Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/y8GKs9J5yKjEBA2EMNn3GhnOo34.roa
File: y8GKs9J5yKjEBA2EMNn3GhnOo34.roa (raw, json)
Hash identifier: kukcuHGsH7UfNYyhe+80ubF5Q0xuVTPUURflAAfJXJ4=
Subject key identifier: CB:C1:8A:B3:D2:79:C8:A8:C4:04:0D:84:30:D9:F7:1A:19:CE:A3:7E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 60FA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/y8GKs9J5yKjEBA2EMNn3GhnOo34.roa
Signing time: Fri 16 May 2025 16:40:27 +0000
ROA not before: Fri 16 May 2025 16:40:27 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24826 (0x60fa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 16 16:40:27 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=CBC18AB3D279C8A8C4040D8430D9F71A19CEA37E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:18:bb:b8:4a:c0:f3:00:87:75:57:20:a6:86:
38:4a:28:53:0c:e5:04:28:77:f1:96:a6:eb:98:86:
65:a3:bb:56:3d:94:a4:89:a8:05:1a:06:5c:70:c2:
a3:cb:b7:2f:00:32:3e:05:ef:39:29:46:87:44:d3:
38:9b:57:6f:78:bf:0f:c6:e9:db:e6:2f:59:a0:60:
ac:d2:b7:5e:71:87:4c:e2:a7:17:f3:bd:96:9f:19:
5c:94:17:02:fb:90:04:2a:26:4a:57:18:e2:d0:4c:
36:d4:6d:11:04:db:74:e9:5c:1c:d1:47:31:84:91:
19:f2:2e:87:d7:fe:09:18:7e:6b:6d:77:76:17:79:
36:aa:c1:50:e2:52:4a:dd:0d:2b:e1:8d:21:f9:b9:
40:0e:5a:f2:91:37:7c:54:95:89:c6:10:e7:83:2e:
48:74:0e:a3:68:d4:03:b4:77:48:e1:e8:6c:20:50:
af:07:28:84:54:24:1d:22:b4:8f:6d:8d:e4:9f:b4:
16:a2:41:a1:03:af:bf:90:8b:89:e8:c4:1d:3e:5c:
54:6a:34:5a:c3:e5:2d:bf:49:ec:50:7a:2e:e7:f4:
54:67:ca:f8:e5:7b:0d:db:17:a1:20:57:7c:48:41:
b7:46:c7:54:3e:6b:f4:e1:8b:0a:43:79:2e:57:d2:
bf:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:C1:8A:B3:D2:79:C8:A8:C4:04:0D:84:30:D9:F7:1A:19:CE:A3:7E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/y8GKs9J5yKjEBA2EMNn3GhnOo34.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
a6:c0:c8:7a:e6:48:cf:81:d2:1a:f5:d1:2d:24:e8:00:60:11:
2f:f9:31:58:da:ea:4c:c6:3e:29:96:66:28:60:e6:d7:8d:04:
dc:89:e5:f5:c6:b7:4e:b7:c6:74:a2:92:70:cc:31:42:0c:b0:
1a:55:4f:ab:2b:65:64:1f:6a:20:3c:0f:5a:4b:82:89:85:10:
f0:16:61:ba:27:f1:17:fe:6a:d0:b6:0e:58:a0:91:19:9b:90:
55:e9:11:d7:23:be:c3:65:5b:fd:ce:ff:64:38:af:40:a7:0d:
5c:1e:42:73:fa:24:1a:df:94:64:9f:60:38:6f:04:e9:7d:28:
a3:10:d6:b3:a1:c7:d8:62:42:4f:f6:b3:62:b7:80:c1:93:5b:
32:99:a2:52:0e:4c:16:08:9b:cc:58:9e:9c:49:20:17:6f:65:
9b:df:34:55:cb:18:33:3a:c1:5d:1b:85:8f:12:39:e1:75:1d:
2b:93:7f:25:03:ff:69:a6:5b:4c:0e:f5:87:34:9d:9d:3d:7e:
01:b7:af:79:87:92:0c:ba:fe:c2:7e:37:22:ef:19:0e:cf:8c:
93:67:d1:d9:9c:8b:77:0d:52:b9:22:3e:12:6d:5d:87:83:61:
1a:df:1d:f2:7f:76:af:30:08:ac:45:a3:ee:13:29:0a:e6:69:
12:12:f9:7b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYPowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTYx
NjQwMjdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKENCQzE4QUIzRDI3OUM4
QThDNDA0MEQ4NDMwRDlGNzFBMTlDRUEzN0UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC5GLu4SsDzAId1VyCmhjhKKFMM5QQod/GWpuuYhmWju1Y9lKSJ
qAUaBlxwwqPLty8AMj4F7zkpRodE0zibV294vw/G6dvmL1mgYKzSt15xh0zipxfz
vZafGVyUFwL7kAQqJkpXGOLQTDbUbREE23TpXBzRRzGEkRnyLofX/gkYfmttd3YX
eTaqwVDiUkrdDSvhjSH5uUAOWvKRN3xUlYnGEOeDLkh0DqNo1AO0d0jh6GwgUK8H
KIRUJB0itI9tjeSftBaiQaEDr7+Qi4noxB0+XFRqNFrD5S2/SexQei7n9FRnyvjl
ew3bF6EgV3xIQbdGx1Q+a/ThiwpDeS5X0r/3AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUy8GKs9J5yKjEBA2EMNn3GhnOo34wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3k4R0tzOUo1eUtqRUJB
MkVNTm4zR2huT28zNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCmwMh6
5kjPgdIa9dEtJOgAYBEv+TFY2upMxj4plmYoYObXjQTcieX1xrdOt8Z0opJwzDFC
DLAaVU+rK2VkH2ogPA9aS4KJhRDwFmG6J/EX/mrQtg5YoJEZm5BV6RHXI77DZVv9
zv9kOK9Apw1cHkJz+iQa35Rkn2A4bwTpfSijENazocfYYkJP9rNit4DBk1symaJS
DkwWCJvMWJ6cSSAXb2Wb3zRVyxgzOsFdG4WPEjnhdR0rk38lA/9ppltMDvWHNJ2d
PX4Bt695h5IMuv7Cfjci7xkOz4yTZ9HZnIt3DVK5Ij4SbV2Hg2Ea3x3yf3avMAis
RaPuEykK5mkSEvl7
-----END CERTIFICATE-----
Generated at Sun May 18 12:19:23 2025 by rpki-client