
Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/WXImyyRv09QIRCFYdpVoOhOIpyg.roa
File: WXImyyRv09QIRCFYdpVoOhOIpyg.roa (raw, json)
Hash identifier: KxPms/XU4IFygNTtJiLMmiGZ1k1kluqmYMVAsr3q+R8=
Subject key identifier: 59:72:26:CB:24:6F:D3:D4:08:44:21:58:76:95:68:3A:13:88:A7:28
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 75B6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WXImyyRv09QIRCFYdpVoOhOIpyg.roa
Signing time: Fri 11 Jul 2025 05:16:01 +0000
ROA not before: Fri 11 Jul 2025 05:16:01 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30134 (0x75b6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 11 05:16:01 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=597226CB246FD3D4084421587695683A1388A728
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:62:97:2d:69:37:60:6d:39:b6:97:b9:58:72:
5f:c6:d9:6f:9b:7d:f7:7a:cf:49:cd:b1:f1:c8:d8:
f8:93:dd:9a:d7:b2:34:c7:cd:b7:5c:65:6d:2c:be:
58:1e:46:cf:6f:c6:2c:11:a5:1f:f3:90:03:93:b4:
00:ec:7a:37:a9:f6:1d:0f:85:ec:de:84:ec:d4:e0:
39:8c:95:68:6b:99:98:82:bb:0d:5f:7b:98:c0:b3:
66:68:3f:a6:b0:ff:f2:ff:13:74:21:1a:a9:a5:5d:
ff:94:5d:cc:b3:c3:22:82:13:6e:6f:48:e5:e3:d7:
df:b5:d5:42:d7:ae:5e:1f:5b:cf:8e:c0:53:8e:0e:
58:fa:4d:ab:06:62:3f:23:7d:39:74:1e:2a:fd:75:
ef:55:e3:75:1b:c4:c9:5e:7b:00:d8:49:5a:fa:7f:
14:26:5b:6c:9c:63:76:67:df:3a:5c:b7:c8:6c:48:
4e:25:6e:e6:cc:0c:80:e9:96:5b:ad:12:72:c9:30:
47:cf:97:32:11:41:a1:2c:72:d1:03:cc:05:62:21:
e1:83:4c:0a:67:86:73:d9:95:2c:ec:61:a9:56:b1:
c3:03:e9:cb:b2:3a:e1:ed:68:0b:b7:68:e4:6f:c5:
63:ba:43:d8:ba:2b:34:8a:34:28:15:81:a7:62:2b:
d8:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:72:26:CB:24:6F:D3:D4:08:44:21:58:76:95:68:3A:13:88:A7:28
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WXImyyRv09QIRCFYdpVoOhOIpyg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
98:f3:70:95:77:e0:3b:9f:7a:e4:fc:3d:33:30:70:7e:33:64:
7c:06:8a:b0:a4:6f:09:17:01:e1:e8:0f:88:1a:6c:4c:24:21:
df:04:04:71:d5:d3:21:1b:d9:1a:a8:31:8a:b3:26:41:37:d1:
ab:93:39:52:49:05:be:58:39:88:c1:5e:c3:08:05:e0:7b:5d:
cf:64:c7:2e:57:8e:a3:d7:e0:70:c4:35:af:7f:2b:2e:e1:0c:
2f:c9:2c:0c:09:1a:db:ac:d3:8e:45:4b:2a:b9:1c:1f:10:bc:
c4:3c:2c:8e:5d:c8:fb:a2:e4:3c:02:d2:e1:09:24:ec:b1:2d:
f6:6e:d2:cb:b6:af:be:01:37:ce:d2:20:5c:8d:a8:fb:a1:4d:
f8:c5:1c:70:db:c7:b7:b3:81:5f:3a:d5:05:93:12:66:c8:eb:
cb:59:ce:2e:db:86:0e:0a:da:d2:9c:be:9d:98:1f:1a:c5:aa:
22:94:85:c5:2b:10:da:e7:31:1f:d8:3e:94:b7:e8:61:9e:de:
1a:9e:52:f3:b5:55:33:2f:f9:0c:c2:67:47:47:e6:f8:26:ab:
a1:2b:cb:fc:79:11:30:b3:14:be:44:2d:05:6a:4f:8a:f4:65:
ec:9d:dd:8b:15:28:17:80:9f:3c:8d:48:13:be:9c:c0:2c:85:
85:a1:f2:b3
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdbYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTEw
NTE2MDFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDU5NzIyNkNCMjQ2RkQz
RDQwODQ0MjE1ODc2OTU2ODNBMTM4OEE3MjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCrYpctaTdgbTm2l7lYcl/G2W+bffd6z0nNsfHI2PiT3ZrXsjTH
zbdcZW0svlgeRs9vxiwRpR/zkAOTtADsejep9h0PhezehOzU4DmMlWhrmZiCuw1f
e5jAs2ZoP6aw//L/E3QhGqmlXf+UXcyzwyKCE25vSOXj19+11ULXrl4fW8+OwFOO
Dlj6TasGYj8jfTl0Hir9de9V43UbxMleewDYSVr6fxQmW2ycY3Zn3zpct8hsSE4l
bubMDIDpllutEnLJMEfPlzIRQaEsctEDzAViIeGDTApnhnPZlSzsYalWscMD6cuy
OuHtaAu3aORvxWO6Q9i6KzSKNCgVgadiK9jNAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUWXImyyRv09QIRCFYdpVoOhOIpygwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1dYSW15eVJ2MDlRSVJD
RllkcFZvT2hPSXB5Zy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCY83CV
d+A7n3rk/D0zMHB+M2R8BoqwpG8JFwHh6A+IGmxMJCHfBARx1dMhG9kaqDGKsyZB
N9GrkzlSSQW+WDmIwV7DCAXge13PZMcuV46j1+BwxDWvfysu4QwvySwMCRrbrNOO
RUsquRwfELzEPCyOXcj7ouQ8AtLhCSTssS32btLLtq++ATfO0iBcjaj7oU34xRxw
28e3s4FfOtUFkxJmyOvLWc4u24YOCtrSnL6dmB8axaoilIXFKxDa5zEf2D6Ut+hh
nt4anlLztVUzL/kMwmdHR+b4JquhK8v8eREwsxS+RC0Fak+K9GXsnd2LFSgXgJ88
jUgTvpzALIWFofKz
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:48:41 2025 by rpki-client