Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/jYnXcdimM97RSeBZQiijicg74X0.roa
File: jYnXcdimM97RSeBZQiijicg74X0.roa (raw, json)
Hash identifier: WuVVnITIYH8a8LYFtKIpMKu71xwH4MnnbAnUQ/Kyyz0=
Subject key identifier: 8D:89:D7:71:D8:A6:33:DE:D1:49:E0:59:42:28:A3:89:C8:3B:E1:7D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7902
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jYnXcdimM97RSeBZQiijicg74X0.roa
Signing time: Sun 20 Jul 2025 00:42:10 +0000
ROA not before: Sun 20 Jul 2025 00:42:10 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30978 (0x7902)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 20 00:42:10 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=8D89D771D8A633DED149E0594228A389C83BE17D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:dd:91:5a:5b:c8:11:da:26:a4:fc:24:57:8c:
a3:cd:79:c6:de:42:d2:56:de:43:fe:47:4c:f1:2d:
11:b5:2a:28:2c:52:ae:4f:7f:36:e3:ca:91:11:fe:
af:3f:4f:ef:88:02:6c:a0:88:50:01:af:b8:31:90:
ca:9c:5b:f9:04:e2:f9:5f:55:55:1b:f3:6a:5d:b5:
aa:16:54:7e:7b:8e:74:89:51:e9:9f:b8:3b:e9:39:
2d:f6:50:d2:fe:37:4c:b6:df:97:8b:17:2c:61:ae:
e0:02:ad:fb:03:25:30:98:42:fb:40:f2:61:e7:c9:
b1:6a:33:fc:06:9e:82:6c:fb:8d:38:e5:57:0d:26:
09:bf:6e:ac:d0:b9:d3:05:8c:a9:8d:3e:43:7b:1d:
de:7f:05:cc:b3:62:4e:1e:a2:90:cd:ee:64:2e:28:
71:59:08:eb:2b:96:48:b2:83:a4:91:c4:5e:d1:86:
15:45:57:4c:4a:83:e1:82:e1:e2:a9:87:63:56:d5:
96:2e:17:26:8e:23:95:63:1c:fa:dc:25:e9:b1:12:
34:c1:d4:17:62:b1:d9:96:2b:18:99:cd:c8:25:2d:
06:29:40:ed:e0:61:85:0e:24:38:91:59:e3:be:88:
10:a2:b9:c5:97:17:53:b7:32:46:b9:f9:41:33:13:
4b:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:89:D7:71:D8:A6:33:DE:D1:49:E0:59:42:28:A3:89:C8:3B:E1:7D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/jYnXcdimM97RSeBZQiijicg74X0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
6e:0c:a2:23:4f:2c:8a:61:bf:ee:9f:88:db:7a:78:8c:19:b1:
12:2c:74:13:32:b7:de:c4:8f:af:c8:2f:88:14:c7:31:31:30:
55:d1:7b:67:8f:ea:f4:8b:a0:75:3d:08:58:2f:dd:e4:25:10:
bf:9c:c2:00:a6:83:48:82:5d:45:b5:3d:ef:c2:31:62:98:d6:
28:49:e4:c0:9f:8e:cc:45:de:8c:8f:57:48:c9:61:e4:01:52:
f1:64:ec:d6:c7:96:15:15:90:3a:14:81:dc:b3:86:e3:f5:48:
b9:13:11:28:17:81:a8:5a:b6:97:ad:58:c8:d4:77:f5:4a:b0:
92:90:61:10:f7:08:a0:f4:45:48:f2:57:7f:03:1c:0b:e2:69:
fe:bb:0e:74:de:8a:29:6c:9f:3e:25:43:ef:80:49:72:10:93:
6a:85:73:1e:54:4f:b6:fc:ae:6c:a7:df:35:3b:6c:b5:55:f4:
cb:17:13:f5:4b:28:7a:6c:b0:52:d2:b1:5d:fa:1e:ba:bc:23:
bb:67:f1:b2:ab:2a:16:7b:d8:29:b5:fe:71:cb:7a:03:41:7d:
8f:5f:9f:41:8b:0a:90:ef:b4:25:70:0e:09:74:47:ae:d9:b7:
e9:08:26:f7:34:a1:93:30:c5:66:81:7e:8f:c4:2f:ed:74:e9:
47:ee:81:3b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeQIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MjAw
MDQyMTBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDhEODlENzcxRDhBNjMz
REVEMTQ5RTA1OTQyMjhBMzg5QzgzQkUxN0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDl3ZFaW8gR2iak/CRXjKPNecbeQtJW3kP+R0zxLRG1KigsUq5P
fzbjypER/q8/T++IAmygiFABr7gxkMqcW/kE4vlfVVUb82pdtaoWVH57jnSJUemf
uDvpOS32UNL+N0y235eLFyxhruACrfsDJTCYQvtA8mHnybFqM/wGnoJs+4045VcN
Jgm/bqzQudMFjKmNPkN7Hd5/BcyzYk4eopDN7mQuKHFZCOsrlkiyg6SRxF7RhhVF
V0xKg+GC4eKph2NW1ZYuFyaOI5VjHPrcJemxEjTB1BdisdmWKxiZzcglLQYpQO3g
YYUOJDiRWeO+iBCiucWXF1O3Mka5+UEzE0u1AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUjYnXcdimM97RSeBZQiijicg74X0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2pZblhjZGltTTk3UlNl
QlpRaWlqaWNnNzRYMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBuDKIj
TyyKYb/un4jbeniMGbESLHQTMrfexI+vyC+IFMcxMTBV0Xtnj+r0i6B1PQhYL93k
JRC/nMIApoNIgl1FtT3vwjFimNYoSeTAn47MRd6Mj1dIyWHkAVLxZOzWx5YVFZA6
FIHcs4bj9Ui5ExEoF4GoWraXrVjI1Hf1SrCSkGEQ9wig9EVI8ld/AxwL4mn+uw50
3oopbJ8+JUPvgElyEJNqhXMeVE+2/K5sp981O2y1VfTLFxP1Syh6bLBS0rFd+h66
vCO7Z/GyqyoWe9gptf5xy3oDQX2PX59BiwqQ77QlcA4JdEeu2bfpCCb3NKGTMMVm
gX6PxC/tdOlH7oE7
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:39:18 2025 by rpki-client