Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/U1OONz5ell5xx7pLveytl0GWPmU.roa
File: U1OONz5ell5xx7pLveytl0GWPmU.roa (raw, json)
Hash identifier: 8IS1gtEEb+ZnQbTo8tgJdkCdxdM6Zk98ySfXIFAcsRk=
Subject key identifier: 53:53:8E:37:3E:5E:96:5E:71:C7:BA:4B:BD:EC:AD:97:41:96:3E:65
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7878
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/U1OONz5ell5xx7pLveytl0GWPmU.roa
Signing time: Fri 18 Jul 2025 14:12:01 +0000
ROA not before: Fri 18 Jul 2025 14:12:01 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30840 (0x7878)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 18 14:12:01 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=53538E373E5E965E71C7BA4BBDECAD9741963E65
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:e5:48:c1:fe:09:0a:e4:29:90:51:45:7f:7b:
54:ac:23:8f:26:9d:58:a2:06:bc:af:86:a2:ce:83:
b6:25:93:d5:8a:eb:c8:f5:d8:89:63:9f:f2:95:98:
b9:56:a6:c6:c6:32:6f:7b:78:3c:ea:49:1d:5e:12:
34:fc:6d:a0:a9:91:61:50:65:e3:4d:72:7a:58:18:
cc:8a:fa:82:82:03:f5:b6:64:fc:c8:1e:b7:50:9b:
1e:33:a2:2a:83:c2:c7:30:37:e0:48:64:fc:44:1c:
b5:4b:3a:d0:13:c6:2f:fa:19:ea:69:45:31:13:3f:
71:fb:5c:94:07:80:81:d0:de:a4:43:3b:46:13:e0:
02:b1:53:5c:27:16:f5:d9:bd:d4:1e:6f:bc:cd:3d:
72:bb:a9:42:65:c1:88:84:73:10:40:08:d6:94:30:
68:7b:df:18:54:6f:5f:27:b4:54:ed:93:c8:f6:bc:
a5:b4:da:16:8c:56:9d:e9:b3:a1:93:c9:df:73:e8:
be:a3:2d:c9:f2:92:9c:b3:60:41:61:f5:40:4b:0b:
91:3f:d1:c6:75:36:d0:cc:3f:07:6d:63:fb:d7:8c:
ca:ee:8a:79:10:4f:1e:d9:68:d9:19:c3:a8:fc:2d:
d6:2c:34:1c:3f:8f:ef:25:89:9e:27:85:ba:b9:91:
4c:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:53:8E:37:3E:5E:96:5E:71:C7:BA:4B:BD:EC:AD:97:41:96:3E:65
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/U1OONz5ell5xx7pLveytl0GWPmU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
9f:a9:4a:35:54:0a:30:c1:a6:54:9b:e3:99:b1:85:10:2a:a1:
a0:2c:78:d1:12:1a:39:ea:5e:03:98:d0:60:42:ca:cd:dd:6d:
32:e6:ca:18:1d:b0:95:9c:73:5d:c3:b9:d0:e1:52:7a:55:f9:
a1:c4:9a:2c:1b:e6:4e:b7:6a:5f:89:10:4e:35:66:81:6b:11:
f0:7e:57:66:67:87:d1:f7:2a:76:b6:81:89:52:44:b6:7b:05:
d8:46:43:fb:31:8a:90:31:e3:44:2b:35:bd:39:7b:9b:28:fb:
cc:f0:bd:7d:0d:16:1c:3a:0f:2a:aa:5a:09:92:43:1e:1f:c8:
f0:fe:6d:a7:c8:32:30:be:29:ac:6d:55:a1:ca:be:8d:f7:71:
6e:5b:dd:10:48:af:f9:d2:7b:81:23:cd:ec:18:ce:65:c3:43:
32:27:73:ad:52:9a:05:a5:cb:90:2c:6c:59:6b:54:d7:52:a3:
dd:b1:06:e5:21:7e:75:2d:b0:a7:9e:89:65:1e:e2:4c:62:62:
c5:62:c9:af:aa:4e:39:f5:64:2f:fc:6c:80:cf:53:dc:66:d2:
2e:a7:bf:19:70:b6:f0:99:bd:f2:b6:da:0d:11:54:30:71:4e:
70:c4:3e:b0:eb:d5:06:61:9a:e0:b9:bf:9d:a1:a9:af:6f:73:
08:9b:26:bc
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeHgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTgx
NDEyMDFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDUzNTM4RTM3M0U1RTk2
NUU3MUM3QkE0QkJERUNBRDk3NDE5NjNFNjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDM5UjB/gkK5CmQUUV/e1SsI48mnViiBryvhqLOg7Ylk9WK68j1
2Iljn/KVmLlWpsbGMm97eDzqSR1eEjT8baCpkWFQZeNNcnpYGMyK+oKCA/W2ZPzI
HrdQmx4zoiqDwscwN+BIZPxEHLVLOtATxi/6GeppRTETP3H7XJQHgIHQ3qRDO0YT
4AKxU1wnFvXZvdQeb7zNPXK7qUJlwYiEcxBACNaUMGh73xhUb18ntFTtk8j2vKW0
2haMVp3ps6GTyd9z6L6jLcnykpyzYEFh9UBLC5E/0cZ1NtDMPwdtY/vXjMruinkQ
Tx7ZaNkZw6j8LdYsNBw/j+8liZ4nhbq5kUwDAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUU1OONz5ell5xx7pLveytl0GWPmUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1UxT09OejVlbGw1eHg3
cEx2ZXl0bDBHV1BtVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCfqUo1
VAowwaZUm+OZsYUQKqGgLHjREho56l4DmNBgQsrN3W0y5soYHbCVnHNdw7nQ4VJ6
VfmhxJosG+ZOt2pfiRBONWaBaxHwfldmZ4fR9yp2toGJUkS2ewXYRkP7MYqQMeNE
KzW9OXubKPvM8L19DRYcOg8qqloJkkMeH8jw/m2nyDIwvimsbVWhyr6N93FuW90Q
SK/50nuBI83sGM5lw0MyJ3OtUpoFpcuQLGxZa1TXUqPdsQblIX51LbCnnollHuJM
YmLFYsmvqk459WQv/GyAz1PcZtIup78ZcLbwmb3yttoNEVQwcU5wxD6w69UGYZrg
ub+doamvb3MImya8
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:54:29 2025 by rpki-client