Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/1yPHlBzCmx38439SmIyfrfahDoc.roa
File: 1yPHlBzCmx38439SmIyfrfahDoc.roa (raw, json)
Hash identifier: Jfo5nkavoMj5Q+j3PpIzVnYSWuJlfdYV7L9wmKH0Fsg=
Subject key identifier: D7:23:C7:94:1C:C2:9B:1D:FC:E3:7F:52:98:8C:9F:AD:F6:A1:0E:87
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6734
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1yPHlBzCmx38439SmIyfrfahDoc.roa
Signing time: Mon 02 Jun 2025 07:11:32 +0000
ROA not before: Mon 02 Jun 2025 07:11:32 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26420 (0x6734)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 2 07:11:32 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=D723C7941CC29B1DFCE37F52988C9FADF6A10E87
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:17:02:dd:4a:e5:3d:19:18:17:98:64:d1:f0:
89:40:4c:71:77:15:ea:fe:23:a9:fb:44:27:db:22:
d4:a4:2b:3f:d1:e4:6d:34:b8:94:5a:6b:54:44:eb:
36:a2:21:3f:03:03:1a:4e:1d:0f:77:4e:4a:e7:9a:
a7:a2:9e:e5:b7:ef:69:3b:b0:6f:9a:60:db:7d:7b:
3f:88:fa:c3:88:ea:83:73:09:ba:69:02:08:d0:97:
96:f6:31:5f:7d:8b:f6:12:09:a0:ec:df:b3:a9:02:
be:62:33:e4:4c:ad:15:cd:b3:ec:c5:68:73:76:fe:
55:ba:3f:0e:fe:18:28:fe:3c:20:5f:6b:c1:e7:a7:
12:da:95:75:82:4a:1a:49:b7:ce:6d:6a:14:7a:e0:
42:c1:32:70:70:64:4d:91:9e:fa:0c:5e:f0:8a:8b:
f1:44:c3:51:dc:18:c9:a1:ee:fe:21:b9:20:f5:e9:
30:41:b6:2f:39:f1:cc:f3:66:28:95:a9:00:74:81:
a2:85:28:5d:e1:98:6b:22:8d:13:59:64:d1:80:1e:
d3:63:d3:c1:d1:0c:c3:b5:48:45:30:8f:c6:3a:c7:
6e:6f:fa:98:71:bc:25:e3:49:cf:c9:58:b4:96:02:
f5:43:b5:c7:8c:14:f2:f1:07:fa:c6:eb:4b:b2:24:
46:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:23:C7:94:1C:C2:9B:1D:FC:E3:7F:52:98:8C:9F:AD:F6:A1:0E:87
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1yPHlBzCmx38439SmIyfrfahDoc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
8b:7e:bb:af:fa:77:b1:2f:e3:d9:90:79:41:bd:9b:d1:8a:3f:
f8:f1:46:62:88:d1:5d:ba:92:f8:b3:95:a3:34:b6:bf:50:64:
33:28:07:cd:56:85:ab:7b:27:f4:5c:67:67:01:b9:74:5e:a5:
fc:76:25:4c:8d:6d:12:eb:4a:76:26:7a:ed:48:81:32:5e:b3:
59:4c:28:8a:b2:e4:93:a8:37:08:c0:95:e6:59:4c:ba:3f:e4:
b8:64:ca:83:a9:db:0a:a3:c5:63:d9:90:e1:1a:e9:16:37:7e:
f4:99:f1:88:c7:3f:31:79:44:33:09:a7:7a:21:0d:8a:ca:bc:
2b:ed:f3:6b:82:df:2a:ab:cc:6f:6e:1c:f2:e0:0b:e9:65:c7:
8c:c0:5b:b2:2f:27:65:f0:bd:21:71:51:41:9b:bc:86:a5:fb:
f7:c2:14:a6:fa:98:90:05:ba:2f:86:c9:25:dd:9d:6c:c2:0d:
a3:91:a4:bb:78:26:65:aa:ee:60:3f:c3:95:e7:95:b3:17:5d:
ad:eb:46:24:d8:64:1f:e6:3c:8a:be:f2:b2:88:6f:58:5f:7c:
c0:a1:6a:af:c2:73:05:71:97:6c:c3:1c:7b:71:25:31:44:2e:
2b:80:3b:dd:22:a8:70:10:2e:92:5b:2d:b1:99:d8:7d:cd:11:
ca:04:01:82
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZzQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDIw
NzExMzJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEQ3MjNDNzk0MUNDMjlC
MURGQ0UzN0Y1Mjk4OEM5RkFERjZBMTBFODcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCtFwLdSuU9GRgXmGTR8IlATHF3Fer+I6n7RCfbItSkKz/R5G00
uJRaa1RE6zaiIT8DAxpOHQ93TkrnmqeinuW372k7sG+aYNt9ez+I+sOI6oNzCbpp
AgjQl5b2MV99i/YSCaDs37OpAr5iM+RMrRXNs+zFaHN2/lW6Pw7+GCj+PCBfa8Hn
pxLalXWCShpJt85tahR64ELBMnBwZE2RnvoMXvCKi/FEw1HcGMmh7v4huSD16TBB
ti858czzZiiVqQB0gaKFKF3hmGsijRNZZNGAHtNj08HRDMO1SEUwj8Y6x25v+phx
vCXjSc/JWLSWAvVDtceMFPLxB/rG60uyJEZRAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU1yPHlBzCmx38439SmIyfrfahDocwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzF5UEhsQnpDbXgzODQz
OVNtSXlmcmZhaERvYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCLfruv
+nexL+PZkHlBvZvRij/48UZiiNFdupL4s5WjNLa/UGQzKAfNVoWreyf0XGdnAbl0
XqX8diVMjW0S60p2JnrtSIEyXrNZTCiKsuSTqDcIwJXmWUy6P+S4ZMqDqdsKo8Vj
2ZDhGukWN370mfGIxz8xeUQzCad6IQ2Kyrwr7fNrgt8qq8xvbhzy4AvpZceMwFuy
Lydl8L0hcVFBm7yGpfv3whSm+piQBbovhskl3Z1swg2jkaS7eCZlqu5gP8OV55Wz
F12t60Yk2GQf5jyKvvKyiG9YX3zAoWqvwnMFcZdswxx7cSUxRC4rgDvdIqhwEC6S
Wy2xmdh9zRHKBAGC
-----END CERTIFICATE-----
Generated at Sat Jun 21 03:25:25 2025 by rpki-client