Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Ugm9EzhcU_MLzgWUcndOneIDDs0.roa
File: Ugm9EzhcU_MLzgWUcndOneIDDs0.roa (raw, json)
Hash identifier: dSLoluKNeORGRZ1yYgoyaeOXrfZocF+UTmH/ewpCa+I=
Subject key identifier: 52:09:BD:13:38:5C:53:F3:0B:CE:05:94:72:77:4E:9D:E2:03:0E:CD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 71C0
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Ugm9EzhcU_MLzgWUcndOneIDDs0.roa
Signing time: Mon 30 Jun 2025 15:44:43 +0000
ROA not before: Mon 30 Jun 2025 15:44:43 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29120 (0x71c0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 30 15:44:43 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=5209BD13385C53F30BCE059472774E9DE2030ECD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:87:2e:8f:b3:e3:5d:13:0b:9b:59:14:65:8f:
64:73:8d:a3:73:6a:ff:23:fb:03:ca:2e:51:91:a1:
8e:27:9a:f9:ad:d6:c8:6d:37:cf:07:a9:bb:6c:60:
be:c7:4b:08:b7:18:de:d5:8c:e3:7b:6a:88:51:d9:
47:ff:29:a3:47:2e:86:12:ef:06:4e:5b:45:98:a9:
c1:8f:11:9b:a8:24:f4:d4:e4:de:44:a1:34:c6:c2:
16:9b:eb:ca:1b:4b:8f:7e:87:0f:ef:7f:49:5f:52:
c9:04:ab:68:54:e8:45:99:7e:7a:a5:3a:a7:92:46:
99:57:93:5c:10:03:7a:b1:65:ee:04:a3:3c:88:04:
fe:35:cf:a5:39:d6:07:94:29:05:0f:d0:16:0f:cd:
b4:1b:5c:ec:09:aa:05:48:90:0e:78:13:eb:5c:dd:
0c:ea:d7:53:86:52:6c:85:69:5f:2c:9a:e4:56:37:
a5:d2:61:bc:d7:ad:8d:a6:8b:25:d7:a7:c8:1d:52:
35:bf:fe:99:08:8b:85:c8:d2:54:76:5b:25:6a:a8:
a9:8a:10:50:36:47:4b:80:a6:b6:8b:4f:77:7d:8c:
da:c2:a6:4d:64:55:b3:52:d5:8b:10:44:1a:8e:de:
1a:5b:75:6d:fa:4a:2d:44:be:bc:32:e7:90:1c:1a:
31:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
52:09:BD:13:38:5C:53:F3:0B:CE:05:94:72:77:4E:9D:E2:03:0E:CD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Ugm9EzhcU_MLzgWUcndOneIDDs0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
94:0b:3f:c3:43:9c:3e:85:8d:7d:40:1b:76:65:9c:8d:35:e9:
c6:07:61:7d:ca:c8:11:da:b6:ca:9a:1d:2f:e7:23:5f:8a:b3:
e3:78:4a:e7:95:18:6b:83:11:2c:54:84:27:30:42:44:42:07:
75:d3:6c:4e:01:00:c4:89:1e:d7:45:55:87:c7:b2:47:fc:0a:
89:bf:94:ed:e2:60:bb:8f:d0:54:9c:57:d1:f0:16:a6:06:eb:
05:c4:b4:41:b1:39:64:bc:19:df:16:e1:8f:29:2a:79:ff:00:
73:32:90:5b:28:5f:c2:c9:87:00:12:ba:97:0b:f8:ad:24:f3:
19:b1:59:7c:43:4b:e1:8a:28:78:02:b4:7b:1e:b9:e3:27:57:
e7:62:69:a3:73:f9:b9:73:76:a5:70:dd:ea:bc:6f:ac:5c:47:
61:33:5d:2a:3d:c6:63:07:a6:f3:24:a7:29:0d:f0:b5:cb:19:
95:4c:b0:1c:62:38:94:0d:c1:2a:19:54:ed:fb:7f:be:35:06:
8d:03:85:7f:8e:c0:71:b7:01:9f:29:58:92:3f:79:95:c2:be:
e3:aa:8b:03:d5:48:aa:1e:7c:a8:47:4f:e4:ff:f5:78:d1:cb:
52:b9:d6:f5:6f:a8:17:19:90:c4:a4:9d:d5:61:f0:fd:ef:83:
22:4b:aa:3a
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICccAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MzAx
NTQ0NDNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDUyMDlCRDEzMzg1QzUz
RjMwQkNFMDU5NDcyNzc0RTlERTIwMzBFQ0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6hy6Ps+NdEwubWRRlj2RzjaNzav8j+wPKLlGRoY4nmvmt1sht
N88HqbtsYL7HSwi3GN7VjON7aohR2Uf/KaNHLoYS7wZOW0WYqcGPEZuoJPTU5N5E
oTTGwhab68obS49+hw/vf0lfUskEq2hU6EWZfnqlOqeSRplXk1wQA3qxZe4EozyI
BP41z6U51geUKQUP0BYPzbQbXOwJqgVIkA54E+tc3Qzq11OGUmyFaV8smuRWN6XS
YbzXrY2miyXXp8gdUjW//pkIi4XI0lR2WyVqqKmKEFA2R0uApraLT3d9jNrCpk1k
VbNS1YsQRBqO3hpbdW36Si1Evrwy55AcGjEJAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUUgm9EzhcU/MLzgWUcndOneIDDs0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1VnbTlFemhjVV9NTHpn
V1VjbmRPbmVJRERzMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCUCz/D
Q5w+hY19QBt2ZZyNNenGB2F9ysgR2rbKmh0v5yNfirPjeErnlRhrgxEsVIQnMEJE
Qgd102xOAQDEiR7XRVWHx7JH/AqJv5Tt4mC7j9BUnFfR8BamBusFxLRBsTlkvBnf
FuGPKSp5/wBzMpBbKF/CyYcAErqXC/itJPMZsVl8Q0vhiih4ArR7HrnjJ1fnYmmj
c/m5c3alcN3qvG+sXEdhM10qPcZjB6bzJKcpDfC1yxmVTLAcYjiUDcEqGVTt+3++
NQaNA4V/jsBxtwGfKViSP3mVwr7jqosD1UiqHnyoR0/k//V40ctSudb1b6gXGZDE
pJ3VYfD974MiS6o6
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:42:01 2025 by rpki-client