Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/yKDl2q-nHCsLGrSFJMkPPBbWJbk.roa
File: yKDl2q-nHCsLGrSFJMkPPBbWJbk.roa (raw, json)
Hash identifier: tckN6POZEtqojnMT3GD5X6N/tnwLySurtXG2/JVw3X8=
Subject key identifier: C8:A0:E5:DA:AF:A7:1C:2B:0B:1A:B4:85:24:C9:0F:3C:16:D6:25:B9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6A8E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/yKDl2q-nHCsLGrSFJMkPPBbWJbk.roa
Signing time: Wed 11 Jun 2025 05:42:15 +0000
ROA not before: Wed 11 Jun 2025 05:42:15 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27278 (0x6a8e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 11 05:42:15 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=C8A0E5DAAFA71C2B0B1AB48524C90F3C16D625B9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:a3:c7:78:17:9e:5a:0e:d0:ae:1b:d4:b6:3b:
c0:9a:3e:ae:bd:3a:96:64:92:81:e4:c5:b3:a4:3e:
22:b7:ab:e2:5a:14:1f:01:0c:c5:b6:ad:6f:38:7c:
f9:91:4f:de:a8:90:da:41:18:47:84:1e:9c:4e:fa:
ce:69:c1:83:19:b8:05:14:c8:2d:64:31:25:61:f3:
02:de:c9:03:84:8c:7c:7a:05:4c:c5:10:0f:8d:5f:
e8:d3:c7:7b:15:49:f3:c8:1e:64:09:6c:ee:93:cf:
1e:60:75:dc:98:cf:9a:52:83:e7:61:88:a7:04:27:
cc:4d:8a:d1:9f:8e:49:05:49:0c:87:22:1c:75:7a:
1a:6e:9f:92:fe:28:e2:c1:ce:e0:63:ac:e4:98:b3:
e1:91:94:2e:3a:39:8e:e4:35:c6:76:8f:b7:74:60:
88:7b:fd:17:d7:82:b1:00:00:25:02:e7:ba:6d:23:
f1:71:f6:a1:cc:85:f1:ae:6c:d3:89:98:42:e8:89:
6d:6c:5c:b5:2b:ec:7f:e4:f0:26:15:a7:47:7b:a6:
7a:e9:32:5f:85:49:e7:aa:87:a3:c1:23:22:87:83:
a2:4b:7f:34:0d:68:2e:58:23:fa:6d:41:a7:c4:a3:
a0:5d:89:08:b4:e0:77:f5:ca:e8:14:e3:9b:55:fc:
15:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:A0:E5:DA:AF:A7:1C:2B:0B:1A:B4:85:24:C9:0F:3C:16:D6:25:B9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/yKDl2q-nHCsLGrSFJMkPPBbWJbk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
78:2b:d2:a5:85:ba:9e:c0:8d:7c:cf:86:c1:ee:ac:7a:a1:6a:
5b:1c:b2:5d:94:13:79:d9:77:2f:b0:05:cf:e4:d3:53:91:95:
b4:20:41:63:17:44:23:e5:e6:ef:36:6e:07:b2:30:4a:9e:de:
93:02:0d:60:40:1b:d3:f2:8b:78:f2:e0:37:ed:aa:51:fb:2b:
89:c8:98:81:6b:ac:51:4a:f6:fb:73:d6:61:f8:89:65:ed:72:
ee:59:97:d3:f1:0e:e6:48:98:36:4e:cd:2f:a8:93:db:61:fa:
5d:d6:87:ff:e2:3f:98:8a:30:93:ca:ef:9c:b5:4b:26:55:53:
1e:09:4c:18:8c:3b:2f:93:08:16:29:9a:ad:91:c9:cc:85:26:
b5:81:67:d5:98:71:0a:1a:ed:87:0a:24:47:da:83:ea:30:3f:
10:d6:63:a2:8b:e7:2d:71:d4:52:14:e2:bf:9c:14:a5:2e:3c:
81:37:fa:9f:f9:ef:d8:83:77:93:9b:6c:ed:f7:ff:80:0e:ce:
e1:8b:ec:4d:d6:fd:de:99:f3:94:65:e0:0e:84:cf:5d:94:31:
6c:a2:c6:11:08:9d:34:06:3c:f7:51:75:a2:12:2b:e8:0d:3b:
ca:35:a2:eb:80:6f:55:04:bb:fe:fd:ce:13:b3:46:3c:ba:a5:
2c:a5:2f:cd
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICao4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTEw
NTQyMTVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEM4QTBFNURBQUZBNzFD
MkIwQjFBQjQ4NTI0QzkwRjNDMTZENjI1QjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDXo8d4F55aDtCuG9S2O8CaPq69OpZkkoHkxbOkPiK3q+JaFB8B
DMW2rW84fPmRT96okNpBGEeEHpxO+s5pwYMZuAUUyC1kMSVh8wLeyQOEjHx6BUzF
EA+NX+jTx3sVSfPIHmQJbO6Tzx5gddyYz5pSg+dhiKcEJ8xNitGfjkkFSQyHIhx1
ehpun5L+KOLBzuBjrOSYs+GRlC46OY7kNcZ2j7d0YIh7/RfXgrEAACUC57ptI/Fx
9qHMhfGubNOJmELoiW1sXLUr7H/k8CYVp0d7pnrpMl+FSeeqh6PBIyKHg6JLfzQN
aC5YI/ptQafEo6BdiQi04Hf1yugU45tV/BXNAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUyKDl2q+nHCsLGrSFJMkPPBbWJbkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3lLRGwycS1uSENzTEdy
U0ZKTWtQUEJiV0piay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB4K9Kl
hbqewI18z4bB7qx6oWpbHLJdlBN52XcvsAXP5NNTkZW0IEFjF0Qj5ebvNm4HsjBK
nt6TAg1gQBvT8ot48uA37apR+yuJyJiBa6xRSvb7c9Zh+Ill7XLuWZfT8Q7mSJg2
Ts0vqJPbYfpd1of/4j+YijCTyu+ctUsmVVMeCUwYjDsvkwgWKZqtkcnMhSa1gWfV
mHEKGu2HCiRH2oPqMD8Q1mOii+ctcdRSFOK/nBSlLjyBN/qf+e/Yg3eTm2zt9/+A
Ds7hi+xN1v3emfOUZeAOhM9dlDFsosYRCJ00Bjz3UXWiEivoDTvKNaLrgG9VBLv+
/c4Ts0Y8uqUspS/N
-----END CERTIFICATE-----
Generated at Sun Jun 15 09:26:22 2025 by rpki-client