Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/u82kyzJkm-20SSF7XKrKUEL9tc0.roa
File: u82kyzJkm-20SSF7XKrKUEL9tc0.roa (raw, json)
Hash identifier: 17s9ejwtR+CcNqdJeZNXs+D+XE1Qj28Uk1fcGIQrBBM=
Subject key identifier: BB:CD:A4:CB:32:64:9B:ED:B4:49:21:7B:5C:AA:CA:50:42:FD:B5:CD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 72DA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/u82kyzJkm-20SSF7XKrKUEL9tc0.roa
Signing time: Thu 03 Jul 2025 14:14:58 +0000
ROA not before: Thu 03 Jul 2025 14:14:58 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29402 (0x72da)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 3 14:14:58 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=BBCDA4CB32649BEDB449217B5CAACA5042FDB5CD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:ff:a7:3a:97:3d:17:72:d6:e0:92:c3:60:aa:
6c:6d:f4:e0:e0:d8:ec:36:81:7f:d3:28:1a:ce:93:
e9:b1:21:72:03:0b:22:5a:b9:20:aa:22:65:0b:b7:
f7:b1:36:70:b2:97:ed:ce:89:7d:f6:2d:0a:d3:68:
9f:3e:3f:2a:f8:aa:6a:82:e9:2a:52:47:13:81:c4:
cd:fb:f9:a4:69:af:47:33:1d:f6:49:37:de:2f:66:
94:8d:af:fe:87:57:74:99:b8:b0:a7:90:bd:32:16:
b1:50:bb:e3:52:5a:ff:95:49:94:61:21:19:2b:b3:
5b:d8:24:7c:7a:0b:9f:ec:10:e2:d4:4e:1d:92:67:
89:8f:ba:db:b5:ae:c2:d8:cc:b1:53:15:85:4a:99:
25:50:c6:e0:cd:21:a2:c2:61:4b:28:34:28:ba:a7:
98:e6:88:ac:a3:94:a7:44:68:58:e5:11:b9:6a:b2:
33:c5:49:ed:35:35:c5:7c:b5:2e:85:82:f7:c1:a9:
45:ec:bf:19:39:62:4d:4e:ea:7c:fa:ba:b6:47:0f:
81:a7:a1:4a:63:36:80:b1:f0:6e:ae:40:84:ff:d6:
9f:a4:fd:4d:77:a0:31:e4:0b:bf:04:19:51:ad:2b:
12:02:59:cf:60:11:df:da:3f:bd:cf:33:47:06:17:
c5:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:CD:A4:CB:32:64:9B:ED:B4:49:21:7B:5C:AA:CA:50:42:FD:B5:CD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/u82kyzJkm-20SSF7XKrKUEL9tc0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
84:7f:da:f3:36:a8:4a:57:a4:28:2b:98:77:dd:ee:b5:72:a4:
64:01:e1:b5:07:d0:bb:38:b0:0b:0d:28:e0:08:ec:98:72:d9:
71:59:0a:14:16:29:b2:d8:45:e1:ed:9c:a7:b8:cf:33:42:65:
7b:09:39:de:3d:2f:c6:49:d5:f5:0b:c1:8e:95:73:62:f0:97:
28:db:b5:29:a9:e0:ce:32:13:e9:20:b7:f0:ae:db:29:e6:bd:
32:8f:cc:39:b9:78:08:80:f0:58:11:e1:1a:7a:de:05:7f:57:
ab:16:dd:bb:e9:e7:82:40:b5:f2:5f:a3:30:52:76:de:38:8e:
26:0c:f2:59:da:40:6a:d5:30:b3:0c:c6:57:16:e6:8d:5f:8c:
4c:3f:9f:08:c8:4c:63:0d:2f:2e:20:a4:56:48:9d:3b:be:7c:
39:df:f4:33:a5:01:b3:d9:8c:18:5e:2e:a5:95:fb:29:27:97:
3e:e1:43:4b:1e:de:c0:ee:21:e7:7a:45:11:c1:e3:6d:c0:01:
5b:04:35:51:7d:29:00:d8:7f:f0:a8:31:45:5d:bc:19:87:ed:
5a:8b:40:e6:23:c5:e6:4c:2a:93:42:60:ef:9f:82:a0:45:17:
e5:85:35:e9:8b:c3:52:ac:d0:e0:ee:95:c6:d8:11:e7:d1:10:
0f:8c:f9:98
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICctowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDMx
NDE0NThaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEJCQ0RBNENCMzI2NDlC
RURCNDQ5MjE3QjVDQUFDQTUwNDJGREI1Q0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDr/6c6lz0XctbgksNgqmxt9ODg2Ow2gX/TKBrOk+mxIXIDCyJa
uSCqImULt/exNnCyl+3OiX32LQrTaJ8+Pyr4qmqC6SpSRxOBxM37+aRpr0czHfZJ
N94vZpSNr/6HV3SZuLCnkL0yFrFQu+NSWv+VSZRhIRkrs1vYJHx6C5/sEOLUTh2S
Z4mPutu1rsLYzLFTFYVKmSVQxuDNIaLCYUsoNCi6p5jmiKyjlKdEaFjlEblqsjPF
Se01NcV8tS6FgvfBqUXsvxk5Yk1O6nz6urZHD4GnoUpjNoCx8G6uQIT/1p+k/U13
oDHkC78EGVGtKxICWc9gEd/aP73PM0cGF8WtAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUu82kyzJkm+20SSF7XKrKUEL9tc0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3U4Mmt5ekprbS0yMFNT
RjdYS3JLVUVMOXRjMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCEf9rz
NqhKV6QoK5h33e61cqRkAeG1B9C7OLALDSjgCOyYctlxWQoUFimy2EXh7ZynuM8z
QmV7CTnePS/GSdX1C8GOlXNi8Jco27UpqeDOMhPpILfwrtsp5r0yj8w5uXgIgPBY
EeEaet4Ff1erFt276eeCQLXyX6MwUnbeOI4mDPJZ2kBq1TCzDMZXFuaNX4xMP58I
yExjDS8uIKRWSJ07vnw53/QzpQGz2YwYXi6llfspJ5c+4UNLHt7A7iHnekURweNt
wAFbBDVRfSkA2H/wqDFFXbwZh+1ai0DmI8XmTCqTQmDvn4KgRRflhTXpi8NSrNDg
7pXG2BHn0RAPjPmY
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:47:34 2025 by rpki-client