Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ayC-UbaaKUpXKC8p4u-h74NwjtQ.roa
File: ayC-UbaaKUpXKC8p4u-h74NwjtQ.roa (raw, json)
Hash identifier: Duo6M5g5Iw/f28AB3WkqEBTNnExqA2JuNPfwR0ZwboA=
Subject key identifier: 6B:20:BE:51:B6:9A:29:4A:57:28:2F:29:E2:EF:A1:EF:83:70:8E:D4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7494
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ayC-UbaaKUpXKC8p4u-h74NwjtQ.roa
Signing time: Tue 08 Jul 2025 04:45:04 +0000
ROA not before: Tue 08 Jul 2025 04:45:04 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29844 (0x7494)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 8 04:45:04 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=6B20BE51B69A294A57282F29E2EFA1EF83708ED4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:66:76:bc:87:1b:ec:37:48:7e:8b:b4:7c:e7:
6a:11:1e:3f:56:83:c0:19:13:d7:ac:bd:7a:22:63:
d5:5d:7a:fd:9d:c7:00:35:3b:97:8e:d2:99:49:ca:
46:cb:ec:42:e4:b8:dc:fb:b2:d6:31:f1:1d:ff:30:
0a:c3:88:35:c3:2e:23:d4:67:08:dc:8d:88:1b:ce:
c4:06:27:a3:39:0e:6a:77:60:db:ed:57:19:94:23:
1a:5c:4b:36:09:d7:e7:5e:53:51:1f:4b:68:8d:8c:
3c:a9:8d:ed:54:49:45:b2:93:99:09:3e:46:87:a5:
89:4a:25:90:c7:d9:3a:35:99:44:a0:a2:77:16:57:
fe:91:9a:36:24:48:d0:f9:dc:f7:fa:c5:be:13:c8:
34:62:f5:01:f7:11:c2:ae:fb:88:5d:e1:59:08:b0:
a1:6d:32:85:8a:7f:39:90:37:57:3a:e3:16:80:e3:
99:79:6b:94:05:86:d6:84:a1:4c:14:d1:70:5d:8d:
7c:8b:85:d3:fc:79:d1:64:3d:21:bb:4c:3a:2f:fc:
2f:25:f1:e6:cc:06:60:26:9b:7f:29:dc:03:7c:cb:
13:1f:be:94:09:ba:cf:c5:ba:03:95:9e:cf:0c:63:
8c:ac:82:b5:6e:13:af:e8:4b:e4:95:c2:e9:98:ea:
0a:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:20:BE:51:B6:9A:29:4A:57:28:2F:29:E2:EF:A1:EF:83:70:8E:D4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ayC-UbaaKUpXKC8p4u-h74NwjtQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
36:8e:16:ec:e4:cf:34:f8:10:5f:17:8c:b4:7e:b5:f9:98:f3:
d7:b9:e2:d0:a1:c8:60:06:9d:ad:71:b3:f2:18:03:aa:71:6d:
3c:7f:bc:bf:cb:9d:cd:fd:9c:80:cf:1f:70:8a:46:a4:80:55:
47:c9:d8:d7:88:25:8f:6d:bf:d8:e3:01:9c:3c:dd:53:8f:c3:
5b:7e:0e:f5:8f:a2:6e:5e:c5:03:0d:dc:84:89:ed:d7:8c:5b:
95:e7:9b:ab:03:87:ae:d5:4f:08:98:f2:10:62:73:a6:98:48:
e0:78:6b:ad:b0:46:36:51:c3:14:e2:f3:70:c6:0d:25:09:4d:
4d:0c:05:76:f5:ec:23:b2:31:bd:c3:6b:0c:47:83:02:0c:42:
4b:75:8b:d1:f8:07:f5:2d:bb:6e:db:19:2b:17:44:c4:f0:d3:
23:40:44:3e:3e:4d:98:02:a8:58:88:e7:b3:21:9c:68:31:e9:
91:00:93:32:c7:92:49:0e:9c:71:9c:87:97:5e:0a:46:0f:ce:
72:8d:09:b0:9f:bf:a0:42:0c:47:23:22:c3:40:fc:5d:4f:0e:
d8:d4:2d:f1:9d:88:f6:27:24:93:cc:26:84:09:4a:8f:fb:1d:
33:10:e1:f7:b8:47:0d:53:84:d9:a4:59:af:fb:66:ca:bd:b7:
0a:c4:dd:78
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdJQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDgw
NDQ1MDRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDZCMjBCRTUxQjY5QTI5
NEE1NzI4MkYyOUUyRUZBMUVGODM3MDhFRDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDqZna8hxvsN0h+i7R852oRHj9Wg8AZE9esvXoiY9Vdev2dxwA1
O5eO0plJykbL7ELkuNz7stYx8R3/MArDiDXDLiPUZwjcjYgbzsQGJ6M5Dmp3YNvt
VxmUIxpcSzYJ1+deU1EfS2iNjDypje1USUWyk5kJPkaHpYlKJZDH2To1mUSgoncW
V/6RmjYkSND53Pf6xb4TyDRi9QH3EcKu+4hd4VkIsKFtMoWKfzmQN1c64xaA45l5
a5QFhtaEoUwU0XBdjXyLhdP8edFkPSG7TDov/C8l8ebMBmAmm38p3AN8yxMfvpQJ
us/FugOVns8MY4ysgrVuE6/oS+SVwumY6grtAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUayC+UbaaKUpXKC8p4u+h74NwjtQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2F5Qy1VYmFhS1VwWEtD
OHA0dS1oNzROd2p0US5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA2jhbs
5M80+BBfF4y0frX5mPPXueLQochgBp2tcbPyGAOqcW08f7y/y53N/ZyAzx9wikak
gFVHydjXiCWPbb/Y4wGcPN1Tj8Nbfg71j6JuXsUDDdyEie3XjFuV55urA4eu1U8I
mPIQYnOmmEjgeGutsEY2UcMU4vNwxg0lCU1NDAV29ewjsjG9w2sMR4MCDEJLdYvR
+Af1Lbtu2xkrF0TE8NMjQEQ+Pk2YAqhYiOezIZxoMemRAJMyx5JJDpxxnIeXXgpG
D85yjQmwn7+gQgxHIyLDQPxdTw7Y1C3xnYj2JySTzCaECUqP+x0zEOH3uEcNU4TZ
pFmv+2bKvbcKxN14
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:37:10 2025 by rpki-client