Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/2YC1jM4vYCRlqpv2zlSJvSnVsBk.roa
File: 2YC1jM4vYCRlqpv2zlSJvSnVsBk.roa (raw, json)
Hash identifier: i92NpCDj9H/ZreM3K46iVFS9PXDypRjIpW4owScMbzI=
Subject key identifier: D9:80:B5:8C:CE:2F:60:24:65:AA:9B:F6:CE:54:89:BD:29:D5:B0:19
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7682
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2YC1jM4vYCRlqpv2zlSJvSnVsBk.roa
Signing time: Sun 13 Jul 2025 08:41:56 +0000
ROA not before: Sun 13 Jul 2025 08:41:56 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30338 (0x7682)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 13 08:41:56 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=D980B58CCE2F602465AA9BF6CE5489BD29D5B019
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:41:5c:53:94:11:0d:1d:2f:d6:0e:93:20:90:
c5:30:17:7d:6a:36:03:4c:cb:4b:36:c5:99:e8:9c:
0b:f2:89:10:9f:2d:73:11:35:4f:50:f3:bd:b8:56:
fe:b7:b0:b7:c2:d0:eb:3c:2d:ff:79:75:43:31:46:
bb:82:df:76:6f:7e:64:3f:d8:5a:a9:51:09:59:d2:
79:85:e8:31:d1:c2:73:70:22:28:d7:54:08:2c:db:
16:4d:85:4b:b1:33:c7:e8:86:1f:5c:0a:99:cb:d6:
45:85:6b:30:21:a3:87:1e:b2:ec:3a:cc:59:e9:76:
3b:c6:71:e2:d6:be:b2:2b:51:f5:a8:c9:ad:d8:0f:
8e:c9:16:8e:22:ec:11:5d:6d:56:85:78:63:60:27:
d0:10:ad:43:a9:e3:e4:13:e6:f0:84:bd:17:7e:2d:
50:78:4b:9b:7c:95:e5:40:de:f8:b1:eb:28:92:fa:
59:2d:35:1e:20:85:35:fe:6b:99:24:3c:0b:1b:b7:
61:ab:52:25:12:1e:60:53:bf:60:bf:91:8e:d6:4e:
f0:83:31:25:7a:68:bc:96:bc:22:54:ee:3d:06:8d:
50:b5:ba:1f:a9:ad:3c:4c:4c:55:90:74:25:2a:ee:
9b:ac:4f:86:73:c5:70:71:df:5d:5a:e4:e3:fe:39:
64:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:80:B5:8C:CE:2F:60:24:65:AA:9B:F6:CE:54:89:BD:29:D5:B0:19
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2YC1jM4vYCRlqpv2zlSJvSnVsBk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
21:fb:85:1c:c7:ac:d8:a0:85:97:b4:0d:48:cd:8a:6f:a9:83:
5d:6d:44:ed:ea:b3:5d:89:1b:df:b2:55:b5:2f:17:13:8b:45:
47:13:63:9b:dc:bd:0f:e1:b8:e6:82:bd:cf:0b:bf:74:1a:3a:
6b:96:a2:a9:c3:70:c7:c3:61:90:be:ed:2a:8f:e0:cc:0e:58:
a4:b0:1a:a5:66:82:ab:29:55:8b:3d:f5:df:dd:f2:f4:37:32:
56:b7:e6:d3:ba:92:45:f5:61:dd:f0:45:c5:50:4d:83:ae:c1:
24:83:5d:56:69:60:37:80:49:78:25:c9:5c:ee:64:54:fc:5f:
c1:1c:70:d9:0f:9f:a7:21:93:58:8e:1e:43:c5:3d:3d:77:19:
a4:9c:b2:57:fa:f2:c8:8e:1a:9f:bb:12:7d:e2:77:d4:fb:44:
81:85:fd:e0:01:36:17:b3:81:de:9b:6e:b7:83:4e:78:4a:b4:
f2:dc:6e:6b:2c:35:57:d7:a8:78:2b:eb:f5:9d:ec:55:95:3d:
0c:f5:0c:33:33:4f:8a:40:bd:49:53:0b:02:20:28:c0:fd:f3:
4d:ad:2c:cc:73:2d:6e:85:e5:e4:4c:17:42:90:33:8b:68:eb:
a0:cc:7f:0a:43:5b:25:b6:62:33:26:f8:da:d7:0c:19:15:9b:
43:bc:c6:da
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdoIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTMw
ODQxNTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEQ5ODBCNThDQ0UyRjYw
MjQ2NUFBOUJGNkNFNTQ4OUJEMjlENUIwMTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC4QVxTlBENHS/WDpMgkMUwF31qNgNMy0s2xZnonAvyiRCfLXMR
NU9Q8724Vv63sLfC0Os8Lf95dUMxRruC33ZvfmQ/2FqpUQlZ0nmF6DHRwnNwIijX
VAgs2xZNhUuxM8fohh9cCpnL1kWFazAho4cesuw6zFnpdjvGceLWvrIrUfWoya3Y
D47JFo4i7BFdbVaFeGNgJ9AQrUOp4+QT5vCEvRd+LVB4S5t8leVA3vix6yiS+lkt
NR4ghTX+a5kkPAsbt2GrUiUSHmBTv2C/kY7WTvCDMSV6aLyWvCJU7j0GjVC1uh+p
rTxMTFWQdCUq7pusT4ZzxXBx311a5OP+OWRxAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU2YC1jM4vYCRlqpv2zlSJvSnVsBkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzJZQzFqTTR2WUNSbHFw
djJ6bFNKdlNuVnNCay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAh+4Uc
x6zYoIWXtA1IzYpvqYNdbUTt6rNdiRvfslW1LxcTi0VHE2Ob3L0P4bjmgr3PC790
GjprlqKpw3DHw2GQvu0qj+DMDliksBqlZoKrKVWLPfXf3fL0NzJWt+bTupJF9WHd
8EXFUE2DrsEkg11WaWA3gEl4Jclc7mRU/F/BHHDZD5+nIZNYjh5DxT09dxmknLJX
+vLIjhqfuxJ94nfU+0SBhf3gATYXs4Hem263g054SrTy3G5rLDVX16h4K+v1nexV
lT0M9QwzM0+KQL1JUwsCICjA/fNNrSzMcy1uheXkTBdCkDOLaOugzH8KQ1sltmIz
Jvja1wwZFZtDvMba
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:40:01 2025 by rpki-client