Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/gYbkv21nRCFgIFcPM3ete_6jZxM.roa
File: gYbkv21nRCFgIFcPM3ete_6jZxM.roa (raw, json)
Hash identifier: 2OqjQhy8sTvq3x+Z0W1N6R04MYoZCJAetpdlwpairtE=
Subject key identifier: 81:86:E4:BF:6D:67:44:21:60:20:57:0F:33:77:AD:7B:FE:A3:67:13
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7624
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/gYbkv21nRCFgIFcPM3ete_6jZxM.roa
Signing time: Sat 12 Jul 2025 09:11:45 +0000
ROA not before: Sat 12 Jul 2025 09:11:45 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30244 (0x7624)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 12 09:11:45 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=8186E4BF6D6744216020570F3377AD7BFEA36713
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:14:7f:a2:29:f4:a0:99:52:cb:81:97:3b:db:
76:eb:f3:c2:61:0d:5c:67:53:22:48:6e:f8:35:af:
ae:b9:dd:e6:65:70:69:cd:fe:3c:73:3d:0a:a6:c4:
26:4b:91:84:97:90:15:25:d5:09:b9:56:b5:2a:70:
1b:cc:d1:86:56:d6:16:aa:10:1a:9c:53:a0:6b:f7:
0f:ca:c1:c0:08:11:11:c5:8f:c6:07:56:22:7b:0e:
90:dd:e8:f3:4d:b8:e3:d6:bc:19:28:60:74:f7:c4:
16:f5:89:5f:0e:4a:21:cc:13:b2:53:aa:da:38:b2:
fa:0a:9a:d0:d0:29:b7:01:74:4f:5e:57:ce:99:23:
9b:c5:41:dc:2e:fc:63:71:b6:71:f2:6b:27:4e:1a:
ed:00:54:f2:e5:ce:14:ff:c7:b0:8a:74:1f:db:64:
e7:81:9d:bd:80:3f:fc:34:09:05:99:f1:e4:15:40:
e7:1c:d2:d4:4b:bf:d7:5a:19:7f:30:14:24:76:a2:
0f:db:be:be:3b:32:e7:ee:13:06:38:94:08:01:4d:
e9:67:63:16:79:25:61:8d:b1:89:52:a8:c6:ca:d5:
d3:e9:77:d9:e9:de:e3:bf:48:74:ae:af:49:ad:ad:
33:a6:1e:5c:6d:54:a2:e0:b6:a6:26:5c:e4:fa:5c:
d5:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
81:86:E4:BF:6D:67:44:21:60:20:57:0F:33:77:AD:7B:FE:A3:67:13
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/gYbkv21nRCFgIFcPM3ete_6jZxM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
73:e2:77:c1:cd:fa:c2:52:97:c4:b5:d4:ed:42:c7:e2:75:6b:
c5:84:73:f4:1e:57:a6:a2:51:3f:22:61:6d:e1:cb:ca:21:d6:
51:60:9b:0c:44:71:66:05:6a:f5:a5:8c:34:39:d9:5a:88:96:
1d:18:b3:f5:13:82:58:bd:36:c8:14:0a:e1:9b:85:66:32:38:
eb:47:20:b7:72:f8:6b:7b:59:b6:2c:11:1c:bf:52:70:47:ef:
45:e3:ea:c9:25:49:b0:7b:8d:bc:ca:ed:6f:1d:59:37:ac:d6:
da:97:10:e6:24:bd:99:80:b4:47:e9:c8:f0:40:5c:c9:6e:ee:
c4:f6:a9:33:46:75:38:2f:d0:ce:92:27:50:78:9c:86:34:f8:
dc:02:6e:b9:c7:9f:15:4f:78:96:d3:7d:d5:91:c6:6c:2f:5a:
94:72:0f:71:71:47:5c:aa:68:93:26:b1:26:a7:28:45:26:3f:
28:1e:0f:a5:f3:7e:28:1a:84:8a:f7:bc:74:1f:78:d1:47:70:
ca:67:6e:45:f2:21:d2:00:67:b6:8e:e9:3a:27:33:e5:77:2d:
85:45:ef:ca:0f:5b:28:d3:ba:be:20:63:80:96:e6:71:4b:28:
5d:73:55:15:ac:53:64:90:26:09:1f:6d:47:f9:c2:5f:df:52:
61:56:67:85
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdiQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTIw
OTExNDVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDgxODZFNEJGNkQ2NzQ0
MjE2MDIwNTcwRjMzNzdBRDdCRkVBMzY3MTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDtFH+iKfSgmVLLgZc723br88JhDVxnUyJIbvg1r6653eZlcGnN
/jxzPQqmxCZLkYSXkBUl1Qm5VrUqcBvM0YZW1haqEBqcU6Br9w/KwcAIERHFj8YH
ViJ7DpDd6PNNuOPWvBkoYHT3xBb1iV8OSiHME7JTqto4svoKmtDQKbcBdE9eV86Z
I5vFQdwu/GNxtnHyaydOGu0AVPLlzhT/x7CKdB/bZOeBnb2AP/w0CQWZ8eQVQOcc
0tRLv9daGX8wFCR2og/bvr47MufuEwY4lAgBTelnYxZ5JWGNsYlSqMbK1dPpd9np
3uO/SHSur0mtrTOmHlxtVKLgtqYmXOT6XNUjAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUgYbkv21nRCFgIFcPM3ete/6jZxMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2dZYmt2MjFuUkNGZ0lG
Y1BNM2V0ZV82alp4TS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBz4nfB
zfrCUpfEtdTtQsfidWvFhHP0HlemolE/ImFt4cvKIdZRYJsMRHFmBWr1pYw0Odla
iJYdGLP1E4JYvTbIFArhm4VmMjjrRyC3cvhre1m2LBEcv1JwR+9F4+rJJUmwe428
yu1vHVk3rNbalxDmJL2ZgLRH6cjwQFzJbu7E9qkzRnU4L9DOkidQeJyGNPjcAm65
x58VT3iW033VkcZsL1qUcg9xcUdcqmiTJrEmpyhFJj8oHg+l834oGoSK97x0H3jR
R3DKZ25F8iHSAGe2juk6JzPldy2FRe/KD1so07q+IGOAluZxSyhdc1UVrFNkkCYJ
H21H+cJf31JhVmeF
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:43:14 2025 by rpki-client