9QTVX3FbswFlngnmtIqXKt6eW1JE/WiIM8zILLR0sBnalItog/lJJC
WlNshz08DhV5u05PWB3CTTzdirsD8eEmpoIkPXcoazQm/Y1lxX6L7iIh6mCCLFs7
BTvlnoVbi+xsxz5mSEa8KsdspOuy8UtvsS4lJ3b2N2H2F41gnvNvJ+Q3Jf3YpTU8
D7ahDeQFkvVaN/uaSViMzZu0aRgK0Xk4Bi9OjP2K1hJDnCKcrn6wIkmQBxTbPt9q
2dypAXrj2d6CL0+XmTxTP5QBi6P6HSrQIuV6jhkmgqbQVFfqNmbGZ3/qOJRQj2jy
WdNp18kAcEEuoZdZ
-----END CERTIFICATE-----
Generated at Sun May 18 02:04:07 2025 by rpki-client