Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/YZamdMmtY6oHKGcKbZeMRL2Q5fc.roa
File: YZamdMmtY6oHKGcKbZeMRL2Q5fc.roa (raw, json)
Hash identifier: WNRSTv9XMkY4gCw7PJlAwKysbjtcviXLKBpX9lfT2dA=
Subject key identifier: 61:96:A6:74:C9:AD:63:AA:07:28:67:0A:6D:97:8C:44:BD:90:E5:F7
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 69A6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YZamdMmtY6oHKGcKbZeMRL2Q5fc.roa
Signing time: Sun 08 Jun 2025 19:41:57 +0000
ROA not before: Sun 08 Jun 2025 19:41:57 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27046 (0x69a6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 8 19:41:57 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=6196A674C9AD63AA0728670A6D978C44BD90E5F7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:3c:d4:96:94:06:96:8e:d0:5e:5b:3e:b0:67:
19:b4:ac:a7:9e:41:24:7a:2f:e3:b3:51:16:0b:f7:
d1:68:21:4e:ae:e8:20:04:4e:98:26:7b:18:37:55:
cb:2d:91:44:a3:b3:3d:4b:cd:89:d0:d0:95:e5:c4:
58:4d:93:08:40:70:3a:9f:22:0e:98:e9:c5:f2:fa:
80:98:ca:93:1c:93:cf:06:a3:bd:43:52:b8:0f:fb:
c2:29:5c:ea:b7:a5:7a:50:69:bb:cb:3c:79:d3:0e:
ee:7a:06:b3:7a:93:17:7b:b7:36:7d:92:17:a5:dc:
7f:0d:c1:83:8a:16:ba:0d:3e:f7:48:dc:58:fa:b7:
94:30:28:eb:90:d0:3b:57:16:ac:d3:33:ea:9f:b3:
03:38:1e:b5:85:84:fc:71:c0:ba:13:40:f7:fa:7b:
24:30:25:64:fc:e5:bf:1e:d7:f6:89:e5:02:b9:24:
8b:c2:09:b9:21:24:6e:b6:ef:ae:d0:64:f1:e7:7a:
a8:d6:26:5e:33:48:67:6b:84:c9:64:62:43:11:5d:
01:5c:0a:03:f0:51:3e:cc:8c:76:96:95:90:a0:ba:
88:be:1b:a6:76:76:02:f9:7b:a8:78:84:ca:ca:e0:
05:2f:b5:30:89:fa:d6:f7:81:00:2a:2d:c0:0a:b3:
37:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:96:A6:74:C9:AD:63:AA:07:28:67:0A:6D:97:8C:44:BD:90:E5:F7
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/YZamdMmtY6oHKGcKbZeMRL2Q5fc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
55:b3:6c:de:78:55:33:be:5d:d7:57:c2:ae:a8:9f:4f:59:e1:
4c:cc:a9:80:ac:93:60:99:50:91:81:e2:45:78:27:4e:b3:0f:
0b:c8:56:d8:98:ae:0d:dc:db:6d:26:55:76:10:f5:92:45:2e:
96:ef:ea:21:40:9e:0f:42:17:2d:38:47:3a:29:62:7a:0f:4e:
4d:95:39:99:1b:3b:55:a4:d1:2d:1d:d4:f7:b4:66:e5:68:ab:
68:74:42:20:7c:8f:42:ac:00:0e:a7:be:9c:db:e5:94:5b:17:
54:98:0d:8a:45:d2:94:a5:97:b6:a0:96:f8:24:d4:3e:e0:ae:
f9:d6:0e:b0:68:2e:06:29:92:e0:d5:49:b1:8a:29:eb:97:0c:
2b:c7:72:ee:63:8d:dc:65:cb:41:49:8a:b1:20:6e:3d:fb:1e:
1e:8b:d1:e4:f7:97:4f:9f:fd:ce:01:36:1e:d5:64:93:ed:a3:
aa:db:2c:12:66:95:10:3b:fb:e5:9b:5d:c6:91:a0:43:d1:6d:
6f:38:89:da:3a:1c:7a:19:81:f6:8c:a5:26:82:28:31:e1:89:
45:f9:16:5d:48:89:c9:30:9d:1e:3b:fe:55:9c:5f:55:71:77:
53:13:01:10:c3:d4:60:46:37:f3:10:4f:35:3d:fa:91:41:e9:
b2:af:03:cd
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICaaYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDgx
OTQxNTdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDYxOTZBNjc0QzlBRDYz
QUEwNzI4NjcwQTZEOTc4QzQ0QkQ5MEU1RjcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKPNSWlAaWjtBeWz6wZxm0rKeeQSR6L+OzURYL99FoIU6u6CAE
Tpgmexg3VcstkUSjsz1LzYnQ0JXlxFhNkwhAcDqfIg6Y6cXy+oCYypMck88Go71D
UrgP+8IpXOq3pXpQabvLPHnTDu56BrN6kxd7tzZ9khel3H8NwYOKFroNPvdI3Fj6
t5QwKOuQ0DtXFqzTM+qfswM4HrWFhPxxwLoTQPf6eyQwJWT85b8e1/aJ5QK5JIvC
CbkhJG62767QZPHneqjWJl4zSGdrhMlkYkMRXQFcCgPwUT7MjHaWlZCguoi+G6Z2
dgL5e6h4hMrK4AUvtTCJ+tb3gQAqLcAKsze3AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUYZamdMmtY6oHKGcKbZeMRL2Q5fcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1laYW1kTW10WTZvSEtH
Y0tiWmVNUkwyUTVmYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBVs2ze
eFUzvl3XV8KuqJ9PWeFMzKmArJNgmVCRgeJFeCdOsw8LyFbYmK4N3NttJlV2EPWS
RS6W7+ohQJ4PQhctOEc6KWJ6D05NlTmZGztVpNEtHdT3tGblaKtodEIgfI9CrAAO
p76c2+WUWxdUmA2KRdKUpZe2oJb4JNQ+4K751g6waC4GKZLg1Umxiinrlwwrx3Lu
Y43cZctBSYqxIG49+x4ei9Hk95dPn/3OATYe1WST7aOq2ywSZpUQO/vlm13GkaBD
0W1vOInaOhx6GYH2jKUmgigx4YlF+RZdSInJMJ0eO/5VnF9VcXdTEwEQw9RgRjfz
EE81PfqRQemyrwPN
-----END CERTIFICATE-----
Generated at Sat Jun 21 12:25:11 2025 by rpki-client