Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/YU5YXO0APqbVH00IJkQi6BOYSj0.roa
File: YU5YXO0APqbVH00IJkQi6BOYSj0.roa (raw, json)
Hash identifier: X53SLhKeEnOp+JNB6hTKZby1N1U11sgeSwlgPC4LoDI=
Subject key identifier: 61:4E:58:5C:ED:00:3E:A6:D5:1F:4D:08:26:44:22:E8:13:98:4A:3D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6BDA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YU5YXO0APqbVH00IJkQi6BOYSj0.roa
Signing time: Sat 14 Jun 2025 16:42:19 +0000
ROA not before: Sat 14 Jun 2025 16:42:19 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27610 (0x6bda)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 14 16:42:19 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=614E585CED003EA6D51F4D08264422E813984A3D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:d3:73:47:38:ab:59:5c:b3:fc:c0:58:e0:d5:
51:a7:76:c9:63:24:2b:fd:86:a1:be:1e:18:9b:96:
12:d7:ac:c6:e9:33:08:50:54:12:ad:b5:9b:09:c2:
c8:f3:07:39:34:0f:04:5b:48:21:a8:38:67:ee:20:
d0:4b:39:91:09:91:9f:d1:3e:d9:09:54:97:3a:ad:
cc:1f:16:4a:77:9b:31:18:f0:05:6f:e0:4f:07:ea:
62:33:41:89:57:2b:26:2a:ec:3c:7e:f0:d0:52:f4:
b5:6d:f5:f1:20:4e:2b:b1:31:c4:de:07:22:9b:89:
55:26:f0:17:92:8c:3c:5d:e3:3f:11:d6:5d:52:40:
7c:ee:62:88:ed:27:bf:34:ee:40:e5:c6:d6:aa:07:
a5:1f:7b:9b:48:ec:b4:c7:d5:97:90:89:ed:94:25:
a9:af:6b:e1:bb:ae:94:81:96:06:2c:2f:91:f5:32:
af:f8:e5:50:69:2b:22:08:6a:59:3d:89:7c:45:af:
b1:4c:9a:f1:d0:76:af:19:bb:6d:0d:b6:97:3a:00:
3f:dc:7e:89:28:bb:4f:d7:1a:ac:1d:99:40:70:99:
82:56:b5:87:ba:8c:17:a2:25:3a:14:28:0d:b0:7b:
76:da:9b:9a:fb:95:0b:01:db:d8:ed:ec:e2:87:2f:
0a:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:4E:58:5C:ED:00:3E:A6:D5:1F:4D:08:26:44:22:E8:13:98:4A:3D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YU5YXO0APqbVH00IJkQi6BOYSj0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
07:1a:71:51:3d:2f:c3:16:62:8c:21:17:1c:c1:9d:28:7e:76:
04:6a:db:0d:f9:04:a8:ec:9e:3c:d5:61:c9:df:4c:6e:d0:9b:
9e:6c:df:ac:20:7e:da:66:0e:69:04:12:8b:89:2b:20:1d:0b:
8b:a6:04:16:73:72:b2:28:ab:2d:d8:7f:8e:17:c8:22:ee:6c:
44:c4:23:27:4a:16:b4:5c:65:fb:49:dd:f6:f1:c0:56:b9:62:
3f:6b:6b:eb:25:05:b3:60:a9:a9:c6:4a:59:16:84:1f:15:c3:
e3:41:e5:04:8b:38:9e:ab:7c:28:bd:9c:72:35:f6:9c:52:41:
4b:db:1f:f4:8b:34:e5:41:d8:ca:49:cd:fe:5a:09:08:25:53:
e1:50:be:86:32:fd:98:b5:1b:a8:de:45:34:05:09:9d:c3:74:
f6:38:78:8d:a1:5e:06:b5:00:a3:f2:12:40:05:f3:af:cd:dd:
78:1c:4a:c3:c8:b3:ae:45:d7:7b:cb:9c:e2:29:20:85:d1:63:
c6:f3:f3:3d:4d:d8:24:43:5b:b3:50:f4:27:5c:d2:2a:c5:bf:
b9:a8:da:a7:c6:33:0f:3b:6f:26:de:40:bb:80:83:06:11:b8:
17:a2:ab:1a:9a:d0:b1:da:29:3a:63:35:15:50:89:8b:c5:97:
ec:a9:dc:19
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICa9owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTQx
NjQyMTlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDYxNEU1ODVDRUQwMDNF
QTZENTFGNEQwODI2NDQyMkU4MTM5ODRBM0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCq03NHOKtZXLP8wFjg1VGndsljJCv9hqG+HhiblhLXrMbpMwhQ
VBKttZsJwsjzBzk0DwRbSCGoOGfuINBLOZEJkZ/RPtkJVJc6rcwfFkp3mzEY8AVv
4E8H6mIzQYlXKyYq7Dx+8NBS9LVt9fEgTiuxMcTeByKbiVUm8BeSjDxd4z8R1l1S
QHzuYojtJ7807kDlxtaqB6Ufe5tI7LTH1ZeQie2UJamva+G7rpSBlgYsL5H1Mq/4
5VBpKyIIalk9iXxFr7FMmvHQdq8Zu20Ntpc6AD/cfokou0/XGqwdmUBwmYJWtYe6
jBeiJToUKA2we3bam5r7lQsB29jt7OKHLwqxAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUYU5YXO0APqbVH00IJkQi6BOYSj0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1lVNVlYTzBBUHFiVkgw
MElKa1FpNkJPWVNqMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAHGnFR
PS/DFmKMIRccwZ0ofnYEatsN+QSo7J481WHJ30xu0JuebN+sIH7aZg5pBBKLiSsg
HQuLpgQWc3KyKKst2H+OF8gi7mxExCMnSha0XGX7Sd328cBWuWI/a2vrJQWzYKmp
xkpZFoQfFcPjQeUEizieq3wovZxyNfacUkFL2x/0izTlQdjKSc3+WgkIJVPhUL6G
Mv2YtRuo3kU0BQmdw3T2OHiNoV4GtQCj8hJABfOvzd14HErDyLOuRdd7y5ziKSCF
0WPG8/M9TdgkQ1uzUPQnXNIqxb+5qNqnxjMPO28m3kC7gIMGEbgXoqsamtCx2ik6
YzUVUImLxZfsqdwZ
-----END CERTIFICATE-----
Generated at Sun Jul 20 16:51:47 2025 by rpki-client