Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/y-hwRU1Xi9zVNsH5ej6wEQLo7NY.roa
File: y-hwRU1Xi9zVNsH5ej6wEQLo7NY.roa (raw, json)
Hash identifier: fRn0WAoT4DXwphbMDPEkeLHCMfXvezw9A5G4PdUgMiE=
Subject key identifier: CB:E8:70:45:4D:57:8B:DC:D5:36:C1:F9:7A:3E:B0:11:02:E8:EC:D6
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7228
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/y-hwRU1Xi9zVNsH5ej6wEQLo7NY.roa
Signing time: Tue 01 Jul 2025 17:44:53 +0000
ROA not before: Tue 01 Jul 2025 17:44:53 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29224 (0x7228)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 1 17:44:53 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=CBE870454D578BDCD536C1F97A3EB01102E8ECD6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:79:ed:54:ac:f2:ec:c7:2d:ef:a1:30:fd:d9:
c9:fa:e0:ee:a2:d3:3c:fc:9a:1d:ab:3c:44:fa:59:
c1:97:45:94:85:4b:f5:00:78:32:f3:c6:32:e3:c2:
f2:fe:98:27:af:4d:e5:d3:8c:21:22:6e:6f:ae:87:
46:ad:d9:f7:93:45:f4:f1:c6:52:b1:0f:69:95:1e:
4f:46:44:82:a8:e8:48:74:9e:53:27:70:d7:14:e9:
1e:fc:1b:42:f2:f2:b6:7a:c9:52:90:fe:02:6a:3c:
45:87:60:e5:b3:bc:0c:d9:2e:e6:bb:fc:bf:e4:1e:
69:8c:87:10:62:76:7a:b2:1c:ce:b9:3e:f2:ab:e5:
28:ac:d6:8c:b0:ca:ec:01:24:60:e1:92:de:ff:d9:
5d:64:3a:b0:53:19:05:46:b2:17:7c:00:dc:bb:ad:
5f:31:2f:93:a2:c1:10:dc:41:6c:2b:55:b5:5e:63:
1c:63:03:20:78:8e:e8:29:53:ed:40:83:0e:de:4a:
d3:2d:e6:2b:24:ab:bf:c8:91:14:9a:bf:7d:c2:cf:
4b:51:c8:69:31:e9:08:eb:aa:47:77:65:94:0c:04:
bf:17:a7:7f:01:2c:23:5d:3d:6f:e2:6d:1d:55:81:
54:07:04:7b:81:e6:63:bd:d3:f4:ad:59:54:e5:ef:
de:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:E8:70:45:4D:57:8B:DC:D5:36:C1:F9:7A:3E:B0:11:02:E8:EC:D6
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/y-hwRU1Xi9zVNsH5ej6wEQLo7NY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
af:15:76:73:e6:bc:2e:a6:15:88:b2:f9:ee:f5:d9:61:e2:ff:
69:53:9e:f9:35:af:c0:96:29:b1:77:b6:f0:80:99:89:9e:97:
66:81:22:30:26:68:cd:44:91:62:e2:a5:c0:48:d2:f9:37:09:
65:b8:ca:bf:bc:97:99:12:34:5d:6a:a2:be:1f:b5:bd:78:93:
d1:77:2a:cd:bd:a7:78:c1:6b:10:51:85:a6:1a:b2:ec:1f:86:
04:9b:37:f5:86:73:7c:58:b5:b7:72:a4:13:f0:e9:b7:39:3f:
a9:85:5e:76:8b:13:04:cb:bf:7d:81:4c:62:f4:2c:46:2e:7e:
6a:25:fc:c0:e4:ab:61:ab:ab:49:01:88:20:ab:3a:9b:45:c3:
76:0c:2f:d2:81:3d:b5:5d:b4:5f:c1:0b:02:36:1c:0d:3c:92:
18:3e:53:87:6f:03:30:46:e2:d8:5c:b4:41:40:3b:47:60:0c:
02:a1:f0:41:cc:5d:b9:39:c8:99:2d:fe:dd:80:5a:da:21:64:
ca:e0:0f:ec:f2:c0:20:a0:99:95:77:5a:d2:10:13:62:52:7e:
03:ef:bd:6a:5d:90:59:00:63:f9:fd:1c:94:36:92:94:c0:c7:
c5:7d:96:bb:8f:4a:10:86:a3:a1:76:1f:c2:ac:6e:07:a5:14:
5d:5c:97:ad
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcigwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDEx
NzQ0NTNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKENCRTg3MDQ1NEQ1NzhC
RENENTM2QzFGOTdBM0VCMDExMDJFOEVDRDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCgee1UrPLsxy3voTD92cn64O6i0zz8mh2rPET6WcGXRZSFS/UA
eDLzxjLjwvL+mCevTeXTjCEibm+uh0at2feTRfTxxlKxD2mVHk9GRIKo6Eh0nlMn
cNcU6R78G0Ly8rZ6yVKQ/gJqPEWHYOWzvAzZLua7/L/kHmmMhxBidnqyHM65PvKr
5Sis1oywyuwBJGDhkt7/2V1kOrBTGQVGshd8ANy7rV8xL5OiwRDcQWwrVbVeYxxj
AyB4jugpU+1Agw7eStMt5iskq7/IkRSav33Cz0tRyGkx6Qjrqkd3ZZQMBL8Xp38B
LCNdPW/ibR1VgVQHBHuB5mO90/StWVTl7941AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUy+hwRU1Xi9zVNsH5ej6wEQLo7NYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3ktaHdSVTFYaTl6Vk5z
SDVlajZ3RVFMbzdOWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCvFXZz
5rwuphWIsvnu9dlh4v9pU575Na/Alimxd7bwgJmJnpdmgSIwJmjNRJFi4qXASNL5
NwlluMq/vJeZEjRdaqK+H7W9eJPRdyrNvad4wWsQUYWmGrLsH4YEmzf1hnN8WLW3
cqQT8Om3OT+phV52ixMEy799gUxi9CxGLn5qJfzA5Kthq6tJAYggqzqbRcN2DC/S
gT21XbRfwQsCNhwNPJIYPlOHbwMwRuLYXLRBQDtHYAwCofBBzF25OciZLf7dgFra
IWTK4A/s8sAgoJmVd1rSEBNiUn4D771qXZBZAGP5/RyUNpKUwMfFfZa7j0oQhqOh
dh/CrG4HpRRdXJet
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:50:47 2025 by rpki-client