Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/xIY-LU5FDZxWrSJXrEsBbuaBIvU.roa
File: xIY-LU5FDZxWrSJXrEsBbuaBIvU.roa (raw, json)
Hash identifier: LeiUuB5tmjbOP5oPDVasPHoQ4tfPH6z1TJa7B4z3IjY=
Subject key identifier: C4:86:3E:2D:4E:45:0D:9C:56:AD:22:57:AC:4B:01:6E:E6:81:22:F5
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 72D6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xIY-LU5FDZxWrSJXrEsBbuaBIvU.roa
Signing time: Thu 03 Jul 2025 13:14:46 +0000
ROA not before: Thu 03 Jul 2025 13:14:46 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29398 (0x72d6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 3 13:14:46 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=C4863E2D4E450D9C56AD2257AC4B016EE68122F5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f3:b4:47:c1:0f:75:84:36:39:10:f5:19:df:34:
61:7b:e9:91:51:90:ef:4a:a6:ce:26:de:40:2b:d9:
50:1b:e5:6e:56:a9:d1:fe:54:ba:90:4f:bc:47:e7:
d4:46:18:ec:5d:3f:13:32:4a:7a:ba:fd:7e:cc:9c:
df:86:9e:cd:35:4c:6a:dd:34:2f:fb:97:5e:60:d3:
4a:81:d7:1c:1a:53:94:aa:8f:42:bd:10:f2:c4:d7:
e9:76:95:d0:27:f9:86:0c:3b:a3:1d:16:e1:8f:ce:
7c:9a:9b:96:58:29:c3:3f:d2:1b:5a:eb:80:4b:00:
f6:ef:01:c6:01:d1:52:e2:0e:49:55:f2:43:9c:ca:
40:30:62:ce:46:e9:2e:8a:92:5c:47:fa:38:03:c8:
05:6f:4c:53:2c:4b:0b:2b:5f:7e:41:bb:67:e4:8e:
83:f7:b8:39:2b:97:79:c5:53:9e:43:f9:48:14:c9:
72:a5:25:b4:ce:de:6e:5a:ed:2f:fe:08:f3:10:1c:
03:99:6a:da:d3:eb:0c:55:3c:ce:d7:67:9b:f2:16:
1b:8e:80:e3:13:f1:53:83:96:4e:53:dc:b1:62:d0:
ae:20:c0:3a:5c:60:b7:7c:5e:29:61:07:f0:a7:82:
4b:2f:44:dd:10:d9:08:49:e7:b4:c2:8e:27:b4:9d:
68:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:86:3E:2D:4E:45:0D:9C:56:AD:22:57:AC:4B:01:6E:E6:81:22:F5
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/xIY-LU5FDZxWrSJXrEsBbuaBIvU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
75:94:0f:21:b6:a8:ad:4c:a0:cb:f5:6a:be:81:01:53:51:27:
2a:5e:f0:95:73:b0:80:30:9c:5f:56:d9:85:00:4d:82:d8:67:
bf:4c:30:58:f3:92:18:85:04:c1:11:d9:c3:f6:e0:70:fd:95:
8e:6e:7d:3f:81:49:88:22:82:d6:95:19:0c:29:fe:cc:78:15:
9e:50:1f:2c:49:36:ad:c8:65:c5:6d:b3:96:02:fc:d7:47:ec:
ff:bc:e4:8b:84:71:1e:fa:b4:e5:c4:60:cb:af:ae:54:e8:7f:
fb:28:e9:26:e1:e8:88:47:3b:68:b6:8f:ce:71:6d:ad:62:68:
84:f7:c3:97:ea:c4:c4:77:6e:86:e8:d8:5d:20:ee:29:a0:24:
f5:21:59:b7:21:75:d1:7d:66:32:98:fb:2f:49:01:4b:13:c8:
56:3f:94:9c:4d:19:a2:30:11:58:98:dd:3f:ed:d3:ad:a4:2d:
3d:b7:53:a7:db:d0:ea:38:ba:a9:89:f9:46:3a:db:6d:f9:cb:
ef:c2:67:3d:7b:8d:44:3e:73:3f:8b:dd:7c:a6:5a:c3:d2:92:
88:a7:cb:6c:14:33:0f:91:32:79:ef:a8:29:a7:8f:f3:cd:5d:
61:80:30:91:de:98:fb:64:eb:ac:4d:1a:8d:f9:fa:31:41:dd:
a8:7a:dc:ef
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICctYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDMx
MzE0NDZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEM0ODYzRTJENEU0NTBE
OUM1NkFEMjI1N0FDNEIwMTZFRTY4MTIyRjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDztEfBD3WENjkQ9RnfNGF76ZFRkO9Kps4m3kAr2VAb5W5WqdH+
VLqQT7xH59RGGOxdPxMySnq6/X7MnN+Gns01TGrdNC/7l15g00qB1xwaU5Sqj0K9
EPLE1+l2ldAn+YYMO6MdFuGPznyam5ZYKcM/0hta64BLAPbvAcYB0VLiDklV8kOc
ykAwYs5G6S6KklxH+jgDyAVvTFMsSwsrX35Bu2fkjoP3uDkrl3nFU55D+UgUyXKl
JbTO3m5a7S/+CPMQHAOZatrT6wxVPM7XZ5vyFhuOgOMT8VODlk5T3LFi0K4gwDpc
YLd8XilhB/CngksvRN0Q2QhJ57TCjie0nWiVAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUxIY+LU5FDZxWrSJXrEsBbuaBIvUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3hJWS1MVTVGRFp4V3JT
SlhyRXNCYnVhQkl2VS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB1lA8h
tqitTKDL9Wq+gQFTUScqXvCVc7CAMJxfVtmFAE2C2Ge/TDBY85IYhQTBEdnD9uBw
/ZWObn0/gUmIIoLWlRkMKf7MeBWeUB8sSTatyGXFbbOWAvzXR+z/vOSLhHEe+rTl
xGDLr65U6H/7KOkm4eiIRztoto/OcW2tYmiE98OX6sTEd26G6NhdIO4poCT1IVm3
IXXRfWYymPsvSQFLE8hWP5ScTRmiMBFYmN0/7dOtpC09t1On29DqOLqpiflGOttt
+cvvwmc9e41EPnM/i918plrD0pKIp8tsFDMPkTJ576gpp4/zzV1hgDCR3pj7ZOus
TRqN+foxQd2oetzv
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:37:32 2025 by rpki-client