Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/UNob5zC5NuxankYlXYoZiG6_Ga0.roa
File: UNob5zC5NuxankYlXYoZiG6_Ga0.roa (raw, json)
Hash identifier: V/MIm0jEraUcuYdorWUikyB5Om/1yV9U+Vz8IBmXC9k=
Subject key identifier: 50:DA:1B:E7:30:B9:36:EC:5A:9E:46:25:5D:8A:19:88:6E:BF:19:AD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 73B4
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/UNob5zC5NuxankYlXYoZiG6_Ga0.roa
Signing time: Sat 05 Jul 2025 20:44:51 +0000
ROA not before: Sat 05 Jul 2025 20:44:51 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29620 (0x73b4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 5 20:44:51 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=50DA1BE730B936EC5A9E46255D8A19886EBF19AD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:d5:b9:b0:8f:75:c8:c6:bd:ed:d9:37:9a:fe:
ce:1c:10:7d:5a:49:09:22:3c:57:56:94:39:a2:78:
3f:89:9d:53:44:b0:0a:00:41:99:b6:e3:2d:96:2b:
0c:cd:1a:6b:2f:d5:42:a0:20:b9:05:3e:f3:02:5e:
c8:e6:35:8f:d6:a1:53:d8:78:5f:a4:0a:f8:5e:f6:
f9:6b:56:82:19:86:b3:45:49:d0:be:e0:85:04:98:
6b:74:6f:7b:c8:2e:a0:8d:88:48:1d:51:02:46:a3:
55:0b:d8:7c:c0:0d:fb:98:c8:2c:a8:fc:42:56:ec:
95:eb:d6:5b:25:70:68:51:f3:a3:b1:83:1b:75:e8:
11:c8:68:d7:29:b7:c1:b6:62:89:1d:c9:48:79:e6:
f8:6e:79:65:bb:e0:d0:b0:73:e6:8b:e1:2d:1b:f4:
79:f5:17:5a:e9:a3:82:f2:c1:ce:48:6a:f2:33:4f:
4c:2e:27:67:4e:d6:14:a2:60:17:38:11:1b:43:1d:
8b:0b:21:ea:31:8d:c1:e2:ca:3a:0e:63:d5:ad:6b:
11:8b:66:bb:2f:ca:a0:91:67:2d:36:0d:cf:b1:a2:
f2:c8:13:8f:de:16:88:08:9e:b3:be:5f:32:79:4d:
fc:05:4c:2b:6f:22:0a:9d:70:a2:bf:8f:3e:17:b5:
c9:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
50:DA:1B:E7:30:B9:36:EC:5A:9E:46:25:5D:8A:19:88:6E:BF:19:AD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/UNob5zC5NuxankYlXYoZiG6_Ga0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
8d:b0:16:8f:a4:ab:f9:4c:3b:fe:30:5e:da:c2:23:36:21:06:
1b:73:b0:71:e1:50:14:c3:01:9e:2d:b4:e0:c0:08:b3:be:37:
6b:c1:46:c3:3c:ad:31:af:d1:cf:d4:08:a6:0d:22:87:e8:87:
db:97:7d:12:73:8e:ef:fa:c3:bc:0b:8d:f1:27:b4:b3:e9:15:
a7:42:2a:91:2d:7c:88:c3:8b:6b:ae:f0:94:5d:b6:c8:7c:80:
b1:8b:24:9f:de:f5:49:86:03:62:5f:af:df:92:aa:77:3a:77:
85:3d:06:05:7c:ec:4a:b7:3d:bb:31:f1:9d:2f:22:01:9d:23:
e2:b3:46:82:38:2d:a2:ac:d5:1b:42:4c:f2:8e:e3:b3:98:ac:
01:16:e0:56:34:ed:6d:e8:a3:a1:c4:95:b4:76:84:92:dd:11:
31:80:47:a0:48:79:2f:b4:2c:f9:0e:33:5a:9d:b1:e5:d8:42:
29:a0:70:88:0e:39:49:8f:82:36:10:f4:27:bf:e2:62:2c:ba:
db:07:23:41:04:5b:a8:5a:29:d7:a7:a9:81:08:25:90:06:83:
6c:73:11:70:a0:f1:92:48:22:22:e2:f4:0c:55:a4:6e:0e:79:
d0:2f:72:d5:e5:0f:0b:5c:5d:d5:b0:97:7c:53:66:5a:10:78:
3e:99:0f:c1
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICc7QwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDUy
MDQ0NTFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDUwREExQkU3MzBCOTM2
RUM1QTlFNDYyNTVEOEExOTg4NkVCRjE5QUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC51bmwj3XIxr3t2Tea/s4cEH1aSQkiPFdWlDmieD+JnVNEsAoA
QZm24y2WKwzNGmsv1UKgILkFPvMCXsjmNY/WoVPYeF+kCvhe9vlrVoIZhrNFSdC+
4IUEmGt0b3vILqCNiEgdUQJGo1UL2HzADfuYyCyo/EJW7JXr1lslcGhR86Oxgxt1
6BHIaNcpt8G2YokdyUh55vhueWW74NCwc+aL4S0b9Hn1F1rpo4Lywc5IavIzT0wu
J2dO1hSiYBc4ERtDHYsLIeoxjcHiyjoOY9WtaxGLZrsvyqCRZy02Dc+xovLIE4/e
FogInrO+XzJ5TfwFTCtvIgqdcKK/jz4Xtcm1AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUUNob5zC5NuxankYlXYoZiG6/Ga0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1VOb2I1ekM1TnV4YW5r
WWxYWW9aaUc2X0dhMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCNsBaP
pKv5TDv+MF7awiM2IQYbc7Bx4VAUwwGeLbTgwAizvjdrwUbDPK0xr9HP1AimDSKH
6Ifbl30Sc47v+sO8C43xJ7Sz6RWnQiqRLXyIw4trrvCUXbbIfICxiySf3vVJhgNi
X6/fkqp3OneFPQYFfOxKtz27MfGdLyIBnSPis0aCOC2irNUbQkzyjuOzmKwBFuBW
NO1t6KOhxJW0doSS3RExgEegSHkvtCz5DjNanbHl2EIpoHCIDjlJj4I2EPQnv+Ji
LLrbByNBBFuoWinXp6mBCCWQBoNscxFwoPGSSCIi4vQMVaRuDnnQL3LV5Q8LXF3V
sJd8U2ZaEHg+mQ/B
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:37:12 2025 by rpki-client