Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/_UksbjCMOXUjborhx7kxI7EDj5g.roa
File: _UksbjCMOXUjborhx7kxI7EDj5g.roa (raw, json)
Hash identifier: XKrlgSfPk+aIrdUjW/kY2zX7H5lkNO1TsYeyGk3bqGw=
Subject key identifier: FD:49:2C:6E:30:8C:39:75:23:6E:8A:E1:C7:B9:31:23:B1:03:8F:98
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 74EA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_UksbjCMOXUjborhx7kxI7EDj5g.roa
Signing time: Wed 09 Jul 2025 02:17:52 +0000
ROA not before: Wed 09 Jul 2025 02:17:52 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29930 (0x74ea)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 9 02:17:52 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=FD492C6E308C3975236E8AE1C7B93123B1038F98
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:ba:a7:22:c1:24:ba:d3:75:9e:a5:20:41:17:
af:08:18:d1:fa:c0:20:ea:7e:84:d9:15:ad:a5:b3:
8b:a0:3a:29:fc:68:b9:12:5e:2f:b9:65:6c:3d:cd:
dc:34:1b:ec:c0:c1:d9:f1:75:04:4a:bf:ab:1a:d7:
fd:48:1e:19:82:81:df:bd:96:e3:e7:99:1e:92:99:
c7:58:44:74:ba:01:3e:a0:af:8b:75:ee:60:34:c4:
13:86:84:c1:c0:1c:79:b6:3b:44:2b:f3:85:b9:6a:
ad:f7:57:73:5e:54:f0:dc:55:9d:73:6a:12:4a:7c:
44:9c:fe:9b:ff:a8:5d:ff:36:17:f3:32:8c:4c:c1:
05:bb:b5:8c:00:f3:79:03:3b:96:8f:ac:89:d6:14:
c5:e5:9c:0d:0a:59:8d:0e:a4:5d:c0:96:dc:d4:70:
d1:66:69:3a:68:55:e8:61:59:0b:97:82:f7:0b:f1:
a7:4c:63:fe:fb:25:38:62:d3:b9:52:94:2e:54:cc:
b2:6c:a2:57:28:55:31:88:5b:d4:fb:1c:1d:d0:89:
38:ae:b6:2e:4d:8d:47:37:42:55:ad:93:05:70:ea:
3b:fd:4f:9d:01:1d:c1:0b:f1:f1:ce:cb:b3:9b:eb:
c8:a8:d3:fc:a2:cd:b3:05:7c:4a:11:d2:21:08:9e:
23:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:49:2C:6E:30:8C:39:75:23:6E:8A:E1:C7:B9:31:23:B1:03:8F:98
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_UksbjCMOXUjborhx7kxI7EDj5g.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
98:23:f5:d6:ca:40:76:9d:c9:1f:be:37:5c:fe:13:35:10:ff:
3f:47:98:7e:55:0b:e8:0d:f3:c5:fa:ba:94:d3:f4:e0:26:63:
8f:a2:56:b0:e9:3f:c8:5e:91:9c:52:c6:a5:84:16:a8:93:4b:
ee:c2:59:91:19:1b:9b:71:f3:69:14:af:59:f0:9b:ff:6d:67:
e3:12:ee:41:49:0b:8c:46:03:88:9c:62:cd:66:ab:c0:b5:22:
d7:2b:04:87:d3:d5:b6:45:1f:5d:a3:9d:e6:1a:31:d0:eb:c8:
2a:6e:44:11:0c:bd:2d:88:e0:b9:4f:5a:45:f1:61:1f:07:b0:
c8:5e:e9:63:a9:ee:32:7f:63:05:2f:84:94:1f:c0:97:a6:f2:
0e:25:2a:3a:16:7a:d7:06:c6:6e:63:eb:ec:cb:0a:a4:ee:c2:
92:58:2d:5d:c2:fb:94:48:91:4b:0e:21:07:46:d9:3d:e8:d1:
3d:a3:94:b1:7a:6b:23:91:4c:8f:f6:15:d9:3e:53:e8:a9:56:
85:8d:c9:8c:30:e7:3d:cf:f4:ff:55:5c:e5:d6:60:a7:8b:f5:
0f:f5:31:09:b5:19:1d:bb:19:a6:24:f1:6b:8f:ca:9c:84:6f:
48:8f:f5:6c:a8:2f:16:35:25:6c:c4:c9:b9:9f:73:11:dd:67:
f0:70:bc:48
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdOowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDkw
MjE3NTJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEZENDkyQzZFMzA4QzM5
NzUyMzZFOEFFMUM3QjkzMTIzQjEwMzhGOTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCtuqciwSS603WepSBBF68IGNH6wCDqfoTZFa2ls4ugOin8aLkS
Xi+5ZWw9zdw0G+zAwdnxdQRKv6sa1/1IHhmCgd+9luPnmR6SmcdYRHS6AT6gr4t1
7mA0xBOGhMHAHHm2O0Qr84W5aq33V3NeVPDcVZ1zahJKfESc/pv/qF3/NhfzMoxM
wQW7tYwA83kDO5aPrInWFMXlnA0KWY0OpF3AltzUcNFmaTpoVehhWQuXgvcL8adM
Y/77JThi07lSlC5UzLJsolcoVTGIW9T7HB3QiTiuti5NjUc3QlWtkwVw6jv9T50B
HcEL8fHOy7Ob68io0/yizbMFfEoR0iEIniPZAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU/UksbjCMOXUjborhx7kxI7EDj5gwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L19Va3NiakNNT1hVamJv
cmh4N2t4STdFRGo1Zy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCYI/XW
ykB2nckfvjdc/hM1EP8/R5h+VQvoDfPF+rqU0/TgJmOPolaw6T/IXpGcUsalhBao
k0vuwlmRGRubcfNpFK9Z8Jv/bWfjEu5BSQuMRgOInGLNZqvAtSLXKwSH09W2RR9d
o53mGjHQ68gqbkQRDL0tiOC5T1pF8WEfB7DIXuljqe4yf2MFL4SUH8CXpvIOJSo6
FnrXBsZuY+vsywqk7sKSWC1dwvuUSJFLDiEHRtk96NE9o5SxemsjkUyP9hXZPlPo
qVaFjcmMMOc9z/T/VVzl1mCni/UP9TEJtRkduxmmJPFrj8qchG9Ij/VsqC8WNSVs
xMm5n3MR3WfwcLxI
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:49:50 2025 by rpki-client