Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/yeMOf72l2NGqIOMueoqvKY0w2aI.roa
File: yeMOf72l2NGqIOMueoqvKY0w2aI.roa (raw, json)
Hash identifier: wvi1NmeEa4pKGQm7/DhbreufVlV9+4+oYaNU68c4sj8=
Subject key identifier: C9:E3:0E:7F:BD:A5:D8:D1:AA:20:E3:2E:7A:8A:AF:29:8D:30:D9:A2
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 76BA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/yeMOf72l2NGqIOMueoqvKY0w2aI.roa
Signing time: Sun 13 Jul 2025 22:41:48 +0000
ROA not before: Sun 13 Jul 2025 22:41:48 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30394 (0x76ba)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 13 22:41:48 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=C9E30E7FBDA5D8D1AA20E32E7A8AAF298D30D9A2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:39:30:80:c8:7d:56:64:0d:23:a3:4c:6d:0b:
15:47:e6:db:f0:cb:a8:3f:4d:b4:8b:6e:12:c2:bb:
19:cd:4b:76:23:c3:79:a2:68:ca:be:88:ec:c9:9c:
db:e1:e0:8c:18:9b:43:d8:1d:9c:8b:cf:89:a6:9b:
0b:c2:d7:de:df:05:8f:ba:37:3e:e0:db:d9:b6:b0:
6e:64:9b:6d:ac:40:d1:58:57:70:c1:54:50:ad:36:
9d:9c:63:02:8f:6b:8d:b8:71:af:3e:c1:1b:90:a9:
01:01:ec:e6:98:8d:b8:0b:d3:42:f1:6a:df:d7:3f:
8b:1b:91:10:56:a5:96:46:b4:3f:eb:30:66:23:2e:
6b:ff:c1:e8:05:89:18:53:e7:88:5d:62:62:aa:69:
93:3c:9e:c7:e6:a6:a5:9d:ae:4f:57:df:22:5e:87:
fa:79:b4:59:e0:ca:b2:34:20:a0:f5:62:ee:34:dc:
1d:f8:bd:c1:b1:58:ae:b6:67:ce:81:03:fa:0a:96:
f1:8b:96:81:7a:15:2d:2b:78:3a:50:c4:cb:59:c2:
f2:5b:c2:55:a3:a9:db:f5:45:1a:95:96:b8:87:96:
46:74:fb:32:e1:06:af:12:52:92:63:36:aa:48:3d:
d2:63:d1:d9:18:6d:b4:d0:3a:5c:95:53:d7:76:8a:
f3:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:E3:0E:7F:BD:A5:D8:D1:AA:20:E3:2E:7A:8A:AF:29:8D:30:D9:A2
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/yeMOf72l2NGqIOMueoqvKY0w2aI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
b7:32:19:86:26:21:b9:37:77:aa:dc:b4:e1:20:d6:a5:7f:2a:
dd:5c:63:2e:94:16:67:f8:01:05:56:c6:52:6d:84:d6:ba:53:
17:46:9e:f9:bf:c9:d2:66:3f:dc:b1:cb:27:d4:75:98:e9:21:
1b:2a:92:02:b3:7a:5d:2c:c6:a2:30:1c:83:08:d2:11:d7:47:
c2:7c:6d:9b:a8:5f:cd:26:20:6f:50:32:4d:6e:10:5f:0a:31:
99:e2:cb:7a:54:1e:c2:0c:b7:e4:7f:2b:58:33:75:41:35:c4:
1a:aa:31:d7:e9:1f:dc:6e:dc:11:4c:08:cb:a7:25:48:f7:e5:
29:4b:52:c7:09:f8:c1:ed:f4:52:fd:33:89:7b:8e:1a:83:18:
ee:ff:a0:02:31:39:24:33:16:74:d5:ad:67:33:a3:2f:d2:a9:
37:40:ec:ae:81:f4:70:e0:2c:84:cc:92:ca:3f:3a:78:ba:0f:
5c:da:f7:3d:91:c3:5e:43:4a:b7:6d:ba:83:e2:37:c7:44:f0:
74:57:8d:4c:30:50:64:23:5a:e4:37:0d:b3:d6:82:4e:cf:d7:
bf:a2:e8:8a:52:07:a7:c3:93:ef:dd:ad:a5:b9:1b:ef:c7:e3:
b1:66:eb:e6:81:57:09:14:98:91:8d:dc:d4:78:3e:d0:8d:72:
1c:8e:5a:2b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdrowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTMy
MjQxNDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEM5RTMwRTdGQkRBNUQ4
RDFBQTIwRTMyRTdBOEFBRjI5OEQzMEQ5QTIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCaOTCAyH1WZA0jo0xtCxVH5tvwy6g/TbSLbhLCuxnNS3Yjw3mi
aMq+iOzJnNvh4IwYm0PYHZyLz4mmmwvC197fBY+6Nz7g29m2sG5km22sQNFYV3DB
VFCtNp2cYwKPa424ca8+wRuQqQEB7OaYjbgL00Lxat/XP4sbkRBWpZZGtD/rMGYj
Lmv/wegFiRhT54hdYmKqaZM8nsfmpqWdrk9X3yJeh/p5tFngyrI0IKD1Yu403B34
vcGxWK62Z86BA/oKlvGLloF6FS0reDpQxMtZwvJbwlWjqdv1RRqVlriHlkZ0+zLh
Bq8SUpJjNqpIPdJj0dkYbbTQOlyVU9d2ivPtAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUyeMOf72l2NGqIOMueoqvKY0w2aIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3llTU9mNzJsMk5HcUlP
TXVlb3F2S1kwdzJhSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQC3MhmG
JiG5N3eq3LThINalfyrdXGMulBZn+AEFVsZSbYTWulMXRp75v8nSZj/cscsn1HWY
6SEbKpICs3pdLMaiMByDCNIR10fCfG2bqF/NJiBvUDJNbhBfCjGZ4st6VB7CDLfk
fytYM3VBNcQaqjHX6R/cbtwRTAjLpyVI9+UpS1LHCfjB7fRS/TOJe44agxju/6AC
MTkkMxZ01a1nM6Mv0qk3QOyugfRw4CyEzJLKPzp4ug9c2vc9kcNeQ0q3bbqD4jfH
RPB0V41MMFBkI1rkNw2z1oJOz9e/ouiKUgenw5Pv3a2luRvvx+OxZuvmgVcJFJiR
jdzUeD7QjXIcjlor
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:41:15 2025 by rpki-client