Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Vy2seh0IZR1LnkZFHTFly7qJMno.roa
File: Vy2seh0IZR1LnkZFHTFly7qJMno.roa (raw, json)
Hash identifier: Yflnvc3lhHURuofkKqdIoc7+QY8p7/xVGHtCWF4JVoY=
Subject key identifier: 57:2D:AC:7A:1D:08:65:1D:4B:9E:46:45:1D:31:65:CB:BA:89:32:7A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 61E8
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Vy2seh0IZR1LnkZFHTFly7qJMno.roa
Signing time: Mon 19 May 2025 04:11:36 +0000
ROA not before: Mon 19 May 2025 04:11:36 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25064 (0x61e8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 19 04:11:36 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=572DAC7A1D08651D4B9E46451D3165CBBA89327A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:32:7d:e1:3e:59:16:cb:43:8c:8a:c3:e1:d9:
17:0f:37:ab:94:c9:54:a9:1b:c8:24:80:c2:67:b1:
e8:f1:c6:2c:58:d7:73:13:32:ab:44:ea:25:bc:9f:
26:30:00:84:a4:3f:13:38:ee:2a:d4:32:40:9b:d9:
45:d6:e1:57:a4:d6:44:6b:30:69:80:c4:7c:0d:6e:
e0:96:b3:2b:47:8c:1f:5a:0d:ff:2d:e4:bb:a3:38:
f8:1b:ce:7b:cb:68:f4:82:d6:f0:01:59:78:0a:a3:
85:2a:be:a7:20:37:7a:ca:8c:6a:4b:e6:5d:9a:46:
9c:a4:db:f8:86:20:75:71:17:2b:63:ed:1a:7c:60:
50:28:78:0c:98:3f:d9:57:b7:c3:c1:4d:64:75:22:
fa:29:38:0e:e4:b1:52:40:34:3c:25:33:1f:d4:5f:
87:f8:78:29:87:f8:69:62:e5:00:fc:d7:fe:be:48:
90:df:0f:a0:42:b2:5a:61:c3:2c:1a:a8:2e:87:5f:
f9:90:3e:56:28:57:95:9a:5f:11:64:b2:b9:77:3a:
7c:9d:fa:ae:5e:85:37:47:ce:ce:0d:9b:41:a1:63:
74:30:94:fd:c9:14:37:0f:ee:b9:28:e5:a7:53:20:
97:10:6f:28:1d:fc:ef:f2:4b:f8:93:dd:2a:b7:a5:
4b:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
57:2D:AC:7A:1D:08:65:1D:4B:9E:46:45:1D:31:65:CB:BA:89:32:7A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Vy2seh0IZR1LnkZFHTFly7qJMno.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
66:e1:92:b8:df:6f:da:08:db:74:8e:f5:b3:f1:28:5c:c7:aa:
0c:6a:71:9f:9b:45:06:18:d2:69:57:9c:33:5f:73:a9:ea:23:
03:20:b8:1b:2f:35:4e:a3:95:c0:b1:b1:06:02:83:6a:46:ef:
6b:f4:be:a1:bb:1f:0a:38:ab:00:eb:df:a7:5d:52:fc:1b:83:
89:5b:74:b3:f9:e6:63:68:55:89:75:9a:55:46:d5:53:c1:16:
af:bd:0f:a5:69:81:5c:ff:95:9e:cc:7f:53:99:3d:25:3e:0e:
8e:2b:16:30:95:fb:3d:b7:06:e8:98:79:4e:09:eb:52:8a:27:
ab:01:01:76:fb:88:fe:33:9b:02:e9:58:82:99:f5:0e:de:10:
59:53:c4:20:06:b9:cb:10:e7:da:7a:0c:d2:ca:56:f9:59:32:
9d:4c:12:b8:90:3e:c9:7a:97:78:a2:f1:b9:44:02:7d:01:b3:
fd:ab:71:e5:1e:25:cb:f3:f6:ff:e1:0f:a3:7b:a6:e9:a9:c9:
93:e7:61:ac:e2:52:57:1b:d0:51:f9:3c:7d:c2:85:b0:6b:3f:
60:ab:fa:ca:52:24:6b:f0:86:ff:71:43:cb:39:de:56:fd:ba:
0f:03:74:9e:6c:14:b8:18:e9:44:07:15:e3:a6:26:cf:d2:d1:
bb:78:f2:3f
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYegwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTkw
NDExMzZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDU3MkRBQzdBMUQwODY1
MUQ0QjlFNDY0NTFEMzE2NUNCQkE4OTMyN0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCvMn3hPlkWy0OMisPh2RcPN6uUyVSpG8gkgMJnsejxxixY13MT
MqtE6iW8nyYwAISkPxM47irUMkCb2UXW4Vek1kRrMGmAxHwNbuCWsytHjB9aDf8t
5LujOPgbznvLaPSC1vABWXgKo4UqvqcgN3rKjGpL5l2aRpyk2/iGIHVxFytj7Rp8
YFAoeAyYP9lXt8PBTWR1IvopOA7ksVJANDwlMx/UX4f4eCmH+Gli5QD81/6+SJDf
D6BCslphwywaqC6HX/mQPlYoV5WaXxFksrl3Onyd+q5ehTdHzs4Nm0GhY3QwlP3J
FDcP7rko5adTIJcQbygd/O/yS/iT3Sq3pUvXAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUVy2seh0IZR1LnkZFHTFly7qJMnowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1Z5MnNlaDBJWlIxTG5r
WkZIVEZseTdxSk1uby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBm4ZK4
32/aCNt0jvWz8Shcx6oManGfm0UGGNJpV5wzX3Op6iMDILgbLzVOo5XAsbEGAoNq
Ru9r9L6hux8KOKsA69+nXVL8G4OJW3Sz+eZjaFWJdZpVRtVTwRavvQ+laYFc/5We
zH9TmT0lPg6OKxYwlfs9twbomHlOCetSiierAQF2+4j+M5sC6ViCmfUO3hBZU8Qg
BrnLEOfaegzSylb5WTKdTBK4kD7Jepd4ovG5RAJ9AbP9q3HlHiXL8/b/4Q+je6bp
qcmT52Gs4lJXG9BR+Tx9woWwaz9gq/rKUiRr8Ib/cUPLOd5W/boPA3SebBS4GOlE
BxXjpibP0tG7ePI/
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:39:32 2025 by rpki-client