Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Dyc3zWYkl5QgTnEzHE4tYMVQueA.roa
File: Dyc3zWYkl5QgTnEzHE4tYMVQueA.roa (raw, json)
Hash identifier: O1xvcPrpUzkYoStSd34eqoSDSVk7qYOEugFZSwimwFw=
Subject key identifier: 0F:27:37:CD:66:24:97:94:20:4E:71:33:1C:4E:2D:60:C5:50:B9:E0
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 617C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Dyc3zWYkl5QgTnEzHE4tYMVQueA.roa
Signing time: Sun 18 May 2025 01:10:28 +0000
ROA not before: Sun 18 May 2025 01:10:28 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24956 (0x617c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 18 01:10:28 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=0F2737CD66249794204E71331C4E2D60C550B9E0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:d2:94:6a:e6:34:aa:fc:98:98:08:60:fb:a2:
dc:d4:07:8b:08:cc:d2:52:13:df:29:50:7d:65:7f:
d5:ae:4f:f0:1b:6d:19:8a:81:f4:c1:48:aa:2e:96:
27:01:fa:a0:91:5d:d5:f1:31:68:cd:77:3d:86:2a:
82:06:3c:41:59:e0:4e:9c:ab:4d:82:bd:75:1d:be:
28:cf:4f:5e:93:a3:4b:c5:f8:bb:7e:e3:d3:a8:6b:
1f:3b:63:cd:98:43:26:4e:72:2d:3b:90:9c:6d:19:
39:e7:6f:14:96:f8:8f:c9:e6:22:7c:f3:c6:5d:b5:
c8:fa:57:21:e6:7f:87:4a:a8:59:fd:b9:1c:d3:08:
9f:33:18:b9:e3:18:d8:e7:af:38:66:6a:09:04:07:
3d:ca:88:4a:cc:d8:dc:c7:ac:c5:17:78:41:20:69:
7a:0e:bc:e0:f8:96:af:94:51:f4:c7:0b:1c:9e:2b:
d3:f5:eb:63:8b:aa:f6:48:56:92:ba:e2:0c:21:9d:
d1:c6:b5:67:28:f3:79:cb:cd:91:50:73:85:a2:70:
ff:cf:03:43:ff:69:c5:ce:32:4a:7c:c4:dd:11:01:
e0:c6:30:10:e7:38:81:d7:b2:b4:17:63:b2:dc:13:
ab:31:a4:05:58:8b:d5:d9:6b:e7:a3:de:dc:5a:41:
bc:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:27:37:CD:66:24:97:94:20:4E:71:33:1C:4E:2D:60:C5:50:B9:E0
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Dyc3zWYkl5QgTnEzHE4tYMVQueA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
2b:4e:1d:8c:59:68:73:23:79:43:9d:2a:d5:24:ce:6d:2d:0a:
8f:c7:db:9a:1a:ba:8a:f4:b9:d5:62:12:a0:7f:e0:48:8d:ec:
f8:e5:f4:e1:cb:05:74:1a:66:24:cd:fa:52:73:8d:fa:e2:de:
50:3d:98:d0:77:53:b3:e3:ee:0f:9a:3b:97:da:01:60:c5:c2:
56:34:da:56:d0:dd:79:15:6b:5a:60:7f:0b:80:ed:d3:09:69:
81:ea:30:68:37:e9:f0:46:77:83:11:04:38:32:ba:be:98:fa:
6d:55:fd:27:f5:63:52:97:6f:42:58:de:c3:78:4c:eb:7d:7a:
f1:05:8d:ae:ba:c7:3c:9d:0c:8b:0e:53:08:dc:02:24:e1:cf:
e3:49:a3:50:dc:2c:d4:67:a4:14:7d:dc:38:e0:76:cb:4f:03:
93:4a:e9:59:90:2d:3f:8f:44:06:89:70:80:55:2b:8f:51:0e:
35:9a:c8:4a:e6:5d:28:44:33:45:1a:0c:af:50:33:07:99:cc:
35:86:77:62:1e:a7:3e:e3:60:ac:01:fc:ce:4b:2c:9f:89:65:
98:51:08:29:e8:11:d7:a0:ad:7e:0b:ba:5c:87:49:8b:bd:87:
7c:55:0c:8f:9d:86:0b:f1:96:62:79:8c:fc:54:f6:f3:9f:0c:
79:09:41:ca
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYXwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTgw
MTEwMjhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDBGMjczN0NENjYyNDk3
OTQyMDRFNzEzMzFDNEUyRDYwQzU1MEI5RTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCb0pRq5jSq/JiYCGD7otzUB4sIzNJSE98pUH1lf9WuT/AbbRmK
gfTBSKoulicB+qCRXdXxMWjNdz2GKoIGPEFZ4E6cq02CvXUdvijPT16To0vF+Lt+
49Ooax87Y82YQyZOci07kJxtGTnnbxSW+I/J5iJ888Zdtcj6VyHmf4dKqFn9uRzT
CJ8zGLnjGNjnrzhmagkEBz3KiErM2NzHrMUXeEEgaXoOvOD4lq+UUfTHCxyeK9P1
62OLqvZIVpK64gwhndHGtWco83nLzZFQc4WicP/PA0P/acXOMkp8xN0RAeDGMBDn
OIHXsrQXY7LcE6sxpAVYi9XZa+ej3txaQbxBAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUDyc3zWYkl5QgTnEzHE4tYMVQueAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0R5YzN6V1lrbDVRZ1Ru
RXpIRTR0WU1WUXVlQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQArTh2M
WWhzI3lDnSrVJM5tLQqPx9uaGrqK9LnVYhKgf+BIjez45fThywV0GmYkzfpSc436
4t5QPZjQd1Oz4+4PmjuX2gFgxcJWNNpW0N15FWtaYH8LgO3TCWmB6jBoN+nwRneD
EQQ4Mrq+mPptVf0n9WNSl29CWN7DeEzrfXrxBY2uusc8nQyLDlMI3AIk4c/jSaNQ
3CzUZ6QUfdw44HbLTwOTSulZkC0/j0QGiXCAVSuPUQ41mshK5l0oRDNFGgyvUDMH
mcw1hndiHqc+42CsAfzOSyyfiWWYUQgp6BHXoK1+C7pch0mLvYd8VQyPnYYL8ZZi
eYz8VPbznwx5CUHK
-----END CERTIFICATE-----
Generated at Sat Jun 21 21:35:36 2025 by rpki-client