Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/cvm8ygP01lkyE2cMKjdobOos4qg.roa
File: cvm8ygP01lkyE2cMKjdobOos4qg.roa (raw, json)
Hash identifier: yBHFhYtKkTMDrcHuEZV6XcfyBWm2UiVMeJE6vqk2EdY=
Subject key identifier: 72:F9:BC:CA:03:F4:D6:59:32:13:67:0C:2A:37:68:6C:EA:2C:E2:A8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7904
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/cvm8ygP01lkyE2cMKjdobOos4qg.roa
Signing time: Sun 20 Jul 2025 01:12:09 +0000
ROA not before: Sun 20 Jul 2025 01:12:09 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30980 (0x7904)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 20 01:12:09 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=72F9BCCA03F4D6593213670C2A37686CEA2CE2A8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:60:3f:6c:7e:a5:1a:e4:20:0f:b1:71:4a:ab:
6d:94:bf:5c:75:11:7a:6a:6c:dd:f8:ff:91:b7:ed:
8b:07:61:2c:6b:d3:43:0c:85:08:ce:46:18:8f:67:
80:7d:50:c2:ea:2a:a4:33:43:f5:05:97:07:c5:5e:
60:92:62:e7:75:c9:3c:8f:a2:03:93:0d:bd:d9:fa:
4f:61:bf:f2:c0:97:8c:94:a1:5e:3f:42:8d:bb:5d:
79:98:81:83:ff:07:3a:ba:11:d1:54:36:d1:95:e7:
0e:07:71:42:ef:38:a3:e4:9b:54:c4:09:16:32:0f:
04:f9:f9:96:f4:42:19:1d:11:f1:e6:df:a3:95:57:
45:40:70:e1:19:e8:79:8f:ea:3a:49:e6:fc:31:2a:
c9:f0:ff:c5:d4:11:ab:d4:2a:c2:3d:91:4d:41:bd:
5d:fd:40:b9:21:05:21:8d:06:09:ba:ea:3d:5d:5b:
f1:0e:3b:c9:26:6e:3c:ad:68:91:e2:aa:9e:b5:e4:
76:07:2f:e0:3c:f6:97:e9:f6:e6:43:57:d1:5b:f1:
46:f2:31:87:a0:ff:25:86:31:54:8a:78:b6:e3:4c:
46:43:ec:14:a0:75:08:13:b1:c3:17:40:5c:d4:59:
fb:b4:70:69:c1:61:c2:4f:18:9c:2d:70:c1:27:d2:
d4:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:F9:BC:CA:03:F4:D6:59:32:13:67:0C:2A:37:68:6C:EA:2C:E2:A8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/cvm8ygP01lkyE2cMKjdobOos4qg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
4f:42:80:25:2f:dd:ea:f7:de:53:a5:8e:43:28:30:e0:11:62:
a7:4e:09:d0:81:ac:da:0e:63:d3:ec:8a:16:b1:64:3e:04:df:
54:00:e4:0b:de:cd:d5:80:c2:0d:be:4b:eb:68:73:f3:11:50:
00:47:d6:e7:78:d8:87:71:b2:18:d8:d8:25:65:3e:49:10:8e:
34:9f:2b:6e:5e:b5:3f:92:5d:88:ca:17:4b:33:de:aa:37:6f:
6b:42:dd:e0:c7:a9:c5:00:1f:62:92:a7:43:2a:9c:b1:0c:c2:
62:79:d3:9f:5d:27:99:3d:c2:ef:58:18:f7:34:e7:98:5e:a3:
78:5f:ab:21:1d:b1:e8:38:ed:e4:da:98:8b:96:7d:92:1c:c0:
a9:a2:9e:d7:59:fe:e0:57:39:02:5b:1d:1c:bb:80:29:b6:b1:
dc:0d:6e:1b:92:85:00:aa:32:74:b0:9d:b0:d0:7d:31:de:91:
55:b0:9e:e4:1b:f5:5e:ac:e7:cc:5f:85:77:4c:e4:78:e9:fb:
f5:21:7a:79:75:a4:41:de:00:8a:c2:37:d7:5d:ef:16:c3:59:
f8:e7:46:89:bf:b0:0b:c4:7c:fc:0c:a6:72:69:7c:41:29:32:
a3:e9:88:26:ed:12:85:ac:be:ff:be:a9:f2:05:9d:5e:af:73:
e8:8d:2f:e3
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeQQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MjAw
MTEyMDlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDcyRjlCQ0NBMDNGNEQ2
NTkzMjEzNjcwQzJBMzc2ODZDRUEyQ0UyQTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQChYD9sfqUa5CAPsXFKq22Uv1x1EXpqbN34/5G37YsHYSxr00MM
hQjORhiPZ4B9UMLqKqQzQ/UFlwfFXmCSYud1yTyPogOTDb3Z+k9hv/LAl4yUoV4/
Qo27XXmYgYP/Bzq6EdFUNtGV5w4HcULvOKPkm1TECRYyDwT5+Zb0QhkdEfHm36OV
V0VAcOEZ6HmP6jpJ5vwxKsnw/8XUEavUKsI9kU1BvV39QLkhBSGNBgm66j1dW/EO
O8kmbjytaJHiqp615HYHL+A89pfp9uZDV9Fb8UbyMYeg/yWGMVSKeLbjTEZD7BSg
dQgTscMXQFzUWfu0cGnBYcJPGJwtcMEn0tTTAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUcvm8ygP01lkyE2cMKjdobOos4qgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2N2bTh5Z1AwMWxreUUy
Y01LamRvYk9vczRxZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBPQoAl
L93q995TpY5DKDDgEWKnTgnQgazaDmPT7IoWsWQ+BN9UAOQL3s3VgMINvkvraHPz
EVAAR9bneNiHcbIY2NglZT5JEI40nytuXrU/kl2IyhdLM96qN29rQt3gx6nFAB9i
kqdDKpyxDMJiedOfXSeZPcLvWBj3NOeYXqN4X6shHbHoOO3k2piLln2SHMCpop7X
Wf7gVzkCWx0cu4AptrHcDW4bkoUAqjJ0sJ2w0H0x3pFVsJ7kG/VerOfMX4V3TOR4
6fv1IXp5daRB3gCKwjfXXe8Ww1n450aJv7ALxHz8DKZyaXxBKTKj6Ygm7RKFrL7/
vqnyBZ1er3PojS/j
-----END CERTIFICATE-----
Generated at Sun Jul 20 19:04:51 2025 by rpki-client