Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/YKwAx_cesKovde2sCjfV2QiUI0Y.roa
File: YKwAx_cesKovde2sCjfV2QiUI0Y.roa (raw, json)
Hash identifier: Sq8QWOA/9U5hLZV5XMStnFzjVNw7sa1/oLdSAwampn4=
Subject key identifier: 60:AC:00:C7:F7:1E:B0:AA:2F:75:ED:AC:0A:37:D5:D9:08:94:23:46
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6EA2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YKwAx_cesKovde2sCjfV2QiUI0Y.roa
Signing time: Sun 22 Jun 2025 14:14:13 +0000
ROA not before: Sun 22 Jun 2025 14:14:13 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28322 (0x6ea2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 22 14:14:13 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=60AC00C7F71EB0AA2F75EDAC0A37D5D908942346
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:1e:1a:0e:1c:fd:e0:4b:ed:fb:8c:b9:96:8a:
e0:62:43:66:3c:45:c3:81:c8:34:1c:a0:1f:92:ab:
68:c1:4c:31:5e:c2:37:aa:10:cf:3d:2a:e0:e3:70:
92:1e:1a:3d:05:72:7e:b5:49:a9:73:62:42:1f:1e:
68:a1:bb:12:f0:e8:e6:75:03:6d:74:5b:54:23:ce:
c1:80:cf:9b:41:45:69:69:45:6f:e0:6f:ab:cf:bb:
cc:6d:b6:ba:7c:63:df:43:40:42:1f:ba:59:93:68:
96:de:8e:ca:9c:90:86:28:90:46:f8:6a:59:f7:1a:
7c:3e:bc:3c:49:a8:b5:0e:c2:76:f4:a1:67:89:3f:
e1:86:e7:41:45:d3:ad:8f:c0:4f:6e:48:43:cf:90:
64:50:15:ff:fc:9c:35:71:87:d7:b5:20:fe:0e:b6:
0b:c9:17:5a:45:7c:be:8e:3c:94:5c:3a:16:c0:75:
54:60:bf:e4:61:ae:d7:33:4f:a5:97:f3:9b:da:ac:
84:d8:7b:4f:e1:71:af:7a:8d:8c:56:72:89:9f:5b:
d8:d9:d1:40:0d:b6:0b:8d:25:45:f1:0e:c2:1f:ef:
d3:5d:56:05:ef:23:a4:a9:0c:ae:59:3b:b2:96:53:
a6:cc:77:0b:b8:cb:28:3c:ac:ad:c1:7e:a4:2d:8f:
2e:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:AC:00:C7:F7:1E:B0:AA:2F:75:ED:AC:0A:37:D5:D9:08:94:23:46
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YKwAx_cesKovde2sCjfV2QiUI0Y.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
9c:58:8f:93:bd:b9:63:c1:7c:ba:95:b0:6f:61:76:27:11:75:
4e:2d:1b:ae:c4:c5:79:93:23:f0:6e:2d:37:af:9b:b4:a2:7f:
30:cf:5e:7d:c6:43:8d:b4:5a:bd:43:16:76:7a:aa:d7:13:47:
b9:6a:3d:40:16:14:6c:e5:ad:4b:79:bc:ba:37:26:ac:69:ee:
e5:bc:5b:f9:e8:31:4a:2b:f4:6a:3d:ac:e8:d6:f9:a5:ae:12:
b6:6b:8e:a2:51:32:e7:12:7c:cc:64:a3:52:da:ae:3f:0f:dc:
4a:f9:5e:4a:a3:71:6c:15:29:66:83:77:51:6e:06:e1:67:9d:
0c:c8:b4:41:6b:83:f3:d2:66:44:c2:22:f7:53:09:29:a4:25:
0d:21:bc:fd:73:11:f3:bc:d7:66:78:b5:62:87:f5:e6:47:f5:
b3:d3:b7:69:fa:01:0d:8c:69:cf:d4:b2:76:a8:bd:53:da:58:
f2:f0:f3:97:7b:0a:85:d0:53:30:33:28:51:e0:18:6f:1c:44:
64:6a:e9:22:b6:17:63:ec:81:25:32:4b:8e:4c:66:69:21:b0:
98:df:02:75:05:1c:64:df:b4:2c:37:e2:16:51:bb:8c:36:2e:
4e:7b:b0:3d:3d:11:b4:a3:7b:c7:d9:f1:b2:1c:ff:29:fb:ac:
62:52:9b:95
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbqIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjIx
NDE0MTNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDYwQUMwMEM3RjcxRUIw
QUEyRjc1RURBQzBBMzdENUQ5MDg5NDIzNDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDcHhoOHP3gS+37jLmWiuBiQ2Y8RcOByDQcoB+Sq2jBTDFewjeq
EM89KuDjcJIeGj0Fcn61SalzYkIfHmihuxLw6OZ1A210W1QjzsGAz5tBRWlpRW/g
b6vPu8xttrp8Y99DQEIfulmTaJbejsqckIYokEb4aln3Gnw+vDxJqLUOwnb0oWeJ
P+GG50FF062PwE9uSEPPkGRQFf/8nDVxh9e1IP4OtgvJF1pFfL6OPJRcOhbAdVRg
v+RhrtczT6WX85varITYe0/hca96jYxWcomfW9jZ0UANtguNJUXxDsIf79NdVgXv
I6SpDK5ZO7KWU6bMdwu4yyg8rK3BfqQtjy4JAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUYKwAx/cesKovde2sCjfV2QiUI0YwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1lLd0F4X2Nlc0tvdmRl
MnNDamZWMlFpVUkwWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCcWI+T
vbljwXy6lbBvYXYnEXVOLRuuxMV5kyPwbi03r5u0on8wz159xkONtFq9QxZ2eqrX
E0e5aj1AFhRs5a1Leby6Nyasae7lvFv56DFKK/RqPazo1vmlrhK2a46iUTLnEnzM
ZKNS2q4/D9xK+V5Ko3FsFSlmg3dRbgbhZ50MyLRBa4Pz0mZEwiL3UwkppCUNIbz9
cxHzvNdmeLVih/XmR/Wz07dp+gENjGnP1LJ2qL1T2ljy8POXewqF0FMwMyhR4Bhv
HERkaukithdj7IElMkuOTGZpIbCY3wJ1BRxk37QsN+IWUbuMNi5Oe7A9PRG0o3vH
2fGyHP8p+6xiUpuV
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:35:15 2025 by rpki-client