Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/a_Ug0_hHd_8ijbiWDy0maVj6x0Y.roa
File: a_Ug0_hHd_8ijbiWDy0maVj6x0Y.roa (raw, json)
Hash identifier: qlYb/GslS5H2YnST8qXjfhMcv8rOkOkwy+kgQb5Pna4=
Subject key identifier: 6B:F5:20:D3:F8:47:77:FF:22:8D:B8:96:0F:2D:26:69:58:FA:C7:46
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6818
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/a_Ug0_hHd_8ijbiWDy0maVj6x0Y.roa
Signing time: Wed 04 Jun 2025 16:11:41 +0000
ROA not before: Wed 04 Jun 2025 16:11:41 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26648 (0x6818)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 4 16:11:41 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=6BF520D3F84777FF228DB8960F2D266958FAC746
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:30:41:04:d4:51:e7:5a:97:4a:87:7f:48:94:
e8:7f:fa:bd:8c:67:b5:6d:dd:6b:a5:1c:50:36:5a:
df:d9:58:58:29:45:7e:0a:94:48:fc:bc:4c:75:55:
99:8b:7e:62:30:3d:0f:98:3b:49:cb:b0:35:e2:9f:
ca:fb:98:44:4e:46:7a:bd:ff:89:ff:31:6e:7b:e7:
72:3c:df:70:2c:78:de:d0:9e:b4:9c:37:a2:e2:bf:
f1:c1:30:2f:5e:7e:13:b0:66:95:74:95:ec:96:2e:
d0:24:2c:6f:a0:70:1c:a2:cc:a1:92:65:b9:87:38:
70:52:b2:2f:c6:b1:87:7d:ec:3d:48:40:bb:43:7e:
42:84:5a:c1:d0:dd:c8:75:af:be:ce:44:29:8f:c5:
be:c3:02:b9:b7:fe:4a:92:d7:1e:a8:df:87:66:1d:
98:36:ba:cb:c1:43:ed:ac:ae:88:a6:00:e3:3c:f6:
29:52:5e:4e:75:21:3d:78:2f:e1:20:39:79:ce:21:
03:d8:5e:37:00:85:33:e6:06:f9:3e:76:12:39:78:
9c:3d:5c:16:8e:a4:03:42:31:f1:09:7f:59:4f:42:
5b:dc:c9:6e:d1:65:1f:83:97:79:83:80:e0:a2:db:
9b:19:01:b5:43:d8:6a:6e:e6:b1:86:ae:49:35:95:
85:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:F5:20:D3:F8:47:77:FF:22:8D:B8:96:0F:2D:26:69:58:FA:C7:46
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/a_Ug0_hHd_8ijbiWDy0maVj6x0Y.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
ad:03:52:79:78:fb:a5:37:58:50:dd:82:a5:60:a7:17:73:0b:
95:58:a6:84:fc:e4:80:53:7a:f0:53:f8:ac:40:39:c1:01:d2:
89:68:3e:c6:2f:ad:95:e3:55:62:a4:50:e3:82:16:e6:68:df:
35:20:0a:24:44:50:76:67:86:1c:ca:fd:ab:8e:73:fb:02:3f:
26:70:95:13:c9:ca:eb:21:82:b8:5e:e3:a8:c1:f3:6e:eb:30:
27:2f:ef:79:f7:dd:57:85:71:05:c4:c7:ce:15:f3:e6:a5:a2:
3d:3b:44:38:0e:0c:38:da:67:3d:d2:48:bf:0b:54:c4:8d:2b:
ae:82:89:8c:f9:53:62:f1:14:49:cc:12:48:70:05:3e:8a:11:
f6:04:a4:88:f0:f3:bb:d5:5a:48:d3:4a:69:78:63:f2:64:bd:
6b:cc:a8:5c:8e:6f:7a:cd:cb:a7:45:b9:d0:67:97:5a:af:8b:
38:a9:21:4e:54:32:01:f7:92:48:66:98:24:b5:7e:6b:e5:79:
1b:46:39:c2:0f:62:bb:1c:32:7f:e3:af:a0:35:bc:06:ad:47:
83:be:d3:3f:d1:22:3d:1b:54:d1:10:9a:0a:ff:ef:0e:e7:aa:
e3:7a:95:8c:9a:5f:c0:bb:de:8c:58:c4:65:0a:f8:6e:01:1d:
c7:92:f9:d4
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICaBgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDQx
NjExNDFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDZCRjUyMEQzRjg0Nzc3
RkYyMjhEQjg5NjBGMkQyNjY5NThGQUM3NDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCpMEEE1FHnWpdKh39IlOh/+r2MZ7Vt3WulHFA2Wt/ZWFgpRX4K
lEj8vEx1VZmLfmIwPQ+YO0nLsDXin8r7mERORnq9/4n/MW5753I833AseN7QnrSc
N6Liv/HBMC9efhOwZpV0leyWLtAkLG+gcByizKGSZbmHOHBSsi/GsYd97D1IQLtD
fkKEWsHQ3ch1r77ORCmPxb7DArm3/kqS1x6o34dmHZg2usvBQ+2sroimAOM89ilS
Xk51IT14L+EgOXnOIQPYXjcAhTPmBvk+dhI5eJw9XBaOpANCMfEJf1lPQlvcyW7R
ZR+Dl3mDgOCi25sZAbVD2Gpu5rGGrkk1lYVxAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUa/Ug0/hHd/8ijbiWDy0maVj6x0YwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2FfVWcwX2hIZF84aWpi
aVdEeTBtYVZqNngwWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCtA1J5
ePulN1hQ3YKlYKcXcwuVWKaE/OSAU3rwU/isQDnBAdKJaD7GL62V41VipFDjghbm
aN81IAokRFB2Z4Ycyv2rjnP7Aj8mcJUTycrrIYK4XuOowfNu6zAnL+95991XhXEF
xMfOFfPmpaI9O0Q4Dgw42mc90ki/C1TEjSuugomM+VNi8RRJzBJIcAU+ihH2BKSI
8PO71VpI00ppeGPyZL1rzKhcjm96zcunRbnQZ5dar4s4qSFOVDIB95JIZpgktX5r
5XkbRjnCD2K7HDJ/46+gNbwGrUeDvtM/0SI9G1TREJoK/+8O56rjepWMml/Au96M
WMRlCvhuAR3HkvnU
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:35:53 2025 by rpki-client