Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/kyqDOviqLPQBzJswkVVCgb5BK9o.roa
File: kyqDOviqLPQBzJswkVVCgb5BK9o.roa (raw, json)
Hash identifier: nJH2s6ZWMEQo2MCEFxNwFKm/tInuMZuTebVMmJsyW7o=
Subject key identifier: 93:2A:83:3A:F8:AA:2C:F4:01:CC:9B:30:91:55:42:81:BE:41:2B:DA
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6AE8
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/kyqDOviqLPQBzJswkVVCgb5BK9o.roa
Signing time: Thu 12 Jun 2025 04:12:19 +0000
ROA not before: Thu 12 Jun 2025 04:12:19 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27368 (0x6ae8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 12 04:12:19 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=932A833AF8AA2CF401CC9B3091554281BE412BDA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:9f:9f:4b:73:68:94:e2:8a:56:2e:c4:06:0b:
44:12:77:14:a3:c8:00:74:84:a1:0b:90:64:3a:75:
c7:c0:e7:6a:f0:f5:94:3c:80:01:98:84:90:2a:d7:
7c:2e:09:12:5d:42:d0:18:23:8d:9d:54:36:86:3d:
78:3d:07:ca:24:cc:49:cb:2a:d1:5d:e1:45:38:a3:
2b:31:d3:e3:7c:77:79:60:20:6f:39:b2:dd:42:dd:
24:a8:82:63:67:97:90:82:9b:6b:01:2f:58:7d:b9:
7b:43:15:04:f4:5b:25:19:53:a7:c4:d8:aa:15:7d:
0e:90:0f:16:5d:13:40:35:a2:f4:74:48:2f:b1:54:
1f:dc:09:49:e4:9c:ab:4d:ac:8e:6c:5a:7e:76:34:
52:a7:9a:20:71:1e:26:7b:ad:6c:60:06:b9:db:87:
3d:72:4f:c2:86:4f:36:3e:1c:31:63:83:c4:9f:dc:
c4:9a:aa:b2:f4:b3:70:75:0e:49:7b:67:ac:51:df:
89:52:b2:91:c3:1f:4b:3e:03:04:4e:eb:c2:cc:60:
92:16:4a:0d:0b:6f:33:2d:c4:05:63:fb:d2:ad:ca:
e2:c2:32:80:ee:9a:12:3a:22:d1:2c:10:f5:f5:19:
7a:ad:bb:6e:a0:af:84:60:82:7b:ba:42:bc:89:de:
36:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:2A:83:3A:F8:AA:2C:F4:01:CC:9B:30:91:55:42:81:BE:41:2B:DA
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/kyqDOviqLPQBzJswkVVCgb5BK9o.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
68:49:88:b7:bc:34:c5:54:87:f6:ac:f9:57:f5:48:eb:e5:7a:
72:81:25:48:48:e5:ac:7b:8a:f6:c3:d7:d4:dc:b0:d7:12:dc:
57:b5:7f:db:b0:6c:bd:56:89:a8:b4:3e:37:22:77:a8:83:39:
04:16:4f:4b:6e:31:40:78:b4:84:fb:26:4c:c2:aa:a3:9e:d4:
5d:06:87:3a:5a:b2:a3:89:87:27:b7:ca:c7:48:f5:a5:88:a0:
b9:5c:e6:c3:86:f8:8a:d2:69:17:53:84:52:44:58:28:80:a8:
6f:79:b8:62:c0:4f:bb:87:99:d0:da:13:4f:a2:84:fb:f1:47:
c0:0d:4d:d9:5a:81:49:96:86:a7:c6:d6:7c:c8:14:8d:dd:7e:
a9:14:36:c8:7d:64:27:af:05:61:4a:02:1d:02:09:75:37:42:
f2:b9:52:e0:9d:34:bb:5a:5f:0b:c8:2a:bd:e4:d1:e7:de:3e:
21:9f:9b:50:ce:39:06:c9:9a:56:f3:6f:7f:06:52:cc:93:0e:
98:7a:2d:f2:6f:84:ab:c7:13:70:86:11:d8:d2:97:6e:0e:29:
ae:0b:23:c6:c9:20:14:c9:43:80:51:5b:ce:6b:52:6a:93:84:
2c:41:4e:1e:70:c0:8f:14:eb:a6:a8:3e:b4:95:6e:43:83:75:
ed:64:99:70
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICaugwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTIw
NDEyMTlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDkzMkE4MzNBRjhBQTJD
RjQwMUNDOUIzMDkxNTU0MjgxQkU0MTJCREEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/n59Lc2iU4opWLsQGC0QSdxSjyAB0hKELkGQ6dcfA52rw9ZQ8
gAGYhJAq13wuCRJdQtAYI42dVDaGPXg9B8okzEnLKtFd4UU4oysx0+N8d3lgIG85
st1C3SSogmNnl5CCm2sBL1h9uXtDFQT0WyUZU6fE2KoVfQ6QDxZdE0A1ovR0SC+x
VB/cCUnknKtNrI5sWn52NFKnmiBxHiZ7rWxgBrnbhz1yT8KGTzY+HDFjg8Sf3MSa
qrL0s3B1Dkl7Z6xR34lSspHDH0s+AwRO68LMYJIWSg0LbzMtxAVj+9KtyuLCMoDu
mhI6ItEsEPX1GXqtu26gr4Rggnu6QryJ3jY9AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUkyqDOviqLPQBzJswkVVCgb5BK9owHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2t5cURPdmlxTFBRQnpK
c3drVlZDZ2I1Qks5by5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBoSYi3
vDTFVIf2rPlX9Ujr5XpygSVISOWse4r2w9fU3LDXEtxXtX/bsGy9VomotD43Ineo
gzkEFk9LbjFAeLSE+yZMwqqjntRdBoc6WrKjiYcnt8rHSPWliKC5XObDhviK0mkX
U4RSRFgogKhvebhiwE+7h5nQ2hNPooT78UfADU3ZWoFJloanxtZ8yBSN3X6pFDbI
fWQnrwVhSgIdAgl1N0LyuVLgnTS7Wl8LyCq95NHn3j4hn5tQzjkGyZpW829/BlLM
kw6Yei3yb4SrxxNwhhHY0pduDimuCyPGySAUyUOAUVvOa1Jqk4QsQU4ecMCPFOum
qD60lW5Dg3XtZJlw
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:54:14 2025 by rpki-client