Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Sy9FyILMYSFaEs-T706ANOzOqm0.roa
File: Sy9FyILMYSFaEs-T706ANOzOqm0.roa (raw, json)
Hash identifier: 57UH5u/63W5DRx8QmhZNlBlaaab8WqF78898GfS80BA=
Subject key identifier: 4B:2F:45:C8:82:CC:61:21:5A:12:CF:93:EF:4E:80:34:EC:CE:AA:6D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5F5A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Sy9FyILMYSFaEs-T706ANOzOqm0.roa
Signing time: Mon 12 May 2025 08:40:20 +0000
ROA not before: Mon 12 May 2025 08:40:20 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24410 (0x5f5a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 12 08:40:20 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=4B2F45C882CC61215A12CF93EF4E8034ECCEAA6D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:37:d8:bd:a0:a5:63:e3:ac:0d:46:44:03:aa:
f2:01:16:5a:7a:a4:89:3a:14:6c:a9:fd:75:23:1a:
01:8f:2a:a9:ee:b0:b6:17:9f:4c:54:f0:04:fc:64:
6d:6d:13:ae:1e:9f:59:05:2e:f0:71:1e:92:c7:cf:
1a:2c:4e:1a:0c:0f:8b:a7:33:03:49:3f:d1:fe:99:
bd:b1:95:2b:79:cb:74:58:ee:b7:fc:01:67:8c:21:
2e:55:bc:4f:3b:92:ae:88:c7:99:75:df:80:f4:a3:
99:57:86:b7:23:70:ad:42:f5:ec:48:1c:1c:fb:97:
5e:a8:1d:1d:72:69:ad:71:7e:f1:93:5c:30:0b:03:
2e:e1:f5:ac:a5:89:7e:42:fb:52:9d:eb:cc:98:8b:
2a:73:c6:70:e1:e4:10:ed:ce:af:ed:ee:80:21:97:
d5:7c:30:46:bc:ac:44:03:73:6f:3f:41:6e:f0:85:
cd:8e:d3:da:5e:ef:23:c5:a8:a5:5d:b0:50:8a:8d:
97:bc:4a:97:05:59:55:69:6b:c6:1b:5b:0c:43:a0:
2f:43:2b:a2:4b:81:1e:35:8c:cd:d9:03:ef:30:1b:
b9:3f:4b:54:13:ed:f5:c3:ad:14:6f:c6:b9:b7:31:
6b:01:70:6b:e5:ea:49:c0:c1:82:7b:d0:e5:6d:e4:
6a:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:2F:45:C8:82:CC:61:21:5A:12:CF:93:EF:4E:80:34:EC:CE:AA:6D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Sy9FyILMYSFaEs-T706ANOzOqm0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
2f:8f:26:93:9f:cb:1f:17:d9:46:da:13:a7:a3:7a:23:c5:b6:
27:37:85:3e:9e:56:63:dd:49:a5:0e:4a:a0:42:d9:85:4f:4c:
7d:49:26:23:d1:c6:eb:d1:cf:a9:a7:44:cb:7d:d9:5d:bf:17:
69:48:ad:a1:c7:3e:3d:78:4d:66:8f:65:5f:34:40:1d:31:9e:
62:06:d5:0c:1f:13:f8:5e:56:50:6e:8c:e5:ab:bc:28:80:e3:
c0:ee:45:58:e0:f7:f4:74:49:49:0d:0f:85:3a:fe:c2:f9:6a:
8a:76:30:c1:81:aa:2e:61:9a:41:22:ee:86:ab:72:0a:a8:15:
bb:4e:ef:47:30:9f:41:d1:04:50:6f:08:55:c6:ac:45:dd:78:
f9:ed:d7:a4:86:16:02:63:3b:f2:ed:8d:e3:b8:79:a3:d5:77:
40:39:54:c5:f8:2c:72:47:49:3f:ba:be:c4:f1:59:a4:07:a5:
1a:1c:ae:21:89:df:9c:50:29:88:23:b6:85:8b:0b:cc:94:1c:
32:bf:22:33:06:f5:ac:fe:47:ea:7c:52:7f:9c:ec:a6:31:a3:
cf:f2:22:f4:43:a7:5c:f4:f0:f7:27:ee:f6:4f:23:d3:b7:1e:
7b:ed:35:8c:d2:4e:e8:7e:9c:b3:79:aa:5c:e6:96:bb:38:d3:
48:73:ef:62
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICX1owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTIw
ODQwMjBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDRCMkY0NUM4ODJDQzYx
MjE1QTEyQ0Y5M0VGNEU4MDM0RUNDRUFBNkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDYN9i9oKVj46wNRkQDqvIBFlp6pIk6FGyp/XUjGgGPKqnusLYX
n0xU8AT8ZG1tE64en1kFLvBxHpLHzxosThoMD4unMwNJP9H+mb2xlSt5y3RY7rf8
AWeMIS5VvE87kq6Ix5l134D0o5lXhrcjcK1C9exIHBz7l16oHR1yaa1xfvGTXDAL
Ay7h9ayliX5C+1Kd68yYiypzxnDh5BDtzq/t7oAhl9V8MEa8rEQDc28/QW7whc2O
09pe7yPFqKVdsFCKjZe8SpcFWVVpa8YbWwxDoC9DK6JLgR41jM3ZA+8wG7k/S1QT
7fXDrRRvxrm3MWsBcGvl6knAwYJ70OVt5GrnAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUSy9FyILMYSFaEs+T706ANOzOqm0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1N5OUZ5SUxNWVNGYUVz
LVQ3MDZBTk96T3FtMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAvjyaT
n8sfF9lG2hOno3ojxbYnN4U+nlZj3UmlDkqgQtmFT0x9SSYj0cbr0c+pp0TLfdld
vxdpSK2hxz49eE1mj2VfNEAdMZ5iBtUMHxP4XlZQbozlq7wogOPA7kVY4Pf0dElJ
DQ+FOv7C+WqKdjDBgaouYZpBIu6Gq3IKqBW7Tu9HMJ9B0QRQbwhVxqxF3Xj57dek
hhYCYzvy7Y3juHmj1XdAOVTF+CxyR0k/ur7E8VmkB6UaHK4hid+cUCmII7aFiwvM
lBwyvyIzBvWs/kfqfFJ/nOymMaPP8iL0Q6dc9PD3J+72TyPTtx577TWM0k7ofpyz
eapc5pa7ONNIc+9i
-----END CERTIFICATE-----
Generated at Sat May 17 19:37:57 2025 by rpki-client