Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/y3W2zOQO3cvE2ufr2Zb48ElZqwE.roa
File: y3W2zOQO3cvE2ufr2Zb48ElZqwE.roa (raw, json)
Hash identifier: YZuVYqmLT3pXDRVmO6rPrA0ybdnQl80W9Ua+7r4Pwec=
Subject key identifier: CB:75:B6:CC:E4:0E:DD:CB:C4:DA:E7:EB:D9:96:F8:F0:49:59:AB:01
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 748C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/y3W2zOQO3cvE2ufr2Zb48ElZqwE.roa
Signing time: Tue 08 Jul 2025 02:45:10 +0000
ROA not before: Tue 08 Jul 2025 02:45:10 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29836 (0x748c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 8 02:45:10 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=CB75B6CCE40EDDCBC4DAE7EBD996F8F04959AB01
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:46:56:ec:35:60:4b:f8:1c:da:dc:46:ec:10:
50:4a:56:92:e6:63:ad:09:34:c8:69:1e:af:00:fa:
31:db:13:ff:69:3b:63:c6:04:07:e0:8d:f8:74:32:
26:b2:5d:41:c5:ac:39:fa:1f:4f:ff:3e:86:3a:67:
d0:7b:13:e9:3c:66:ad:9e:79:3a:70:11:b8:e5:b9:
01:32:5e:0b:76:20:0d:ce:be:ea:02:e2:96:47:09:
72:7a:b2:60:47:6d:d0:2f:e6:0e:de:d9:21:08:ee:
a9:fb:cb:ba:e2:62:a1:4d:c7:14:20:73:20:30:66:
1d:22:d9:52:80:0b:6a:4b:3b:8b:a2:d3:bd:72:70:
9f:f8:1e:be:46:82:46:b0:83:84:fe:0d:a6:d5:aa:
30:3a:67:32:25:5b:3e:73:d3:01:3d:dd:bf:80:a9:
c7:3a:19:c9:d0:c5:11:90:34:72:95:ab:da:34:77:
10:be:6a:b1:2b:c6:fb:aa:f3:c2:ca:45:03:10:4b:
68:2a:62:17:f8:fb:2d:0a:90:92:a8:0b:d5:68:d1:
a5:0e:71:2e:8c:71:22:71:cc:19:78:3b:75:79:c7:
d3:24:b2:5b:16:90:bd:db:3d:f6:75:ac:84:4b:9f:
5f:e7:6b:1d:22:00:8e:2c:0a:e7:69:d1:2a:14:67:
c9:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:75:B6:CC:E4:0E:DD:CB:C4:DA:E7:EB:D9:96:F8:F0:49:59:AB:01
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/y3W2zOQO3cvE2ufr2Zb48ElZqwE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
8c:ba:8c:62:1b:d5:89:fb:e9:58:5f:a0:03:4b:be:3d:ae:57:
32:6c:10:48:1f:e4:f0:cd:dc:d1:87:c1:7d:7f:34:fd:19:b7:
dd:23:e0:9e:e7:ef:a4:20:43:6e:81:dd:7b:fd:d6:ee:54:cb:
2e:56:44:e7:37:d0:51:a8:42:56:f7:30:f2:5d:94:01:7c:72:
b7:da:70:2a:97:cd:a7:00:fe:3d:96:9e:19:65:d2:ff:b3:5f:
8e:d8:89:30:e4:c8:f1:15:0f:7a:75:4b:d3:c2:49:c6:51:67:
5e:36:19:c8:f0:df:9e:88:20:be:86:6a:3d:f4:8c:a8:b5:a3:
20:09:d4:dc:be:bf:0c:f4:3b:8f:46:9c:bd:47:70:01:58:58:
66:43:c2:0c:92:37:37:92:73:27:0f:3e:5d:80:86:79:6e:c4:
79:15:94:a8:12:1d:3b:e3:31:a2:47:72:87:cc:58:b6:db:66:
de:ec:9b:88:3e:b2:5e:95:0b:cf:1c:50:24:e4:f9:f5:3f:b5:
63:a6:d0:bd:3e:37:d6:74:80:e9:df:37:af:77:3f:11:34:89:
d4:1a:bf:71:ac:84:68:54:d8:72:03:87:88:ad:41:b1:58:69:
61:3e:e3:9e:db:f6:e0:c5:8b:ee:17:be:e5:fe:64:0a:ea:2e:
be:66:3a:2e
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdIwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDgw
MjQ1MTBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKENCNzVCNkNDRTQwRURE
Q0JDNERBRTdFQkQ5OTZGOEYwNDk1OUFCMDEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC5RlbsNWBL+Bza3EbsEFBKVpLmY60JNMhpHq8A+jHbE/9pO2PG
BAfgjfh0MiayXUHFrDn6H0//PoY6Z9B7E+k8Zq2eeTpwEbjluQEyXgt2IA3OvuoC
4pZHCXJ6smBHbdAv5g7e2SEI7qn7y7riYqFNxxQgcyAwZh0i2VKAC2pLO4ui071y
cJ/4Hr5Ggkawg4T+DabVqjA6ZzIlWz5z0wE93b+Aqcc6GcnQxRGQNHKVq9o0dxC+
arErxvuq88LKRQMQS2gqYhf4+y0KkJKoC9Vo0aUOcS6McSJxzBl4O3V5x9MkslsW
kL3bPfZ1rIRLn1/nax0iAI4sCudp0SoUZ8ndAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUy3W2zOQO3cvE2ufr2Zb48ElZqwEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3kzVzJ6T1FPM2N2RTJ1
ZnIyWmI0OEVsWnF3RS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCMuoxi
G9WJ++lYX6ADS749rlcybBBIH+TwzdzRh8F9fzT9GbfdI+Ce5++kIENugd17/dbu
VMsuVkTnN9BRqEJW9zDyXZQBfHK32nAql82nAP49lp4ZZdL/s1+O2Ikw5MjxFQ96
dUvTwknGUWdeNhnI8N+eiCC+hmo99IyotaMgCdTcvr8M9DuPRpy9R3ABWFhmQ8IM
kjc3knMnDz5dgIZ5bsR5FZSoEh074zGiR3KHzFi222be7JuIPrJelQvPHFAk5Pn1
P7VjptC9PjfWdIDp3zevdz8RNInUGr9xrIRoVNhyA4eIrUGxWGlhPuOe2/bgxYvu
F77l/mQK6i6+Zjou
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:33:51 2025 by rpki-client