Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/GUKDpq_8s9FvpdVwLncgmmMIqZQ.roa
File: GUKDpq_8s9FvpdVwLncgmmMIqZQ.roa (raw, json)
Hash identifier: d6K4ZeURMrJCq9dXX26hJqA5H1QQrK4OZdbKtDo/ggQ=
Subject key identifier: 19:42:83:A6:AF:FC:B3:D1:6F:A5:D5:70:2E:77:20:9A:63:08:A9:94
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6DFA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/GUKDpq_8s9FvpdVwLncgmmMIqZQ.roa
Signing time: Fri 20 Jun 2025 20:14:08 +0000
ROA not before: Fri 20 Jun 2025 20:14:08 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28154 (0x6dfa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 20 20:14:08 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=194283A6AFFCB3D16FA5D5702E77209A6308A994
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:d2:23:5f:5e:e9:4a:4e:4e:a9:6f:01:f0:d8:
f1:54:ea:3b:fa:2e:b6:6a:82:aa:fd:c2:51:fd:2d:
5e:3e:f9:0d:7d:99:85:82:2d:28:01:38:a4:69:15:
96:ec:f0:d0:12:9f:83:b9:3b:c9:f2:79:ba:20:56:
7f:1b:d6:71:22:c0:8b:62:db:7b:22:90:b6:36:6c:
c1:e0:2e:e2:d5:af:7e:71:05:62:66:e0:66:6a:fa:
e8:fc:56:de:7b:1e:e4:dd:84:d7:4d:4f:14:ec:83:
7e:cb:02:a3:74:9a:2c:84:fb:bf:f1:23:ba:0b:8d:
bd:fe:fe:92:26:a3:5c:6a:c2:1d:82:9b:bd:55:fb:
b0:ff:ad:95:6c:1c:80:29:dc:fb:c0:12:98:5e:7b:
95:54:d9:99:f1:e9:c5:c2:05:54:e3:c9:52:b9:ab:
96:4a:7e:51:08:ee:f4:63:88:a3:dd:8a:31:08:2d:
15:c8:25:76:9b:7d:d2:ae:ab:d2:99:82:39:30:37:
06:88:b9:31:0c:80:ff:d1:fa:a1:43:a0:38:e0:0d:
8f:ba:49:f3:f8:c6:8d:2e:4c:d3:5a:5b:27:49:fb:
92:27:13:bf:de:d3:80:6f:4a:65:09:a4:24:10:c2:
dd:e7:36:9b:91:a4:2b:d7:9c:52:8f:f3:3c:86:f2:
ef:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:42:83:A6:AF:FC:B3:D1:6F:A5:D5:70:2E:77:20:9A:63:08:A9:94
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/GUKDpq_8s9FvpdVwLncgmmMIqZQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
71:48:f4:d0:51:7e:d7:4e:81:80:dd:3d:7b:fc:df:b7:92:ed:
55:ea:a1:58:69:3e:10:6b:26:d8:68:6a:26:e4:a3:fb:1a:5d:
8e:07:b3:0a:1a:85:f1:f9:37:c7:04:7f:1b:98:3f:05:59:f5:
9e:12:6c:ac:8f:f3:2f:d7:0e:51:7a:3f:d1:ed:53:9d:72:2c:
02:e8:5c:6c:7d:97:02:15:e6:d6:8b:7d:f7:12:53:d3:22:51:
75:a3:aa:7f:08:55:82:a0:c9:95:34:88:05:9f:26:4a:82:28:
a6:df:ee:cc:ab:26:30:42:87:c7:5d:d3:ff:eb:2a:a6:e0:de:
f4:ff:2d:f8:ba:17:fa:03:cd:54:f7:0c:90:c5:95:e8:7b:97:
be:8d:d2:bc:19:86:1d:c9:2f:47:10:cd:47:2b:b8:04:33:ca:
55:23:1d:c7:41:47:51:4e:f2:2d:d0:fa:02:c6:e9:4c:fb:d5:
ec:54:f1:34:98:65:6a:b0:89:78:0c:43:b1:fa:09:cd:8f:3c:
32:25:29:fc:9d:67:00:c5:58:62:08:28:39:2c:02:57:41:f4:
d5:54:98:fc:c4:d2:da:22:6d:2c:8c:88:da:57:ca:d8:c6:2b:
a7:38:04:12:56:d4:81:cb:ab:3c:f3:ce:79:bd:a4:7e:5f:a8:
8a:5e:5f:96
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbfowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjAy
MDE0MDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDE5NDI4M0E2QUZGQ0Iz
RDE2RkE1RDU3MDJFNzcyMDlBNjMwOEE5OTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDG0iNfXulKTk6pbwHw2PFU6jv6LrZqgqr9wlH9LV4++Q19mYWC
LSgBOKRpFZbs8NASn4O5O8nyebogVn8b1nEiwIti23sikLY2bMHgLuLVr35xBWJm
4GZq+uj8Vt57HuTdhNdNTxTsg37LAqN0miyE+7/xI7oLjb3+/pImo1xqwh2Cm71V
+7D/rZVsHIAp3PvAEphee5VU2Znx6cXCBVTjyVK5q5ZKflEI7vRjiKPdijEILRXI
JXabfdKuq9KZgjkwNwaIuTEMgP/R+qFDoDjgDY+6SfP4xo0uTNNaWydJ+5InE7/e
04BvSmUJpCQQwt3nNpuRpCvXnFKP8zyG8u9TAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUGUKDpq/8s9FvpdVwLncgmmMIqZQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0dVS0RwcV84czlGdnBk
VndMbmNnbW1NSXFaUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBxSPTQ
UX7XToGA3T17/N+3ku1V6qFYaT4QaybYaGom5KP7Gl2OB7MKGoXx+TfHBH8bmD8F
WfWeEmysj/Mv1w5Rej/R7VOdciwC6FxsfZcCFebWi333ElPTIlF1o6p/CFWCoMmV
NIgFnyZKgiim3+7MqyYwQofHXdP/6yqm4N70/y34uhf6A81U9wyQxZXoe5e+jdK8
GYYdyS9HEM1HK7gEM8pVIx3HQUdRTvIt0PoCxulM+9XsVPE0mGVqsIl4DEOx+gnN
jzwyJSn8nWcAxVhiCCg5LAJXQfTVVJj8xNLaIm0sjIjaV8rYxiunOAQSVtSBy6s8
8855vaR+X6iKXl+W
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:56:54 2025 by rpki-client