Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ySTPNh7y4wHC7rxHqo74cc04Ez8.roa
File: ySTPNh7y4wHC7rxHqo74cc04Ez8.roa (raw, json)
Hash identifier: E/qkbq/Mfu6MQzFo3dKC69a8FDVV1YQyEHK71T0qrw0=
Subject key identifier: C9:24:CF:36:1E:F2:E3:01:C2:EE:BC:47:AA:8E:F8:71:CD:38:13:3F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 66D8
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ySTPNh7y4wHC7rxHqo74cc04Ez8.roa
Signing time: Sun 01 Jun 2025 08:12:50 +0000
ROA not before: Sun 01 Jun 2025 08:12:50 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26328 (0x66d8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 1 08:12:50 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=C924CF361EF2E301C2EEBC47AA8EF871CD38133F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:3d:d8:3f:17:f1:2a:ca:0c:6f:11:53:56:44:
a7:53:cd:50:d7:8e:c9:aa:7f:22:0b:2d:1f:39:fc:
9e:b7:7e:4d:88:d1:d0:2d:a5:f1:20:ff:8f:28:1c:
9c:b5:d9:2f:f8:59:58:84:d9:e5:53:6d:e0:d7:fa:
a4:1d:de:23:60:50:54:7f:e2:98:71:21:79:e9:f4:
15:43:c8:91:84:f3:94:87:c8:ae:eb:4e:71:12:ac:
98:ce:30:5a:71:67:e6:21:e3:5b:2c:1d:cd:84:b0:
4d:0f:28:6a:24:a6:a3:74:3e:c2:4e:ca:85:b4:90:
fe:5a:c7:86:31:a3:ad:04:ee:df:85:7f:6b:bc:a3:
8d:2e:35:75:1c:7a:79:b0:54:b1:a1:2b:07:6f:db:
a4:5f:af:0a:b6:41:27:88:c4:0d:d0:c5:8f:8d:02:
ce:a5:b2:b9:6f:06:51:d1:8c:a3:91:0e:c7:a3:d3:
f0:28:8d:49:ba:55:e4:1b:b3:d5:15:2c:4f:4c:f4:
c1:85:9f:2b:2a:55:a2:e0:86:65:71:9c:9d:48:e8:
b2:7c:69:49:e6:09:63:e0:bb:75:d6:e3:65:17:47:
4a:b8:3a:55:a0:ef:8f:d7:6f:8a:41:69:93:b5:66:
6c:50:a3:81:cb:bf:d3:20:e2:54:7a:3f:b3:ed:e3:
1a:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:24:CF:36:1E:F2:E3:01:C2:EE:BC:47:AA:8E:F8:71:CD:38:13:3F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ySTPNh7y4wHC7rxHqo74cc04Ez8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
65:ec:2d:7d:0b:34:42:74:0b:ee:f6:39:66:5f:25:f5:96:dc:
27:33:a0:b4:f5:10:72:30:f8:a7:3f:3c:6f:d6:f8:0c:7c:e0:
6a:ac:88:69:66:86:4f:a3:61:3d:6c:c7:6a:b9:96:af:1a:a8:
a8:35:08:aa:8f:8c:7a:3b:e0:0d:7f:15:0a:6f:4b:f7:32:2e:
10:a0:2b:63:ac:bc:a2:1d:54:27:b1:99:32:33:57:d4:66:4a:
17:2d:eb:b4:08:32:21:db:05:26:c1:5e:6f:4f:4d:8d:8f:2a:
1c:e1:ab:2f:0e:18:91:07:fa:be:1f:48:ee:5d:a9:a9:e1:1f:
ef:9d:ae:a5:bd:ff:33:b6:00:9d:e5:7e:6d:40:53:2f:73:00:
e8:2b:3a:32:25:d6:20:44:21:b1:26:22:59:52:da:1c:3b:13:
e2:2e:f2:56:9b:73:dc:f9:c3:a9:3c:d8:28:42:d4:43:9f:09:
aa:bf:d3:c7:aa:a4:92:e1:8f:9a:cf:61:c5:9b:f6:cc:18:27:
07:f4:9f:76:83:07:ab:16:e4:96:ab:0f:78:03:c4:d7:8b:8b:
7a:8a:91:3c:72:c2:67:25:03:28:7e:02:ce:99:bb:3f:22:b5:
6c:a2:a2:76:a2:7b:dd:18:0e:9f:e0:54:5d:a8:d2:1e:21:3c:
a4:1e:58:a3
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZtgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDEw
ODEyNTBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEM5MjRDRjM2MUVGMkUz
MDFDMkVFQkM0N0FBOEVGODcxQ0QzODEzM0YwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDZPdg/F/EqygxvEVNWRKdTzVDXjsmqfyILLR85/J63fk2I0dAt
pfEg/48oHJy12S/4WViE2eVTbeDX+qQd3iNgUFR/4phxIXnp9BVDyJGE85SHyK7r
TnESrJjOMFpxZ+Yh41ssHc2EsE0PKGokpqN0PsJOyoW0kP5ax4Yxo60E7t+Ff2u8
o40uNXUcenmwVLGhKwdv26Rfrwq2QSeIxA3QxY+NAs6lsrlvBlHRjKORDsej0/Ao
jUm6VeQbs9UVLE9M9MGFnysqVaLghmVxnJ1I6LJ8aUnmCWPgu3XW42UXR0q4OlWg
74/Xb4pBaZO1ZmxQo4HLv9Mg4lR6P7Pt4xolAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUySTPNh7y4wHC7rxHqo74cc04Ez8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3lTVFBOaDd5NHdIQzdy
eEhxbzc0Y2MwNEV6OC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBl7C19
CzRCdAvu9jlmXyX1ltwnM6C09RByMPinPzxv1vgMfOBqrIhpZoZPo2E9bMdquZav
GqioNQiqj4x6O+ANfxUKb0v3Mi4QoCtjrLyiHVQnsZkyM1fUZkoXLeu0CDIh2wUm
wV5vT02Njyoc4asvDhiRB/q+H0juXamp4R/vna6lvf8ztgCd5X5tQFMvcwDoKzoy
JdYgRCGxJiJZUtocOxPiLvJWm3Pc+cOpPNgoQtRDnwmqv9PHqqSS4Y+az2HFm/bM
GCcH9J92gwerFuSWqw94A8TXi4t6ipE8csJnJQMofgLOmbs/IrVsoqJ2onvdGA6f
4FRdqNIeITykHlij
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:47:38 2025 by rpki-client