Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/0yYNJhN-IUDduofeYSCh7U9sR_Y.roa
File: 0yYNJhN-IUDduofeYSCh7U9sR_Y.roa (raw, json)
Hash identifier: d8p+C1tIufBUL16lA+RU4LsutOnOzbIEVMjIvKCTqyU=
Subject key identifier: D3:26:0D:26:13:7E:21:40:DD:BA:87:DE:61:20:A1:ED:4F:6C:47:F6
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 76A4
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0yYNJhN-IUDduofeYSCh7U9sR_Y.roa
Signing time: Sun 13 Jul 2025 17:12:01 +0000
ROA not before: Sun 13 Jul 2025 17:12:01 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30372 (0x76a4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 13 17:12:01 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=D3260D26137E2140DDBA87DE6120A1ED4F6C47F6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:0e:19:31:6e:8d:47:ea:06:0e:01:ae:1f:d6:
50:73:a7:74:68:50:02:f6:da:b8:1e:cc:ab:f9:97:
72:25:71:69:1b:1a:9f:10:12:e5:e2:c6:6a:cd:e3:
89:08:34:88:a1:62:e3:48:73:32:28:f8:a5:41:3a:
a9:59:96:18:c0:dd:54:d2:a8:e3:4e:77:a1:fe:22:
ff:3a:d8:be:5b:a3:b1:0c:ef:55:12:e6:38:02:41:
95:56:75:c3:8e:05:b4:78:a8:ed:c9:65:5f:5c:e5:
80:6f:e2:25:3d:b3:4c:14:ea:b5:ee:04:87:11:78:
26:ff:f6:07:26:ee:2e:a4:7e:5e:87:5c:4f:e5:cc:
8d:0d:29:ea:b5:c1:ba:cc:9e:88:73:e4:99:24:0c:
66:45:e4:cd:24:4a:23:e8:c6:62:0c:15:df:52:cb:
b7:b6:a9:c7:dd:7b:35:4b:b5:3c:b3:77:a2:38:17:
42:7e:0e:9a:c6:ad:55:6f:57:44:07:78:21:f1:6c:
c4:ec:6e:f5:a9:11:67:f7:3f:38:22:69:a0:f3:a2:
04:ea:af:18:76:46:bf:24:1b:94:58:8d:b4:1a:4e:
2f:b6:80:cd:c3:d8:9e:48:a4:61:99:9b:c8:16:f5:
79:d2:97:01:f0:f5:67:8c:c2:c4:cd:25:e8:66:a5:
47:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:26:0D:26:13:7E:21:40:DD:BA:87:DE:61:20:A1:ED:4F:6C:47:F6
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0yYNJhN-IUDduofeYSCh7U9sR_Y.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
28:66:f6:7f:0c:24:d1:00:5c:94:e1:3e:ed:69:d1:0b:56:58:
78:b8:27:e8:43:2b:96:8a:ab:31:1d:c6:e3:bd:fc:31:4c:33:
27:bf:1b:cc:ab:c3:e0:0a:96:a1:c0:65:13:e1:34:5d:4a:81:
e7:ab:08:51:56:73:3e:47:14:73:9b:60:9b:6a:8e:9a:e4:07:
9a:bc:84:91:4f:f9:b3:f4:63:7d:99:07:24:71:55:19:2e:06:
bb:39:56:f6:b5:46:6e:20:84:50:b9:d2:3e:b4:1b:c1:99:25:
c2:f7:fa:9d:4d:d3:5b:37:7e:85:a0:ae:9b:4e:aa:90:19:12:
8d:7b:1b:f9:e3:1d:b8:a5:c0:12:4f:6d:57:4d:c1:a8:ed:d5:
e3:29:36:e8:cf:1b:ff:b7:0d:ca:55:b4:75:63:46:4a:73:06:
44:b3:1f:05:1b:4d:07:ef:4a:36:2d:98:37:61:c9:b8:a0:be:
2e:79:ed:c8:fc:f7:b6:00:e8:b8:6c:87:06:64:c3:cd:7c:ec:
b3:99:51:70:e4:d5:fb:47:55:8c:81:85:b6:bd:d9:f0:dc:8c:
c5:c0:b7:a2:51:4d:55:2c:7f:f2:b7:85:2e:d6:71:9b:84:2d:
f8:61:9f:9d:5a:68:46:15:fa:93:17:04:29:79:70:3f:a8:4a:
25:88:0f:0f
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdqQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTMx
NzEyMDFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEQzMjYwRDI2MTM3RTIx
NDBEREJBODdERTYxMjBBMUVENEY2QzQ3RjYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6Dhkxbo1H6gYOAa4f1lBzp3RoUAL22rgezKv5l3IlcWkbGp8Q
EuXixmrN44kINIihYuNIczIo+KVBOqlZlhjA3VTSqONOd6H+Iv862L5bo7EM71US
5jgCQZVWdcOOBbR4qO3JZV9c5YBv4iU9s0wU6rXuBIcReCb/9gcm7i6kfl6HXE/l
zI0NKeq1wbrMnohz5JkkDGZF5M0kSiPoxmIMFd9Sy7e2qcfdezVLtTyzd6I4F0J+
DprGrVVvV0QHeCHxbMTsbvWpEWf3PzgiaaDzogTqrxh2Rr8kG5RYjbQaTi+2gM3D
2J5IpGGZm8gW9XnSlwHw9WeMwsTNJehmpUdFAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU0yYNJhN+IUDduofeYSCh7U9sR/YwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzB5WU5KaE4tSVVEZHVv
ZmVZU0NoN1U5c1JfWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAoZvZ/
DCTRAFyU4T7tadELVlh4uCfoQyuWiqsxHcbjvfwxTDMnvxvMq8PgCpahwGUT4TRd
SoHnqwhRVnM+RxRzm2Cbao6a5AeavISRT/mz9GN9mQckcVUZLga7OVb2tUZuIIRQ
udI+tBvBmSXC9/qdTdNbN36FoK6bTqqQGRKNexv54x24pcAST21XTcGo7dXjKTbo
zxv/tw3KVbR1Y0ZKcwZEsx8FG00H70o2LZg3Ycm4oL4uee3I/Pe2AOi4bIcGZMPN
fOyzmVFw5NX7R1WMgYW2vdnw3IzFwLeiUU1VLH/yt4Uu1nGbhC34YZ+dWmhGFfqT
FwQpeXA/qEoliA8P
-----END CERTIFICATE-----
Generated at Sun Jul 20 20:45:56 2025 by rpki-client