Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/yxuBGWWX73dz7qx-hZkesPGyoK4.roa
File: yxuBGWWX73dz7qx-hZkesPGyoK4.roa (raw, json)
Hash identifier: kfo5Id6/fcvMPpzE0GrN2MG92wM5Jj0KpX5x8MSaXLs=
Subject key identifier: CB:1B:81:19:65:97:EF:77:73:EE:AC:7E:85:99:1E:B0:F1:B2:A0:AE
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7394
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/yxuBGWWX73dz7qx-hZkesPGyoK4.roa
Signing time: Sat 05 Jul 2025 12:44:59 +0000
ROA not before: Sat 05 Jul 2025 12:44:59 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29588 (0x7394)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 5 12:44:59 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=CB1B81196597EF7773EEAC7E85991EB0F1B2A0AE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:46:25:9c:fc:97:98:34:a4:ab:be:53:8d:07:
ae:c7:b3:f2:18:00:70:b2:e5:71:34:e6:4f:3a:94:
27:3e:93:44:c2:4b:05:38:bc:e0:af:a7:ab:58:9b:
d4:c8:2b:7b:a9:5d:38:68:c1:1e:00:b0:9e:7d:42:
e6:44:1a:3d:6f:28:94:82:ff:e0:db:af:32:a5:bf:
a6:84:1d:e2:39:35:36:5a:d9:b7:95:ae:dd:0b:ff:
ff:77:f7:58:93:11:0d:01:16:a0:9e:29:59:26:c9:
d7:61:c9:3f:b4:13:3f:f3:66:57:73:d4:91:49:81:
84:3f:af:1d:e8:fd:9b:9b:e1:43:af:41:24:7b:98:
dd:f0:e4:1a:3d:42:7b:ac:2d:6f:f6:23:97:ac:d2:
5e:37:10:0d:c1:99:7b:4d:21:cf:48:08:22:f5:af:
fe:31:91:8f:c8:13:ed:8f:f5:c5:4e:64:fd:eb:20:
93:0b:a9:d2:2e:fa:cd:dc:c0:a7:36:05:ab:4a:34:
56:19:a7:00:f6:64:f8:7f:21:3a:1d:ac:2b:5d:de:
7f:e3:62:73:58:75:62:17:e7:62:89:04:f8:0d:ab:
ef:69:1d:bd:8c:e7:e9:f5:2c:29:31:a7:0d:33:c8:
68:e8:50:16:64:62:f9:ed:55:02:67:6f:7a:90:d0:
8b:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:1B:81:19:65:97:EF:77:73:EE:AC:7E:85:99:1E:B0:F1:B2:A0:AE
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/yxuBGWWX73dz7qx-hZkesPGyoK4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
80:e7:f4:f8:55:d3:f6:72:b8:c7:67:5a:e5:78:43:ea:0f:ba:
1e:50:ed:86:6c:ed:28:5d:2f:25:4d:e6:9a:34:86:71:a2:ab:
2e:61:05:f5:02:47:b3:40:0f:c4:cf:de:b9:67:67:c2:0b:c9:
f6:86:4c:0e:65:3c:2b:86:8b:b8:11:fb:b2:7e:11:9a:73:33:
a7:6d:1c:7a:c4:ef:71:9c:6f:a6:02:d5:7b:b7:91:ce:de:76:
3d:ba:4f:92:d1:7c:46:8a:e8:eb:01:96:89:26:f0:35:b4:10:
22:3f:3f:7a:02:99:8f:58:71:2d:9c:c2:ad:b5:69:51:b4:19:
d9:b6:d4:88:d4:a2:81:6d:f1:34:ef:86:75:28:cc:ea:06:5e:
6a:61:e7:74:1e:43:91:61:cd:77:8f:31:71:4c:6a:df:e6:70:
82:c9:dd:95:17:e9:b2:e2:35:f1:08:b0:9b:db:12:0e:11:7f:
7b:64:5b:60:62:ee:ea:a8:52:d0:1f:97:83:db:10:8c:ac:b9:
5e:d0:aa:77:5a:1f:7d:ee:a4:c4:02:e8:92:52:42:86:7f:a4:
c9:aa:ba:e1:53:dd:99:12:ca:a2:b0:13:0f:e2:49:ea:7d:e6:
a8:e6:58:04:bc:ef:d4:45:7e:66:ec:74:0a:80:4a:2a:fc:1b:
1e:57:39:d6
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICc5QwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDUx
MjQ0NTlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKENCMUI4MTE5NjU5N0VG
Nzc3M0VFQUM3RTg1OTkxRUIwRjFCMkEwQUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDSRiWc/JeYNKSrvlONB67Hs/IYAHCy5XE05k86lCc+k0TCSwU4
vOCvp6tYm9TIK3upXThowR4AsJ59QuZEGj1vKJSC/+DbrzKlv6aEHeI5NTZa2beV
rt0L//9391iTEQ0BFqCeKVkmyddhyT+0Ez/zZldz1JFJgYQ/rx3o/Zub4UOvQSR7
mN3w5Bo9QnusLW/2I5es0l43EA3BmXtNIc9ICCL1r/4xkY/IE+2P9cVOZP3rIJML
qdIu+s3cwKc2BatKNFYZpwD2ZPh/ITodrCtd3n/jYnNYdWIX52KJBPgNq+9pHb2M
5+n1LCkxpw0zyGjoUBZkYvntVQJnb3qQ0IuvAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUyxuBGWWX73dz7qx+hZkesPGyoK4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3l4dUJHV1dYNzNkejdx
eC1oWmtlc1BHeW9LNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCA5/T4
VdP2crjHZ1rleEPqD7oeUO2GbO0oXS8lTeaaNIZxoqsuYQX1AkezQA/Ez965Z2fC
C8n2hkwOZTwrhou4EfuyfhGaczOnbRx6xO9xnG+mAtV7t5HO3nY9uk+S0XxGiujr
AZaJJvA1tBAiPz96ApmPWHEtnMKttWlRtBnZttSI1KKBbfE074Z1KMzqBl5qYed0
HkORYc13jzFxTGrf5nCCyd2VF+my4jXxCLCb2xIOEX97ZFtgYu7qqFLQH5eD2xCM
rLle0Kp3Wh997qTEAuiSUkKGf6TJqrrhU92ZEsqisBMP4knqfeao5lgEvO/URX5m
7HQKgEoq/BseVznW
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:54:51 2025 by rpki-client