Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/YYETtrP88qjZa5aWy-5YWbigpH8.roa
File: YYETtrP88qjZa5aWy-5YWbigpH8.roa (raw, json)
Hash identifier: uADupwlKtaTiY4+aucEffc8kxSlcCPEPRsRqeyyQO3s=
Subject key identifier: 61:81:13:B6:B3:FC:F2:A8:D9:6B:96:96:CB:EE:58:59:B8:A0:A4:7F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6242
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YYETtrP88qjZa5aWy-5YWbigpH8.roa
Signing time: Tue 20 May 2025 02:40:38 +0000
ROA not before: Tue 20 May 2025 02:40:38 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25154 (0x6242)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 20 02:40:38 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=618113B6B3FCF2A8D96B9696CBEE5859B8A0A47F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:0a:7e:11:cd:92:36:5f:42:19:1b:31:dd:57:
40:1e:82:a1:35:57:ea:30:6e:b7:0b:43:0a:40:97:
93:a9:3b:ad:83:f9:c5:3e:b7:24:ce:9b:72:0f:e4:
89:01:2a:e2:37:88:cf:12:f8:58:78:8d:ed:14:33:
d4:09:38:bd:d1:f6:d5:23:15:ec:18:9f:8d:c0:e9:
dd:b0:6c:c6:ec:45:67:61:76:e1:f0:52:40:96:98:
ff:11:5f:a7:68:36:31:77:2d:fe:08:33:b6:b8:2e:
be:5c:9c:e4:ce:c4:85:fa:de:c7:81:31:cc:36:e2:
13:1a:b5:40:6e:ec:cb:6d:bd:41:cc:df:c3:c5:bb:
7a:d1:fa:86:a4:c6:89:1a:2c:cc:36:07:0f:4b:f7:
0b:2a:f7:99:a2:25:e9:5c:c7:17:a8:80:8a:0c:4a:
8f:19:15:21:cb:a3:da:2b:4d:6d:5b:85:60:84:b6:
b3:4d:2a:9d:c7:d8:65:09:ba:4f:60:c4:b1:44:03:
4d:e1:35:7d:e8:2b:fe:e9:4c:06:5a:b6:f8:87:ec:
ab:28:fc:f5:d2:58:37:9c:e7:6f:f7:62:2e:47:cb:
92:15:ad:7f:de:62:92:6e:a1:cf:8c:ba:d2:2a:a0:
5b:61:16:f8:82:32:cf:03:bb:c7:f7:ce:ec:e8:65:
7a:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:81:13:B6:B3:FC:F2:A8:D9:6B:96:96:CB:EE:58:59:B8:A0:A4:7F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YYETtrP88qjZa5aWy-5YWbigpH8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
2c:46:8e:96:c7:08:3d:e0:4a:e7:28:6e:58:7d:bd:76:1a:e2:
8c:82:f8:8a:15:10:7b:ef:c1:49:df:86:9a:a3:f5:8f:0a:9e:
6c:eb:20:8b:e4:3e:c3:48:18:f5:f9:80:db:28:f8:73:f0:b5:
9c:f7:84:63:6f:81:82:9d:84:f6:17:58:ed:43:f2:36:f4:2a:
30:0e:73:02:bd:cb:d5:dc:69:dd:9b:c9:60:4a:20:fb:e6:cb:
56:cf:18:d2:b2:56:d7:3e:5f:fd:5f:7e:54:fb:76:bb:7b:5e:
69:e0:9a:91:92:88:ce:b9:af:5c:f2:87:c4:ac:0e:fb:52:23:
96:5c:04:6b:15:bf:e8:40:57:e2:f9:58:63:74:e0:83:43:f4:
4d:8f:11:3c:97:0b:10:95:89:df:6e:68:84:ac:6b:05:7c:63:
0f:d6:9c:4f:f3:20:7b:4f:7c:0e:95:5b:7c:03:91:8e:cb:a6:
f4:53:59:23:66:d1:28:9f:5d:31:fc:54:41:3f:91:61:7b:c6:
d1:9e:5b:aa:83:93:86:08:9b:f8:1e:3f:5e:af:c8:3f:98:2f:
bb:1c:2d:6e:6d:af:c0:42:0a:73:90:4c:35:fd:e3:34:f3:61:
bf:d8:a4:a3:df:db:06:88:b4:d2:9d:38:e5:f1:77:de:9e:29:
5d:eb:08:81
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYkIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjAw
MjQwMzhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDYxODExM0I2QjNGQ0Yy
QThEOTZCOTY5NkNCRUU1ODU5QjhBMEE0N0YwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCCn4RzZI2X0IZGzHdV0AegqE1V+owbrcLQwpAl5OpO62D+cU+
tyTOm3IP5IkBKuI3iM8S+Fh4je0UM9QJOL3R9tUjFewYn43A6d2wbMbsRWdhduHw
UkCWmP8RX6doNjF3Lf4IM7a4Lr5cnOTOxIX63seBMcw24hMatUBu7MttvUHM38PF
u3rR+oakxokaLMw2Bw9L9wsq95miJelcxxeogIoMSo8ZFSHLo9orTW1bhWCEtrNN
Kp3H2GUJuk9gxLFEA03hNX3oK/7pTAZatviH7Kso/PXSWDec52/3Yi5Hy5IVrX/e
YpJuoc+MutIqoFthFviCMs8Du8f3zuzoZXpPAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUYYETtrP88qjZa5aWy+5YWbigpH8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1lZRVR0clA4OHFqWmE1
YVd5LTVZV2JpZ3BIOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAsRo6W
xwg94ErnKG5Yfb12GuKMgviKFRB778FJ34aao/WPCp5s6yCL5D7DSBj1+YDbKPhz
8LWc94Rjb4GCnYT2F1jtQ/I29CowDnMCvcvV3Gndm8lgSiD75stWzxjSslbXPl/9
X35U+3a7e15p4JqRkojOua9c8ofErA77UiOWXARrFb/oQFfi+VhjdOCDQ/RNjxE8
lwsQlYnfbmiErGsFfGMP1pxP8yB7T3wOlVt8A5GOy6b0U1kjZtEon10x/FRBP5Fh
e8bRnluqg5OGCJv4Hj9er8g/mC+7HC1uba/AQgpzkEw1/eM082G/2KSj39sGiLTS
nTjl8Xfenild6wiB
-----END CERTIFICATE-----
Generated at Sat Jun 21 11:28:05 2025 by rpki-client