Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/aylUxD3y5mEE2ZnleDImM6k-gy0.roa
File: aylUxD3y5mEE2ZnleDImM6k-gy0.roa (raw, json)
Hash identifier: 627YM7Dvc22w0UVEkLGLvTioaqrUOChTe3f7P5/a1fI=
Subject key identifier: 6B:29:54:C4:3D:F2:E6:61:04:D9:99:E5:78:32:26:33:A9:3E:83:2D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6EE0
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/aylUxD3y5mEE2ZnleDImM6k-gy0.roa
Signing time: Mon 23 Jun 2025 05:44:26 +0000
ROA not before: Mon 23 Jun 2025 05:44:26 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28384 (0x6ee0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 23 05:44:26 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=6B2954C43DF2E66104D999E578322633A93E832D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:a0:7f:12:93:bb:2b:15:dd:b8:65:91:1e:c6:
ad:40:68:ca:e0:cb:25:43:00:d9:4a:95:f8:81:ba:
66:88:66:3e:9e:3a:d1:1f:d3:2f:98:b6:0e:8a:af:
75:8d:ce:c1:39:8b:ee:5c:24:b4:4f:7b:a8:4f:13:
f3:a0:36:e6:61:1d:d3:46:50:2a:b3:2b:9d:8e:bd:
44:d1:c6:f9:cc:51:4c:21:c6:8b:aa:46:2c:69:04:
97:a1:21:c1:e5:a5:dc:2e:3a:ad:2d:1f:dc:c7:18:
b5:55:64:06:f1:5e:75:05:83:4f:af:73:69:a3:25:
61:0c:60:66:8e:19:88:b1:ba:25:d1:aa:ca:da:42:
0b:67:aa:0a:e7:0f:0c:c1:db:e4:a5:cf:4c:ad:d0:
05:89:07:bd:d8:b3:87:ef:05:80:3a:ca:25:d3:79:
4e:11:7e:6a:35:94:0f:e7:46:38:44:85:4d:17:6d:
78:fa:f4:1c:f5:bf:54:67:58:05:d4:c9:ba:8c:52:
65:50:eb:70:23:9a:88:ba:8e:e9:39:35:45:28:83:
73:2a:61:f8:1a:b6:50:09:35:0e:cd:f7:f3:8d:ba:
80:00:f2:58:3d:c4:de:9c:22:21:cb:3f:9e:e3:32:
08:51:17:fa:bd:45:1f:78:06:f6:5d:8c:77:35:bc:
07:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:29:54:C4:3D:F2:E6:61:04:D9:99:E5:78:32:26:33:A9:3E:83:2D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/aylUxD3y5mEE2ZnleDImM6k-gy0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
13:39:72:a5:07:2a:b6:79:5c:08:6b:97:75:da:d9:dd:37:09:
ac:74:d1:08:23:c0:66:47:a2:3a:fc:f0:51:2d:a4:b3:01:28:
b4:59:f7:ac:84:29:c9:d6:e6:b6:38:6a:83:61:49:7d:88:18:
14:9b:41:1b:49:91:97:f4:da:1e:92:f4:dd:be:32:13:3f:c8:
dd:25:68:5c:a6:34:1c:1d:d6:53:ea:69:15:7c:57:49:8a:7b:
a5:08:3e:cd:30:67:f7:c5:7c:fe:01:cc:38:8f:44:df:59:59:
b8:d6:d0:40:69:fa:a0:aa:e3:8f:5a:bf:ee:50:7e:36:32:7b:
cb:b9:f1:a4:15:30:db:9a:4a:e1:77:d1:4f:0b:dd:e3:ba:84:
e1:37:6e:d0:28:4b:1d:22:d0:99:f4:5a:79:70:e8:f8:90:71:
d7:99:d8:9d:1b:51:3b:eb:64:a4:46:ae:5a:b2:8c:a7:5e:55:
a8:fb:93:9a:2e:aa:b8:80:e5:c4:96:28:1b:91:5f:bf:74:82:
11:63:4c:87:e2:d6:b6:1d:e4:99:fd:35:48:d6:5c:bb:4b:c1:
51:79:89:2f:19:ac:ad:ea:a7:2c:21:42:4e:5d:92:f0:2b:6f:
40:43:c5:fd:33:da:e5:4e:9c:b4:08:8a:46:9b:c6:43:4a:fb:
98:be:67:0e
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbuAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjMw
NTQ0MjZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDZCMjk1NEM0M0RGMkU2
NjEwNEQ5OTlFNTc4MzIyNjMzQTkzRTgzMkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCyoH8Sk7srFd24ZZEexq1AaMrgyyVDANlKlfiBumaIZj6eOtEf
0y+Ytg6Kr3WNzsE5i+5cJLRPe6hPE/OgNuZhHdNGUCqzK52OvUTRxvnMUUwhxouq
RixpBJehIcHlpdwuOq0tH9zHGLVVZAbxXnUFg0+vc2mjJWEMYGaOGYixuiXRqsra
QgtnqgrnDwzB2+Slz0yt0AWJB73Ys4fvBYA6yiXTeU4Rfmo1lA/nRjhEhU0XbXj6
9Bz1v1RnWAXUybqMUmVQ63Ajmoi6juk5NUUog3MqYfgatlAJNQ7N9/ONuoAA8lg9
xN6cIiHLP57jMghRF/q9RR94BvZdjHc1vAfxAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUaylUxD3y5mEE2ZnleDImM6k+gy0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2F5bFV4RDN5NW1FRTJa
bmxlREltTTZrLWd5MC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQATOXKl
Byq2eVwIa5d12tndNwmsdNEII8BmR6I6/PBRLaSzASi0WfeshCnJ1ua2OGqDYUl9
iBgUm0EbSZGX9NoekvTdvjITP8jdJWhcpjQcHdZT6mkVfFdJinulCD7NMGf3xXz+
Acw4j0TfWVm41tBAafqgquOPWr/uUH42MnvLufGkFTDbmkrhd9FPC93juoThN27Q
KEsdItCZ9Fp5cOj4kHHXmdidG1E762SkRq5asoynXlWo+5OaLqq4gOXEligbkV+/
dIIRY0yH4ta2HeSZ/TVI1ly7S8FReYkvGayt6qcsIUJOXZLwK29AQ8X9M9rlTpy0
CIpGm8ZDSvuYvmcO
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:44:14 2025 by rpki-client