Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/_y3Bqfo2vP21FfPgIWmSVT0ymJw.roa
File: _y3Bqfo2vP21FfPgIWmSVT0ymJw.roa (raw, json)
Hash identifier: bfPwLmXqyZ65DWksjBDNC6wG0UZrgUnBqx6HqyIEUVU=
Subject key identifier: FF:2D:C1:A9:FA:36:BC:FD:B5:15:F3:E0:21:69:92:55:3D:32:98:9C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 62C4
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_y3Bqfo2vP21FfPgIWmSVT0ymJw.roa
Signing time: Wed 21 May 2025 11:10:45 +0000
ROA not before: Wed 21 May 2025 11:10:45 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25284 (0x62c4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 21 11:10:45 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=FF2DC1A9FA36BCFDB515F3E0216992553D32989C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:4e:a7:e8:18:e7:e0:c3:85:11:d1:98:8f:7a:
45:0e:34:73:d5:c1:8b:51:21:a2:85:12:5c:dd:46:
78:46:5c:de:26:6c:1a:67:47:e1:8f:96:1c:99:ef:
2e:84:a8:5a:f5:39:4d:d5:91:6c:c4:7d:0b:28:34:
28:ff:49:03:ad:c0:b4:40:8d:e9:b1:b7:a4:b5:6f:
f1:2d:9d:e4:16:49:c1:61:04:af:22:99:c1:2f:b0:
e3:41:91:2c:86:9b:86:e2:b6:08:b2:98:c3:02:37:
f0:b7:b1:59:89:eb:aa:88:41:46:ff:7c:e1:97:17:
3e:4b:61:2d:af:ef:84:b5:7f:c2:3e:3f:4c:5c:33:
66:18:2d:74:b5:99:68:20:b2:52:4b:08:4c:a7:d1:
85:d3:76:15:4d:d1:23:b7:f8:d2:d5:30:85:27:88:
eb:34:c4:d9:74:92:55:e7:1b:1f:2c:64:13:d6:36:
0e:4a:3d:17:01:0f:73:ea:6d:56:53:11:1e:71:24:
01:67:1b:8e:6e:3c:7c:01:e0:7a:0c:99:0d:dc:03:
07:13:91:23:3d:8b:30:ea:f8:11:ad:9f:5a:5b:74:
0b:ca:50:96:2f:7a:bf:71:20:95:c6:ed:85:d1:f1:
b1:3d:9c:96:9b:c1:dc:c2:34:31:5f:a7:f1:e7:06:
85:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:2D:C1:A9:FA:36:BC:FD:B5:15:F3:E0:21:69:92:55:3D:32:98:9C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_y3Bqfo2vP21FfPgIWmSVT0ymJw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
11:3b:8d:a0:28:ef:a0:91:90:d6:c7:bf:52:87:ca:a7:e4:e3:
b4:d5:80:5b:2f:a0:72:d7:be:1d:25:e5:02:fe:3a:37:3b:2b:
7e:af:3c:39:04:77:92:95:ed:70:9a:29:8e:4d:be:ab:d8:91:
07:e5:9a:89:8f:5b:e6:e0:67:7d:5a:fb:48:48:36:b8:1d:69:
8f:57:1e:6e:81:86:4c:23:8c:69:8e:75:0d:9c:1b:ee:40:85:
a8:99:fa:f2:6d:b5:e7:50:f2:27:17:28:4e:34:85:a7:65:c3:
4a:fa:3a:36:1a:7a:88:d7:73:26:33:8a:da:33:62:97:71:a4:
78:8c:ae:c6:5b:5a:a3:af:ea:1f:68:81:94:f1:e8:7c:48:e3:
b4:f0:92:7d:0a:3e:ae:4b:0d:a2:c9:f4:c7:00:9a:bf:74:3c:
64:5e:fc:6d:a0:41:4a:6d:c6:32:d0:60:99:30:ab:67:5e:ee:
de:a7:0d:de:0d:1f:c9:67:f3:ae:bf:4d:d4:b8:1c:62:e7:68:
6f:e0:35:d1:bb:a9:15:c2:46:7b:6d:c0:d2:a1:0f:60:c2:55:
08:64:c5:a6:90:49:5f:1a:71:ae:55:7f:68:e1:c1:5b:19:3b:
95:8c:4d:82:54:f6:fd:db:f2:22:dc:15:ea:a3:f5:e7:51:9b:
be:43:d5:67
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYsQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjEx
MTEwNDVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEZGMkRDMUE5RkEzNkJD
RkRCNTE1RjNFMDIxNjk5MjU1M0QzMjk4OUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC0TqfoGOfgw4UR0ZiPekUONHPVwYtRIaKFElzdRnhGXN4mbBpn
R+GPlhyZ7y6EqFr1OU3VkWzEfQsoNCj/SQOtwLRAjemxt6S1b/EtneQWScFhBK8i
mcEvsONBkSyGm4bitgiymMMCN/C3sVmJ66qIQUb/fOGXFz5LYS2v74S1f8I+P0xc
M2YYLXS1mWggslJLCEyn0YXTdhVN0SO3+NLVMIUniOs0xNl0klXnGx8sZBPWNg5K
PRcBD3PqbVZTER5xJAFnG45uPHwB4HoMmQ3cAwcTkSM9izDq+BGtn1pbdAvKUJYv
er9xIJXG7YXR8bE9nJabwdzCNDFfp/HnBoUHAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU/y3Bqfo2vP21FfPgIWmSVT0ymJwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L195M0JxZm8ydlAyMUZm
UGdJV21TVlQweW1Kdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQARO42g
KO+gkZDWx79Sh8qn5OO01YBbL6By174dJeUC/jo3Oyt+rzw5BHeSle1wmimOTb6r
2JEH5ZqJj1vm4Gd9WvtISDa4HWmPVx5ugYZMI4xpjnUNnBvuQIWomfrybbXnUPIn
FyhONIWnZcNK+jo2GnqI13MmM4raM2KXcaR4jK7GW1qjr+ofaIGU8eh8SOO08JJ9
Cj6uSw2iyfTHAJq/dDxkXvxtoEFKbcYy0GCZMKtnXu7epw3eDR/JZ/Ouv03UuBxi
52hv4DXRu6kVwkZ7bcDSoQ9gwlUIZMWmkElfGnGuVX9o4cFbGTuVjE2CVPb92/Ii
3BXqo/XnUZu+Q9Vn
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:11:56 2025 by rpki-client