Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/rYFt_GV3YVzjrImkJFKJQr0RS0U.roa
File: rYFt_GV3YVzjrImkJFKJQr0RS0U.roa (raw, json)
Hash identifier: R06Cg/ocF/L/fzn3ybIZu4tto6WPpPgIh4a968s+z0I=
Subject key identifier: AD:81:6D:FC:65:77:61:5C:E3:AC:89:A4:24:52:89:42:BD:11:4B:45
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 72F8
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rYFt_GV3YVzjrImkJFKJQr0RS0U.roa
Signing time: Thu 03 Jul 2025 21:44:56 +0000
ROA not before: Thu 03 Jul 2025 21:44:56 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29432 (0x72f8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 3 21:44:56 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=AD816DFC6577615CE3AC89A424528942BD114B45
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:54:bc:37:ac:7a:af:3f:a2:3a:ba:20:b7:0e:
fa:4a:24:74:d5:96:4c:54:1b:91:64:46:5d:f0:9c:
24:c7:23:4a:46:fa:01:13:0a:33:f5:d6:04:23:94:
e8:00:1f:e7:d6:bf:92:79:1c:69:b4:42:36:99:7f:
41:28:68:49:55:55:88:07:df:8d:a9:bc:be:47:bb:
34:5c:b9:ae:7e:61:6a:69:03:97:da:4d:c6:fc:0b:
2f:a0:60:39:e1:80:9b:78:76:ae:cd:03:f5:54:ad:
40:3f:8f:45:ee:6d:ce:8d:57:32:ec:45:70:ea:0c:
1b:40:0f:2a:04:42:10:f9:f3:36:f4:94:31:e9:30:
c1:ab:de:b9:74:22:3c:0d:76:6d:57:49:9b:42:43:
e1:1a:27:74:f0:71:92:c3:b7:c9:5c:4e:5b:1b:22:
85:6e:30:0e:0d:de:67:2f:bc:2c:16:fe:42:76:bf:
46:d8:3a:27:56:aa:50:98:99:ec:fa:73:05:c6:92:
1e:f1:dc:fe:77:ac:46:d0:b4:9c:f9:00:91:d4:97:
e8:f6:e6:3b:31:0c:a2:7f:09:26:ad:5d:cd:cc:1d:
ae:1e:00:7d:67:d0:60:57:be:d0:8c:49:67:99:46:
5b:4f:db:93:e9:be:36:05:ec:ae:39:a2:15:71:0b:
d9:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:81:6D:FC:65:77:61:5C:E3:AC:89:A4:24:52:89:42:BD:11:4B:45
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/rYFt_GV3YVzjrImkJFKJQr0RS0U.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
4f:07:57:4b:27:1e:79:40:20:0c:50:1e:ef:70:96:f0:d0:f3:
53:03:89:44:30:5e:69:82:7e:25:a4:6c:fc:d1:2e:40:7c:0d:
c1:76:de:18:71:1e:da:28:e9:e3:37:ff:9a:b3:d1:f5:ae:65:
c2:e3:0a:37:24:37:a9:70:1a:43:01:9d:2f:2f:cc:59:f2:e8:
81:1a:14:62:f3:5f:a3:09:08:9c:26:e2:14:bc:ae:77:79:5e:
5b:44:17:46:17:40:5c:03:87:b7:3c:ac:6c:9e:55:5d:3a:45:
5a:f6:f8:ed:2d:34:c1:2b:ea:37:97:7f:58:63:b8:17:40:09:
e1:99:3f:98:0e:a6:02:ff:92:2d:df:58:6d:18:3c:40:f0:3e:
b6:b1:af:12:08:5d:bb:a0:84:0f:dc:cd:4a:4d:c7:0a:bd:74:
6d:3e:0b:e3:0c:bf:1d:50:7b:79:a7:67:7f:c2:49:a0:38:7b:
eb:7f:65:3a:36:c3:9b:d6:cc:cc:53:89:1a:43:ac:6b:ce:61:
b7:58:0d:71:b3:f8:8b:3b:ec:cf:32:15:2c:46:d6:53:22:e6:
f3:21:3b:f0:77:5e:52:99:e5:00:f3:78:69:cb:57:12:e2:23:
03:a2:6e:20:bd:e6:d5:a2:18:c4:71:3b:a7:f9:cd:b2:fd:7b:
76:e3:e1:d5
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcvgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDMy
MTQ0NTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEFEODE2REZDNjU3NzYx
NUNFM0FDODlBNDI0NTI4OTQyQkQxMTRCNDUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCtVLw3rHqvP6I6uiC3DvpKJHTVlkxUG5FkRl3wnCTHI0pG+gET
CjP11gQjlOgAH+fWv5J5HGm0QjaZf0EoaElVVYgH342pvL5HuzRcua5+YWppA5fa
Tcb8Cy+gYDnhgJt4dq7NA/VUrUA/j0Xubc6NVzLsRXDqDBtADyoEQhD58zb0lDHp
MMGr3rl0IjwNdm1XSZtCQ+EaJ3TwcZLDt8lcTlsbIoVuMA4N3mcvvCwW/kJ2v0bY
OidWqlCYmez6cwXGkh7x3P53rEbQtJz5AJHUl+j25jsxDKJ/CSatXc3MHa4eAH1n
0GBXvtCMSWeZRltP25PpvjYF7K45ohVxC9mxAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUrYFt/GV3YVzjrImkJFKJQr0RS0UwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3JZRnRfR1YzWVZ6anJJ
bWtKRktKUXIwUlMwVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBPB1dL
Jx55QCAMUB7vcJbw0PNTA4lEMF5pgn4lpGz80S5AfA3Bdt4YcR7aKOnjN/+as9H1
rmXC4wo3JDepcBpDAZ0vL8xZ8uiBGhRi81+jCQicJuIUvK53eV5bRBdGF0BcA4e3
PKxsnlVdOkVa9vjtLTTBK+o3l39YY7gXQAnhmT+YDqYC/5It31htGDxA8D62sa8S
CF27oIQP3M1KTccKvXRtPgvjDL8dUHt5p2d/wkmgOHvrf2U6NsOb1szMU4kaQ6xr
zmG3WA1xs/iLO+zPMhUsRtZTIubzITvwd15SmeUA83hpy1cS4iMDom4gvebVohjE
cTun+c2y/Xt24+HV
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:49:49 2025 by rpki-client