Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/yMP_AJpOLnCHH41BqvlIUl1LD00.roa
File: yMP_AJpOLnCHH41BqvlIUl1LD00.roa (raw, json)
Hash identifier: 4Z6nyD8MqDLw7R4sllRzIYOwCtLJdxMwCgKtNTd/Jg4=
Subject key identifier: C8:C3:FF:00:9A:4E:2E:70:87:1F:8D:41:AA:F9:48:52:5D:4B:0F:4D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7246
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/yMP_AJpOLnCHH41BqvlIUl1LD00.roa
Signing time: Wed 02 Jul 2025 01:14:45 +0000
ROA not before: Wed 02 Jul 2025 01:14:45 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29254 (0x7246)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 2 01:14:45 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=C8C3FF009A4E2E70871F8D41AAF948525D4B0F4D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:9b:f4:37:8b:7f:08:f6:84:fd:5a:2f:37:48:
a3:7e:f0:1d:17:57:65:98:1a:b5:c8:83:b2:72:62:
87:2d:8d:04:3f:42:91:dc:6b:88:fc:dc:af:bf:fd:
61:67:ac:75:46:aa:af:c3:a2:ff:f7:5b:90:da:71:
f6:76:e8:9c:7e:50:8a:ae:a1:7f:d6:e3:0b:3b:8e:
e2:ab:47:23:66:cb:b6:64:f8:fa:30:dd:a1:cf:5b:
72:37:67:50:6d:5d:c1:79:60:38:66:bb:80:25:44:
3f:7d:53:a2:54:d5:1c:74:ff:29:67:f5:ee:48:0d:
c6:94:83:ca:cb:32:b7:2d:00:98:21:32:4a:94:e0:
d2:82:1f:11:ec:d5:23:19:7e:46:60:98:4c:02:77:
17:f0:27:e9:32:73:05:ac:5a:c9:37:91:f3:46:fc:
f1:23:72:4b:94:af:c0:e2:0e:98:7c:91:53:2c:1c:
b4:62:18:4f:2b:d5:a3:c9:59:84:2a:26:82:d3:dc:
90:92:b3:b7:20:79:fb:87:f3:00:d8:3f:92:cb:de:
c5:38:9c:18:b8:da:cb:fc:fd:11:24:40:a0:f1:3e:
c3:33:08:d1:99:95:e1:ed:5e:b6:87:03:6f:5d:8f:
e6:b6:22:af:d9:40:07:d9:78:7f:49:a3:07:84:f3:
eb:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:C3:FF:00:9A:4E:2E:70:87:1F:8D:41:AA:F9:48:52:5D:4B:0F:4D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/yMP_AJpOLnCHH41BqvlIUl1LD00.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
57:28:bd:18:28:59:21:2d:e3:78:5e:7b:bc:75:bc:00:45:f1:
d2:f8:a4:78:a3:da:db:fb:aa:d8:48:c4:51:9c:58:83:85:6e:
5c:9b:cb:23:35:6d:9b:a8:1e:60:14:ff:df:eb:a5:32:34:7c:
0b:23:bb:1f:88:ea:5f:37:2f:c0:57:6e:62:8d:1d:95:d7:d3:
f0:75:3b:70:85:92:09:4c:ea:67:01:41:c4:d0:3a:0a:67:fb:
17:78:8f:44:5c:7a:1b:4b:5b:05:95:3e:a1:52:99:c7:2e:2e:
e5:c6:09:38:32:28:74:f4:9c:b4:d3:c3:63:62:ff:79:67:ae:
a6:25:d5:84:d4:ad:55:c2:c1:17:f0:cb:7d:c9:2a:1f:28:ab:
26:c0:f1:3d:b0:35:84:a8:71:28:ae:eb:89:f1:8b:a9:0b:7a:
11:a2:e4:e0:2e:ab:64:ca:d6:44:90:61:aa:7c:2d:ce:f5:6d:
5b:7b:89:f3:09:c9:1e:d1:e6:be:11:24:55:33:34:1b:c3:5e:
c2:e4:b6:04:de:ae:af:9a:14:de:59:6f:59:87:4d:f2:25:f7:
99:80:3e:e4:7f:10:37:ee:39:d5:5e:87:f3:c1:72:2c:f7:8f:
be:cd:a5:4a:b5:90:32:2b:30:82:8a:f3:cf:82:3d:29:10:01:
0e:8a:05:63
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICckYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDIw
MTE0NDVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEM4QzNGRjAwOUE0RTJF
NzA4NzFGOEQ0MUFBRjk0ODUyNUQ0QjBGNEQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC5m/Q3i38I9oT9Wi83SKN+8B0XV2WYGrXIg7JyYoctjQQ/QpHc
a4j83K+//WFnrHVGqq/Dov/3W5DacfZ26Jx+UIquoX/W4ws7juKrRyNmy7Zk+Pow
3aHPW3I3Z1BtXcF5YDhmu4AlRD99U6JU1Rx0/yln9e5IDcaUg8rLMrctAJghMkqU
4NKCHxHs1SMZfkZgmEwCdxfwJ+kycwWsWsk3kfNG/PEjckuUr8DiDph8kVMsHLRi
GE8r1aPJWYQqJoLT3JCSs7cgefuH8wDYP5LL3sU4nBi42sv8/REkQKDxPsMzCNGZ
leHtXraHA29dj+a2Iq/ZQAfZeH9JoweE8+u/AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUyMP/AJpOLnCHH41BqvlIUl1LD00wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3lNUF9BSnBPTG5DSEg0
MUJxdmxJVWwxTEQwMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBXKL0Y
KFkhLeN4Xnu8dbwARfHS+KR4o9rb+6rYSMRRnFiDhW5cm8sjNW2bqB5gFP/f66Uy
NHwLI7sfiOpfNy/AV25ijR2V19PwdTtwhZIJTOpnAUHE0DoKZ/sXeI9EXHobS1sF
lT6hUpnHLi7lxgk4Mih09Jy008NjYv95Z66mJdWE1K1VwsEX8Mt9ySofKKsmwPE9
sDWEqHEoruuJ8YupC3oRouTgLqtkytZEkGGqfC3O9W1be4nzCcke0ea+ESRVMzQb
w17C5LYE3q6vmhTeWW9Zh03yJfeZgD7kfxA37jnVXofzwXIs94++zaVKtZAyKzCC
ivPPgj0pEAEOigVj
-----END CERTIFICATE-----
Generated at Sun Jul 20 20:47:04 2025 by rpki-client