Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/AYvlw2TxW_Fl5I0G-g72hTJ0rcU.roa
File: AYvlw2TxW_Fl5I0G-g72hTJ0rcU.roa (raw, json)
Hash identifier: U2hv0uymtK3pHGnEd6LRU/cKGFKpul5FhkbUx2UN4YM=
Subject key identifier: 01:8B:E5:C3:64:F1:5B:F1:65:E4:8D:06:FA:0E:F6:85:32:74:AD:C5
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6882
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/AYvlw2TxW_Fl5I0G-g72hTJ0rcU.roa
Signing time: Thu 05 Jun 2025 18:42:03 +0000
ROA not before: Thu 05 Jun 2025 18:42:03 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26754 (0x6882)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 5 18:42:03 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=018BE5C364F15BF165E48D06FA0EF6853274ADC5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:de:ab:8c:e1:29:59:4e:a9:1f:18:fe:bf:34:
ac:f1:67:83:ee:7d:94:46:fe:c1:4d:75:3b:89:83:
79:2b:68:9b:4b:a9:e3:61:12:ef:9b:05:0c:b3:a5:
3c:3f:f0:0e:ca:40:b1:ea:79:e9:de:e1:ab:67:e3:
82:4e:01:9e:b3:ad:ff:a4:70:b9:20:d0:00:c2:e1:
e7:7d:04:43:ea:da:8d:6b:a0:6b:68:b9:1d:87:ff:
26:5e:6d:06:86:44:41:e8:58:9b:71:44:9e:da:47:
e8:c8:cf:6b:5d:42:17:30:5b:37:ec:59:9c:04:7a:
fe:83:4c:be:47:a8:87:18:fc:c5:b6:a2:3e:65:9c:
9d:89:4a:bf:2c:3e:bb:b1:9e:29:86:8b:45:1e:36:
c3:4f:fb:0d:e2:ba:a9:2f:83:57:d9:b3:d9:73:83:
fd:d6:9d:2f:1c:bf:fd:2d:01:00:f8:45:ce:46:d7:
61:14:69:27:f1:a3:56:bc:f0:05:79:85:84:c8:d9:
90:d6:bb:cc:55:67:75:d7:c4:c1:ea:18:69:8c:52:
73:25:dd:f7:25:61:d4:38:37:eb:41:41:11:e6:c3:
a6:2a:d9:a2:fb:3a:c5:eb:f7:22:c9:e0:f3:4c:74:
d7:ce:f1:2c:37:a4:cb:b3:11:88:6b:05:69:36:e4:
8e:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:8B:E5:C3:64:F1:5B:F1:65:E4:8D:06:FA:0E:F6:85:32:74:AD:C5
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/AYvlw2TxW_Fl5I0G-g72hTJ0rcU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
46:70:aa:d7:9d:67:3e:a5:61:ce:27:07:2a:a2:ac:6b:9d:c0:
30:1b:21:ec:dd:d9:8d:db:c6:ee:2d:87:e3:5c:c1:8d:6d:cc:
89:a7:b0:89:9c:ef:ea:35:08:f8:b1:df:5d:cb:e5:5a:b9:c0:
99:86:9e:bd:73:89:f1:7a:ef:1f:ad:e8:59:f7:ac:b6:4f:e5:
a1:0c:53:29:a2:f0:38:ed:32:ec:6c:17:3a:64:bd:d9:ed:ef:
36:0e:0d:29:75:5e:e4:62:53:52:ee:5f:7a:32:5e:12:7c:67:
64:98:8b:57:9b:f3:87:03:3d:ec:d3:d5:99:77:f8:55:e5:69:
c5:99:12:87:c2:c5:72:e2:1d:24:2b:5f:9b:94:50:8c:f5:2a:
3d:82:0e:82:41:72:23:4f:48:4a:cd:ff:be:33:48:8d:96:9f:
ef:6d:0f:69:ca:aa:c2:10:b0:f9:51:5e:a3:b2:aa:c2:5f:c0:
80:a1:9e:9d:f4:6f:b0:37:1b:94:0b:4b:a6:f8:83:4c:eb:28:
84:17:57:22:6e:94:79:e7:73:c1:a6:df:09:b2:3e:0e:32:10:
e6:4a:7b:e6:18:82:5c:ef:df:a3:3d:b3:49:36:66:7e:75:c8:
21:2a:ae:26:61:43:1a:10:f0:10:b6:3e:a1:65:71:aa:58:a0:
05:43:20:6b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICaIIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDUx
ODQyMDNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDAxOEJFNUMzNjRGMTVC
RjE2NUU0OEQwNkZBMEVGNjg1MzI3NEFEQzUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC53quM4SlZTqkfGP6/NKzxZ4PufZRG/sFNdTuJg3kraJtLqeNh
Eu+bBQyzpTw/8A7KQLHqeene4atn44JOAZ6zrf+kcLkg0ADC4ed9BEPq2o1roGto
uR2H/yZebQaGREHoWJtxRJ7aR+jIz2tdQhcwWzfsWZwEev6DTL5HqIcY/MW2oj5l
nJ2JSr8sPruxnimGi0UeNsNP+w3iuqkvg1fZs9lzg/3WnS8cv/0tAQD4Rc5G12EU
aSfxo1a88AV5hYTI2ZDWu8xVZ3XXxMHqGGmMUnMl3fclYdQ4N+tBQRHmw6Yq2aL7
OsXr9yLJ4PNMdNfO8Sw3pMuzEYhrBWk25I47AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUAYvlw2TxW/Fl5I0G+g72hTJ0rcUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0FZdmx3MlR4V19GbDVJ
MEctZzcyaFRKMHJjVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBGcKrX
nWc+pWHOJwcqoqxrncAwGyHs3dmN28buLYfjXMGNbcyJp7CJnO/qNQj4sd9dy+Va
ucCZhp69c4nxeu8frehZ96y2T+WhDFMpovA47TLsbBc6ZL3Z7e82Dg0pdV7kYlNS
7l96Ml4SfGdkmItXm/OHAz3s09WZd/hV5WnFmRKHwsVy4h0kK1+blFCM9So9gg6C
QXIjT0hKzf++M0iNlp/vbQ9pyqrCELD5UV6jsqrCX8CAoZ6d9G+wNxuUC0um+INM
6yiEF1cibpR553PBpt8Jsj4OMhDmSnvmGIJc79+jPbNJNmZ+dcghKq4mYUMaEPAQ
tj6hZXGqWKAFQyBr
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:35:13 2025 by rpki-client