Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/yKk7hFMwOJmHOmKHXn9TOAjD8qE.roa
File: yKk7hFMwOJmHOmKHXn9TOAjD8qE.roa (raw, json)
Hash identifier: kdCUYIoQT5//obfiaMtqkdv1Ox/RnesjZP9e3rFIBPA=
Subject key identifier: C8:A9:3B:84:53:30:38:99:87:3A:62:87:5E:7F:53:38:08:C3:F2:A1
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 770A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/yKk7hFMwOJmHOmKHXn9TOAjD8qE.roa
Signing time: Mon 14 Jul 2025 18:41:46 +0000
ROA not before: Mon 14 Jul 2025 18:41:46 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30474 (0x770a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 14 18:41:46 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=C8A93B8453303899873A62875E7F533808C3F2A1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:f5:42:8d:9e:f5:4d:86:33:32:53:b2:9b:ee:
cb:d5:b1:c2:a8:29:4e:6e:5a:c6:df:b7:8d:a9:eb:
17:29:13:5b:0f:0b:08:bb:29:04:a3:4d:c3:98:b0:
58:6d:24:d2:5b:2b:d4:b8:1c:62:94:8a:38:2d:f6:
bb:2a:81:35:ed:94:d4:f3:4b:26:21:84:83:69:53:
4e:89:55:1a:98:82:ee:69:66:74:44:8d:b3:54:65:
86:27:4a:91:21:03:b4:62:78:10:84:25:f9:b3:b0:
f8:7a:33:48:68:96:b7:44:7d:b7:88:ef:fa:4b:b6:
ae:72:61:6e:6e:6c:e9:ac:d8:67:78:5f:dd:5b:66:
26:fe:bd:fc:9c:9e:31:d8:5f:a1:33:c9:33:8f:b6:
be:2f:6f:77:0e:ec:ac:2e:61:41:0e:7a:62:24:d2:
98:ad:74:f8:a1:d1:0f:72:c0:c3:f3:e2:cf:15:52:
1c:b5:b7:12:cd:15:80:1d:d8:a8:41:24:08:ea:1d:
9f:b5:b7:d8:53:e4:26:0f:df:8d:3d:e6:9b:1b:8f:
b7:fc:69:6e:94:d2:d3:b0:40:5c:09:b5:72:09:3a:
aa:f5:99:d1:4a:f3:78:a2:9f:95:fc:39:f9:08:33:
87:87:7e:66:6e:11:1c:c2:fd:c8:a4:0a:4e:9d:7a:
ab:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:A9:3B:84:53:30:38:99:87:3A:62:87:5E:7F:53:38:08:C3:F2:A1
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/yKk7hFMwOJmHOmKHXn9TOAjD8qE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
1b:11:e1:ee:cb:6b:f3:3f:25:f1:17:8a:4e:d1:d5:db:d9:b2:
e8:c2:e5:0c:13:f2:bf:52:0f:39:18:2d:23:51:32:9f:41:62:
69:46:94:55:15:c5:9f:24:3d:4a:00:43:e5:17:b5:4f:f9:0f:
2a:41:2a:d8:0a:32:e9:79:c7:65:15:51:17:75:2b:25:ff:ec:
88:f4:4d:5b:da:09:2f:ec:cd:11:c4:06:ad:a6:a8:67:79:26:
26:05:c9:18:d5:aa:23:ad:19:b7:1a:8c:55:c0:5f:ff:f2:72:
a0:37:37:ef:e8:47:3b:73:f4:45:9a:ae:38:21:e9:a1:0b:7e:
49:c8:42:56:3a:48:ad:f7:b3:98:02:4a:cb:c9:e7:28:52:69:
44:08:0c:ba:c9:c4:58:68:8a:dd:52:cf:3f:5d:29:d3:6a:9d:
a6:1e:2b:8a:92:a9:e3:bd:95:21:c3:ee:14:d0:88:a1:4f:dd:
d5:29:cc:7c:8d:8d:11:b8:da:09:e8:0d:ef:24:10:b7:9d:af:
91:bb:9e:dc:3c:74:d4:d6:11:5f:d2:cc:2e:ec:be:57:94:33:
a4:57:df:2c:c4:4e:08:4d:e9:aa:01:8c:e3:38:27:ff:f5:03:
c8:d6:01:7e:13:ef:d9:ec:ff:12:d3:c2:7a:6c:6c:42:f0:a8:
81:e6:aa:4b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdwowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTQx
ODQxNDZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEM4QTkzQjg0NTMzMDM4
OTk4NzNBNjI4NzVFN0Y1MzM4MDhDM0YyQTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/9UKNnvVNhjMyU7Kb7svVscKoKU5uWsbft42p6xcpE1sPCwi7
KQSjTcOYsFhtJNJbK9S4HGKUijgt9rsqgTXtlNTzSyYhhINpU06JVRqYgu5pZnRE
jbNUZYYnSpEhA7RieBCEJfmzsPh6M0holrdEfbeI7/pLtq5yYW5ubOms2Gd4X91b
Zib+vfycnjHYX6EzyTOPtr4vb3cO7KwuYUEOemIk0pitdPih0Q9ywMPz4s8VUhy1
txLNFYAd2KhBJAjqHZ+1t9hT5CYP34095psbj7f8aW6U0tOwQFwJtXIJOqr1mdFK
83iin5X8OfkIM4eHfmZuERzC/cikCk6deqvXAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUyKk7hFMwOJmHOmKHXn9TOAjD8qEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3lLazdoRk13T0ptSE9t
S0hYbjlUT0FqRDhxRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAbEeHu
y2vzPyXxF4pO0dXb2bLowuUME/K/Ug85GC0jUTKfQWJpRpRVFcWfJD1KAEPlF7VP
+Q8qQSrYCjLpecdlFVEXdSsl/+yI9E1b2gkv7M0RxAatpqhneSYmBckY1aojrRm3
GoxVwF//8nKgNzfv6Ec7c/RFmq44IemhC35JyEJWOkit97OYAkrLyecoUmlECAy6
ycRYaIrdUs8/XSnTap2mHiuKkqnjvZUhw+4U0IihT93VKcx8jY0RuNoJ6A3vJBC3
na+Ru57cPHTU1hFf0swu7L5XlDOkV98sxE4ITemqAYzjOCf/9QPI1gF+E+/Z7P8S
08J6bGxC8KiB5qpL
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:35:04 2025 by rpki-client