Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/RyW-VjtY7czumBZerbRQYrbOe4g.roa
File: RyW-VjtY7czumBZerbRQYrbOe4g.roa (raw, json)
Hash identifier: QyQjSqHq21tsnv6dN/BvikAyI8jXWhvEhAGUz9LtrlY=
Subject key identifier: 47:25:BE:56:3B:58:ED:CC:EE:98:16:5E:AD:B4:50:62:B6:CE:7B:88
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7348
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/RyW-VjtY7czumBZerbRQYrbOe4g.roa
Signing time: Fri 04 Jul 2025 17:45:23 +0000
ROA not before: Fri 04 Jul 2025 17:45:23 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29512 (0x7348)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 4 17:45:23 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=4725BE563B58EDCCEE98165EADB45062B6CE7B88
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:fb:84:5a:0c:72:27:fe:6d:fc:16:62:95:3d:
d5:eb:64:d4:92:4c:20:68:7e:c0:2e:c8:c3:80:31:
84:4c:ee:89:9e:48:33:87:15:35:07:6d:e0:5e:0d:
7f:84:a1:38:1c:d7:68:b8:b8:b7:92:b5:39:37:08:
a9:02:ca:e5:92:62:68:4c:81:38:e5:18:5e:8f:9d:
28:81:45:93:3b:bd:15:0f:bd:4e:06:06:12:e2:2b:
e4:33:b8:71:26:c7:e9:1a:88:ba:db:7a:34:c6:bf:
05:32:35:db:0f:24:c3:45:d5:1c:8f:a0:5f:87:67:
3f:a0:cc:a5:f5:25:15:79:0d:df:95:6f:56:be:fb:
85:dd:d0:11:a8:c0:f5:83:cb:8c:3c:6d:34:fa:ba:
5f:6d:77:0e:54:19:d7:89:85:1c:85:29:b1:9b:27:
46:e2:97:c7:53:c1:68:a6:0a:8c:0c:74:fd:53:f2:
50:50:eb:43:25:c4:fd:2a:96:c0:f4:16:c4:61:3a:
50:2f:4a:32:eb:16:1c:e8:d6:d2:f4:e4:a2:bb:19:
d3:cb:fb:bc:b3:ba:10:4e:fd:7c:1b:3f:d7:ff:52:
71:bb:fb:25:03:2e:bc:4c:39:40:b3:8b:a1:60:b5:
c3:cd:26:1d:8b:9e:bc:ca:b6:58:69:b0:15:44:81:
e5:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
47:25:BE:56:3B:58:ED:CC:EE:98:16:5E:AD:B4:50:62:B6:CE:7B:88
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/RyW-VjtY7czumBZerbRQYrbOe4g.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
3b:bd:66:fb:bb:b5:c5:0f:70:5f:e8:ab:81:9b:30:8f:55:e4:
aa:bd:ae:22:5f:2a:38:20:00:be:7e:b1:2e:ab:aa:7f:ac:12:
46:3b:b1:c1:6b:3e:d2:76:15:17:d5:75:78:f8:e8:5c:19:f7:
dd:90:1f:bf:94:4f:03:53:40:95:09:8c:e4:85:1b:fe:25:9f:
7f:42:a4:78:e9:42:91:bb:82:c3:f1:4e:be:88:c0:03:1d:e0:
e6:1b:0c:a2:ac:f1:62:8c:9f:80:d5:01:d6:46:35:0a:89:c1:
9c:c3:1f:30:51:32:5c:61:21:09:3d:af:6f:96:d4:8d:f0:41:
1c:23:a2:1d:4f:c8:7e:84:f5:68:70:76:83:6d:a2:3a:bf:a2:
21:b2:26:b2:20:44:b0:31:df:85:19:dd:b6:8a:ed:ab:b3:d2:
17:3c:5d:7e:6f:dc:9c:08:4e:1d:7f:a2:4f:57:42:f7:53:59:
79:06:2a:81:71:f1:c7:bb:68:e3:af:83:0e:35:a1:7e:99:4b:
20:8e:cd:a0:99:d7:6d:b8:78:0e:76:27:e1:35:72:de:af:81:
24:61:d7:d8:51:38:3c:3e:e1:02:27:c5:21:73:b2:de:e2:09:
cb:e9:60:6f:11:ed:00:57:a1:da:39:7b:7d:7f:54:44:17:e9:
87:c2:18:58
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICc0gwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDQx
NzQ1MjNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDQ3MjVCRTU2M0I1OEVE
Q0NFRTk4MTY1RUFEQjQ1MDYyQjZDRTdCODgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCt+4RaDHIn/m38FmKVPdXrZNSSTCBofsAuyMOAMYRM7omeSDOH
FTUHbeBeDX+EoTgc12i4uLeStTk3CKkCyuWSYmhMgTjlGF6PnSiBRZM7vRUPvU4G
BhLiK+QzuHEmx+kaiLrbejTGvwUyNdsPJMNF1RyPoF+HZz+gzKX1JRV5Dd+Vb1a+
+4Xd0BGowPWDy4w8bTT6ul9tdw5UGdeJhRyFKbGbJ0bil8dTwWimCowMdP1T8lBQ
60MlxP0qlsD0FsRhOlAvSjLrFhzo1tL05KK7GdPL+7yzuhBO/XwbP9f/UnG7+yUD
LrxMOUCzi6FgtcPNJh2LnrzKtlhpsBVEgeUdAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQURyW+VjtY7czumBZerbRQYrbOe4gwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1J5Vy1WanRZN2N6dW1C
WmVyYlJRWXJiT2U0Zy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA7vWb7
u7XFD3Bf6KuBmzCPVeSqva4iXyo4IAC+frEuq6p/rBJGO7HBaz7SdhUX1XV4+Ohc
GffdkB+/lE8DU0CVCYzkhRv+JZ9/QqR46UKRu4LD8U6+iMADHeDmGwyirPFijJ+A
1QHWRjUKicGcwx8wUTJcYSEJPa9vltSN8EEcI6IdT8h+hPVocHaDbaI6v6Ihsiay
IESwMd+FGd22iu2rs9IXPF1+b9ycCE4df6JPV0L3U1l5BiqBcfHHu2jjr4MONaF+
mUsgjs2gmddtuHgOdifhNXLer4EkYdfYUTg8PuECJ8Uhc7Le4gnL6WBvEe0AV6Ha
OXt9f1REF+mHwhhY
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:54:50 2025 by rpki-client