Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/IYK3897sIFiV_jPlqmeTroJ9-Ro.roa
File: IYK3897sIFiV_jPlqmeTroJ9-Ro.roa (raw, json)
Hash identifier: LiUAlinF6vW7Dc4idxSL/QD/2Teh3Act2sHfoZl2nv0=
Subject key identifier: 21:82:B7:F3:DE:EC:20:58:95:FE:33:E5:AA:67:93:AE:82:7D:F9:1A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 62C8
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/IYK3897sIFiV_jPlqmeTroJ9-Ro.roa
Signing time: Wed 21 May 2025 12:11:01 +0000
ROA not before: Wed 21 May 2025 12:11:01 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25288 (0x62c8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 21 12:11:01 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=2182B7F3DEEC205895FE33E5AA6793AE827DF91A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:20:36:6f:86:c4:d0:1d:b1:1f:0a:f4:a0:04:
59:36:8a:cb:0a:dc:fa:f9:bd:05:50:0a:7e:9f:db:
a1:3b:2c:d9:7c:f0:1e:62:ba:e7:f3:32:45:de:7a:
b4:2a:36:52:cb:35:74:cd:ef:48:5b:26:cf:07:98:
4d:32:66:5f:94:0e:f0:2d:8f:c3:83:e5:62:43:fc:
1a:4a:e4:3d:c2:f9:d8:02:cc:02:0c:93:f9:f5:b0:
7c:b6:e7:a0:ff:a2:22:a0:19:8b:bd:cb:1d:69:77:
e6:52:ba:0b:9d:93:44:14:a8:ab:15:e4:fa:80:60:
0f:6e:f9:a0:2c:fe:12:d4:a0:d4:be:ce:1a:af:87:
18:80:b7:76:f0:42:81:26:f5:eb:53:6e:a4:30:12:
1c:5a:57:f5:22:d2:ee:a2:8d:44:79:b1:7f:f2:88:
8e:0d:ee:30:1a:c8:2b:94:ef:09:67:6c:6e:8b:02:
14:42:87:cd:59:e8:07:37:b5:99:04:bb:e1:d6:23:
84:70:91:b6:30:4b:2b:13:ad:db:bf:bb:85:a3:b4:
19:52:ba:22:c4:1e:3d:e8:9f:db:09:f9:e5:85:04:
43:cb:fd:10:0b:79:89:06:21:aa:c3:c5:b7:e9:a9:
79:d4:19:78:7c:fe:c0:89:3e:ac:81:77:31:65:e3:
c3:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:82:B7:F3:DE:EC:20:58:95:FE:33:E5:AA:67:93:AE:82:7D:F9:1A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/IYK3897sIFiV_jPlqmeTroJ9-Ro.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
3c:5d:34:9b:59:65:8f:29:fe:d9:07:17:b2:2e:5e:df:18:b1:
5e:bb:63:0f:e1:51:52:af:6a:8b:02:64:05:5a:fe:12:d0:52:
fc:a6:ee:34:2f:70:95:c9:00:d6:79:18:38:01:b5:ab:25:d1:
d4:ff:25:f7:57:cb:1f:f3:4b:dc:4b:da:7a:64:50:a3:c3:75:
8d:ad:dc:34:24:3d:80:81:e7:c5:57:fa:3c:65:4c:30:80:1c:
56:2f:cb:c8:e8:cb:72:6e:d7:c3:81:46:ac:d6:f0:4e:2a:74:
33:03:e3:10:9e:d1:a5:8c:a5:18:f1:cf:7a:36:b2:80:55:7f:
e3:f0:74:07:30:1c:43:ab:f3:2a:b2:5e:f6:43:75:ea:0e:ee:
de:3b:b3:fc:e4:52:48:9c:19:10:99:b2:71:1f:8c:18:2c:5a:
08:4d:99:cd:e0:f5:a2:a3:5c:e0:50:64:b6:e2:a9:76:ed:cf:
c3:35:23:e8:c2:59:bb:2b:d3:97:df:e8:92:05:f8:9e:b2:69:
e8:84:de:ae:09:4b:30:1b:98:ba:44:84:e0:a9:fe:fa:d9:69:
df:87:1a:a5:36:b3:18:53:a0:19:0c:b8:2a:83:25:92:aa:00:
68:99:88:21:5a:bd:c8:2d:75:ef:52:10:36:39:1d:a8:99:8a:
c1:98:1f:67
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYsgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjEx
MjExMDFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDIxODJCN0YzREVFQzIw
NTg5NUZFMzNFNUFBNjc5M0FFODI3REY5MUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDnIDZvhsTQHbEfCvSgBFk2issK3Pr5vQVQCn6f26E7LNl88B5i
uufzMkXeerQqNlLLNXTN70hbJs8HmE0yZl+UDvAtj8OD5WJD/BpK5D3C+dgCzAIM
k/n1sHy256D/oiKgGYu9yx1pd+ZSugudk0QUqKsV5PqAYA9u+aAs/hLUoNS+zhqv
hxiAt3bwQoEm9etTbqQwEhxaV/Ui0u6ijUR5sX/yiI4N7jAayCuU7wlnbG6LAhRC
h81Z6Ac3tZkEu+HWI4RwkbYwSysTrdu/u4WjtBlSuiLEHj3on9sJ+eWFBEPL/RAL
eYkGIarDxbfpqXnUGXh8/sCJPqyBdzFl48MzAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUIYK3897sIFiV/jPlqmeTroJ9+RowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0lZSzM4OTdzSUZpVl9q
UGxxbWVUcm9KOS1Sby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA8XTSb
WWWPKf7ZBxeyLl7fGLFeu2MP4VFSr2qLAmQFWv4S0FL8pu40L3CVyQDWeRg4AbWr
JdHU/yX3V8sf80vcS9p6ZFCjw3WNrdw0JD2AgefFV/o8ZUwwgBxWL8vI6MtybtfD
gUas1vBOKnQzA+MQntGljKUY8c96NrKAVX/j8HQHMBxDq/Mqsl72Q3XqDu7eO7P8
5FJInBkQmbJxH4wYLFoITZnN4PWio1zgUGS24ql27c/DNSPowlm7K9OX3+iSBfie
smnohN6uCUswG5i6RITgqf762WnfhxqlNrMYU6AZDLgqgyWSqgBomYghWr3ILXXv
UhA2OR2omYrBmB9n
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:21:10 2025 by rpki-client