Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/2y0DbIbYxsZhTVOYW5SFIdAsZcw.roa
File: 2y0DbIbYxsZhTVOYW5SFIdAsZcw.roa (raw, json)
Hash identifier: Qpm3LkC4k9GYucWclQce6c0J6vU210kY2tzBO30Lugw=
Subject key identifier: DB:2D:03:6C:86:D8:C6:C6:61:4D:53:98:5B:94:85:21:D0:2C:65:CC
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7554
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2y0DbIbYxsZhTVOYW5SFIdAsZcw.roa
Signing time: Thu 10 Jul 2025 04:45:15 +0000
ROA not before: Thu 10 Jul 2025 04:45:15 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30036 (0x7554)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 10 04:45:15 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=DB2D036C86D8C6C6614D53985B948521D02C65CC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:60:d9:61:19:46:32:79:62:ed:9e:87:ab:24:
b8:61:93:6a:66:87:ed:8b:df:c7:65:9b:67:7d:94:
ee:64:9e:f8:8b:6d:30:02:35:ac:48:f7:c7:40:70:
a5:31:15:cc:a8:47:1d:83:f5:12:40:dc:a9:e0:ab:
27:19:64:4d:89:27:e1:a2:e3:af:e2:fd:aa:6e:c2:
ed:0c:6a:ca:2c:cb:f7:e8:87:ca:b5:b9:b4:36:76:
a0:c9:38:a3:c2:0f:50:4d:73:db:2c:15:e3:f1:1b:
4c:86:a0:56:64:50:85:0b:a2:df:f7:fd:54:97:0f:
ca:6e:a4:d2:6c:ca:29:52:a8:72:2b:72:63:4e:05:
fa:c5:06:d6:02:45:b7:85:c2:87:76:4b:33:04:db:
36:45:af:05:21:00:aa:77:8d:14:a8:2f:53:5c:a5:
23:8f:8b:b2:83:a0:3f:53:0d:ca:63:92:a3:72:17:
0b:4d:10:3a:2a:44:3d:66:9f:db:32:1b:c9:97:08:
43:89:0e:8e:57:96:5d:e7:4a:70:66:8b:86:26:4d:
2c:a7:36:8a:c3:19:fd:9e:c8:98:f5:e1:fd:d1:a5:
50:c1:62:58:ef:b5:ab:ed:04:6d:13:c9:49:5c:25:
c5:29:02:fc:15:45:12:be:b7:65:4b:32:6d:c7:80:
af:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:2D:03:6C:86:D8:C6:C6:61:4D:53:98:5B:94:85:21:D0:2C:65:CC
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2y0DbIbYxsZhTVOYW5SFIdAsZcw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
ab:a2:1e:16:ef:c8:ee:5b:15:9f:50:bb:1e:bc:02:1d:c8:06:
2c:a2:18:18:25:b6:87:61:a1:24:85:2d:0c:a1:fe:1b:70:4f:
f8:da:b1:08:be:a7:05:fd:23:74:1a:68:73:fc:f7:39:dc:e1:
a8:1f:01:8a:48:f1:4c:64:28:a3:75:54:e1:2c:cc:fb:5a:29:
1d:ee:90:1f:b2:c0:d6:70:59:b2:b4:8c:75:4b:bf:23:a2:71:
0d:fc:80:86:de:72:72:ca:9d:b0:4a:79:95:62:7a:ab:11:5e:
92:f5:a0:95:1f:c7:7c:11:7e:ed:58:21:32:a3:d0:ba:b8:c0:
78:56:9d:3f:01:89:c3:65:d5:e1:b3:ae:6d:12:a7:5a:ef:f1:
2b:4c:14:31:11:1b:67:9e:1b:8c:2d:c7:c0:d7:46:45:88:87:
0c:0f:8a:7d:89:e0:f3:92:3a:bf:e2:a8:20:08:f2:8f:49:57:
35:07:ad:e8:5a:70:49:c0:a3:79:c7:eb:e6:1b:ed:51:10:26:
fa:91:63:bb:36:c7:e7:af:fb:19:00:11:dd:e3:be:d1:70:aa:
65:02:a3:43:6f:0d:b0:3a:90:1b:9f:7c:e9:33:85:76:4d:4f:
3e:09:1e:1b:49:6e:1d:0a:f3:a9:02:43:10:71:bd:d2:b2:8f:
9c:ba:11:e5
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdVQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTAw
NDQ1MTVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKERCMkQwMzZDODZEOEM2
QzY2MTRENTM5ODVCOTQ4NTIxRDAyQzY1Q0MwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDQYNlhGUYyeWLtnoerJLhhk2pmh+2L38dlm2d9lO5knviLbTAC
NaxI98dAcKUxFcyoRx2D9RJA3KngqycZZE2JJ+Gi46/i/apuwu0Masosy/foh8q1
ubQ2dqDJOKPCD1BNc9ssFePxG0yGoFZkUIULot/3/VSXD8pupNJsyilSqHIrcmNO
BfrFBtYCRbeFwod2SzME2zZFrwUhAKp3jRSoL1NcpSOPi7KDoD9TDcpjkqNyFwtN
EDoqRD1mn9syG8mXCEOJDo5Xll3nSnBmi4YmTSynNorDGf2eyJj14f3RpVDBYljv
tavtBG0TyUlcJcUpAvwVRRK+t2VLMm3HgK/1AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU2y0DbIbYxsZhTVOYW5SFIdAsZcwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzJ5MERiSWJZeHNaaFRW
T1lXNVNGSWRBc1pjdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCroh4W
78juWxWfULsevAIdyAYsohgYJbaHYaEkhS0Mof4bcE/42rEIvqcF/SN0Gmhz/Pc5
3OGoHwGKSPFMZCijdVThLMz7Wikd7pAfssDWcFmytIx1S78jonEN/ICG3nJyyp2w
SnmVYnqrEV6S9aCVH8d8EX7tWCEyo9C6uMB4Vp0/AYnDZdXhs65tEqda7/ErTBQx
ERtnnhuMLcfA10ZFiIcMD4p9ieDzkjq/4qggCPKPSVc1B63oWnBJwKN5x+vmG+1R
ECb6kWO7Nsfnr/sZABHd477RcKplAqNDbw2wOpAbn3zpM4V2TU8+CR4bSW4dCvOp
AkMQcb3Sso+cuhHl
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:45:32 2025 by rpki-client