Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/WYW-JchKI943RDGHiMhiGUQDj_I.roa
File: WYW-JchKI943RDGHiMhiGUQDj_I.roa (raw, json)
Hash identifier: O4gfnkQverVAANIL6ymhZVETmme3tzuqub/B1hf9hoo=
Subject key identifier: 59:85:BE:25:C8:4A:23:DE:37:44:31:87:88:C8:62:19:44:03:8F:F2
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7598
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WYW-JchKI943RDGHiMhiGUQDj_I.roa
Signing time: Thu 10 Jul 2025 21:45:12 +0000
ROA not before: Thu 10 Jul 2025 21:45:12 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30104 (0x7598)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 10 21:45:12 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=5985BE25C84A23DE3744318788C8621944038FF2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:1d:64:ef:33:5e:de:07:e8:48:94:cb:97:7b:
b0:34:9d:79:51:6b:9f:fa:8a:23:57:63:f7:b5:6b:
6b:6d:60:7e:57:e9:8b:4a:60:73:d6:09:0f:81:4c:
91:d2:e8:40:60:b7:40:04:cb:79:fe:f1:8f:b2:1c:
8e:9a:c7:42:5f:a2:27:15:01:0d:ee:f4:c5:df:79:
e7:f4:61:a8:5b:2f:aa:be:0a:b6:dc:cd:c7:00:9b:
39:a4:3a:83:39:2e:2c:3d:06:4e:7a:a4:90:39:99:
d8:7e:45:2f:85:15:3b:9e:55:ef:ae:3d:64:32:f2:
c6:41:78:b8:58:4e:98:5d:38:f9:c7:2b:aa:22:ad:
37:88:d5:66:79:64:4d:c3:17:d3:c5:83:4f:ad:f2:
25:82:c9:5e:40:22:cd:93:45:c9:38:34:53:9b:4b:
11:54:85:5e:8e:a0:9a:ac:24:b9:76:b2:19:fe:56:
cb:ca:71:43:36:f0:d6:1e:c2:9a:9d:02:4a:db:98:
19:4d:2b:4a:06:f8:e3:0d:1a:9b:b8:6a:b3:b2:80:
91:7f:75:39:6b:70:e4:93:60:95:ad:6a:34:b0:bd:
27:f0:5b:88:b8:ef:1e:59:f7:02:39:5f:fb:e9:c2:
e2:b3:de:e7:09:af:a4:8e:fa:4b:f0:2b:db:2e:2d:
ed:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:85:BE:25:C8:4A:23:DE:37:44:31:87:88:C8:62:19:44:03:8F:F2
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/WYW-JchKI943RDGHiMhiGUQDj_I.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
89:65:de:ff:9f:6e:fc:3e:98:c2:b6:86:a7:45:fa:c9:af:d0:
b9:1c:f9:34:ee:c4:48:0d:39:a7:c3:37:f1:af:e4:b3:c8:b2:
f6:3d:f2:4a:9d:47:d2:48:49:ce:a3:ea:65:06:a7:d8:c7:57:
de:75:ea:08:68:b2:cf:8a:5b:2c:bc:61:80:04:22:16:eb:78:
ac:7e:05:3d:5d:4f:42:93:58:67:eb:16:8e:2f:61:53:6b:bb:
89:ac:4d:72:14:a4:7e:e3:e5:5f:1c:93:d4:a7:fe:ca:b1:90:
a6:69:b6:5c:e9:b6:fb:0e:37:38:8e:5f:4a:0c:15:e4:dc:6c:
2a:db:1b:7c:55:00:42:9e:e6:49:55:47:83:49:3a:34:d9:e6:
3f:2e:e2:d4:f1:b2:05:7b:b3:3d:be:bc:b9:21:70:64:e0:6d:
76:41:f1:b5:6f:d9:13:a3:90:ff:43:c6:06:70:09:43:28:0a:
aa:e1:d6:52:a2:51:36:b8:2d:3d:5a:e9:81:f7:13:90:3a:e3:
38:cc:71:fe:c2:e0:8a:2c:48:9f:65:a3:04:54:8e:64:b8:b5:
e1:d7:47:9a:35:76:d9:f4:18:f7:44:6a:87:87:37:0d:16:56:
56:7c:ff:82:9e:97:25:61:27:6a:93:7d:cd:90:06:a5:82:79:
87:d2:f1:e6
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdZgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTAy
MTQ1MTJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDU5ODVCRTI1Qzg0QTIz
REUzNzQ0MzE4Nzg4Qzg2MjE5NDQwMzhGRjIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDOHWTvM17eB+hIlMuXe7A0nXlRa5/6iiNXY/e1a2ttYH5X6YtK
YHPWCQ+BTJHS6EBgt0AEy3n+8Y+yHI6ax0JfoicVAQ3u9MXfeef0YahbL6q+Crbc
zccAmzmkOoM5Liw9Bk56pJA5mdh+RS+FFTueVe+uPWQy8sZBeLhYTphdOPnHK6oi
rTeI1WZ5ZE3DF9PFg0+t8iWCyV5AIs2TRck4NFObSxFUhV6OoJqsJLl2shn+VsvK
cUM28NYewpqdAkrbmBlNK0oG+OMNGpu4arOygJF/dTlrcOSTYJWtajSwvSfwW4i4
7x5Z9wI5X/vpwuKz3ucJr6SO+kvwK9suLe3BAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUWYW+JchKI943RDGHiMhiGUQDj/IwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1dZVy1KY2hLSTk0M1JE
R0hpTWhpR1VRRGpfSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCJZd7/
n278PpjCtoanRfrJr9C5HPk07sRIDTmnwzfxr+SzyLL2PfJKnUfSSEnOo+plBqfY
x1fedeoIaLLPilssvGGABCIW63isfgU9XU9Ck1hn6xaOL2FTa7uJrE1yFKR+4+Vf
HJPUp/7KsZCmabZc6bb7Djc4jl9KDBXk3Gwq2xt8VQBCnuZJVUeDSTo02eY/LuLU
8bIFe7M9vry5IXBk4G12QfG1b9kTo5D/Q8YGcAlDKAqq4dZSolE2uC09WumB9xOQ
OuM4zHH+wuCKLEifZaMEVI5kuLXh10eaNXbZ9Bj3RGqHhzcNFlZWfP+CnpclYSdq
k33NkAalgnmH0vHm
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:45:15 2025 by rpki-client