Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/_ykyBkt0DK5AMOfrfASkBtPDYR4.roa
File: _ykyBkt0DK5AMOfrfASkBtPDYR4.roa (raw, json)
Hash identifier: tR/vI43Qc7HwA9VccRub1Zp9AtySyi8nURCqWEWsQd4=
Subject key identifier: FF:29:32:06:4B:74:0C:AE:40:30:E7:EB:7C:04:A4:06:D3:C3:61:1E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5FBA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_ykyBkt0DK5AMOfrfASkBtPDYR4.roa
Signing time: Tue 13 May 2025 08:40:18 +0000
ROA not before: Tue 13 May 2025 08:40:18 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24506 (0x5fba)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 13 08:40:18 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=FF2932064B740CAE4030E7EB7C04A406D3C3611E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:9e:67:b0:08:20:ed:34:e8:a2:da:b4:ad:1d:
78:3c:04:cb:39:5f:79:51:9a:aa:7b:53:33:36:a1:
a1:01:87:51:d9:12:44:ca:4e:2a:2a:1f:21:87:b2:
2b:6c:5d:8c:aa:16:41:1c:64:b8:02:4c:a1:0c:57:
53:df:9a:88:b1:0f:9f:16:7b:c4:33:6f:91:ef:84:
e6:71:f8:bb:ec:8e:e8:1a:1d:04:8b:de:65:03:40:
c8:3e:74:8e:02:75:1e:7a:52:08:7d:86:36:2e:8f:
4f:f9:ef:e9:78:9a:69:63:a2:f8:0f:ec:5b:8c:c2:
65:43:cf:5b:3a:87:fb:3a:60:26:ab:79:96:96:bd:
d8:a2:55:9b:6a:12:4f:4f:e5:3e:6d:43:d2:81:de:
22:c5:0f:76:a8:6c:2f:a8:f4:f0:95:21:61:f6:b6:
ac:9d:fc:e3:34:57:13:d7:25:64:e9:79:fc:85:d9:
b5:26:2a:4c:ef:64:ee:e3:87:e9:fa:1e:4c:c1:90:
57:c0:c6:8f:40:36:eb:98:f2:43:0d:73:85:67:db:
d7:fa:4e:88:f7:c6:34:e1:30:1a:74:3d:51:46:96:
69:31:b6:79:bb:63:4f:7b:6e:75:82:03:75:6d:b6:
1b:d0:e5:14:d0:56:42:3d:86:c5:d1:1d:69:e3:be:
2a:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:29:32:06:4B:74:0C:AE:40:30:E7:EB:7C:04:A4:06:D3:C3:61:1E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_ykyBkt0DK5AMOfrfASkBtPDYR4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
b9:14:4c:08:8e:cc:25:36:f1:15:c7:f8:07:86:42:b5:9e:19:
68:eb:41:e8:b2:4b:de:b1:dd:e6:45:46:77:18:4e:8f:51:77:
cd:4b:fa:60:f3:58:99:19:b0:fe:04:57:5a:c3:ae:9d:d3:9f:
26:e4:e6:21:d1:be:23:fe:e3:7a:c8:f8:ef:be:95:69:9f:4f:
04:49:7f:65:d3:c4:56:60:7f:5c:09:2b:a7:84:4d:1b:ec:b8:
fe:34:35:91:5d:b8:09:3a:0d:0b:5e:90:e3:e2:94:0d:6f:37:
87:d1:3b:d4:68:bf:66:a1:03:ad:00:c9:65:a4:cf:16:1f:dd:
51:b4:60:d8:ab:cb:fa:87:88:cb:bf:c7:dc:d3:55:4a:5a:d8:
94:9b:72:37:12:44:62:af:23:24:e9:2a:ad:bc:cd:9f:eb:29:
30:c2:64:80:45:1d:a0:91:8b:99:9f:5c:d7:d6:b3:62:b2:e2:
6d:a3:e1:4c:84:b9:0d:95:a4:88:37:f5:21:78:70:c2:27:d4:
49:17:e9:bb:65:9c:b8:85:62:83:e7:37:ac:52:61:a7:0e:80:
94:43:82:af:d6:1c:62:32:f6:df:f4:80:f3:28:6a:54:d2:8e:
b0:8f:aa:ad:ce:8b:ff:fd:74:bd:51:ea:14:ce:71:d5:97:19:
b6:b9:46:c8
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICX7owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTMw
ODQwMThaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEZGMjkzMjA2NEI3NDBD
QUU0MDMwRTdFQjdDMDRBNDA2RDNDMzYxMUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCanmewCCDtNOii2rStHXg8BMs5X3lRmqp7UzM2oaEBh1HZEkTK
TioqHyGHsitsXYyqFkEcZLgCTKEMV1PfmoixD58We8Qzb5HvhOZx+LvsjugaHQSL
3mUDQMg+dI4CdR56Ugh9hjYuj0/57+l4mmljovgP7FuMwmVDz1s6h/s6YCareZaW
vdiiVZtqEk9P5T5tQ9KB3iLFD3aobC+o9PCVIWH2tqyd/OM0VxPXJWTpefyF2bUm
KkzvZO7jh+n6HkzBkFfAxo9ANuuY8kMNc4Vn29f6Toj3xjThMBp0PVFGlmkxtnm7
Y097bnWCA3VtthvQ5RTQVkI9hsXRHWnjviplAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU/ykyBkt0DK5AMOfrfASkBtPDYR4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L195a3lCa3QwREs1QU1P
ZnJmQVNrQnRQRFlSNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQC5FEwI
jswlNvEVx/gHhkK1nhlo60Hoskvesd3mRUZ3GE6PUXfNS/pg81iZGbD+BFdaw66d
058m5OYh0b4j/uN6yPjvvpVpn08ESX9l08RWYH9cCSunhE0b7Lj+NDWRXbgJOg0L
XpDj4pQNbzeH0TvUaL9moQOtAMllpM8WH91RtGDYq8v6h4jLv8fc01VKWtiUm3I3
EkRiryMk6SqtvM2f6ykwwmSARR2gkYuZn1zX1rNisuJto+FMhLkNlaSIN/UheHDC
J9RJF+m7ZZy4hWKD5zesUmGnDoCUQ4Kv1hxiMvbf9IDzKGpU0o6wj6qtzov//XS9
UeoUznHVlxm2uUbI
-----END CERTIFICATE-----
Generated at Sat May 17 22:41:17 2025 by rpki-client