Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/uGXDw75kVm0P6Ilh54rBEAQDvfU.roa
File: uGXDw75kVm0P6Ilh54rBEAQDvfU.roa (raw, json)
Hash identifier: 6z+s7oWXLBXnWF/yKLJRS42roszGAMcg2ENZfeJvbB8=
Subject key identifier: B8:65:C3:C3:BE:64:56:6D:0F:E8:89:61:E7:8A:C1:10:04:03:BD:F5
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7230
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/uGXDw75kVm0P6Ilh54rBEAQDvfU.roa
Signing time: Tue 01 Jul 2025 19:44:59 +0000
ROA not before: Tue 01 Jul 2025 19:44:59 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29232 (0x7230)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 1 19:44:59 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B865C3C3BE64566D0FE88961E78AC1100403BDF5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:f3:46:9d:4d:ec:65:ff:78:ef:b9:bf:4e:4a:
a1:e4:19:f6:6e:6f:50:f6:a6:7d:91:ba:7b:85:40:
cc:e5:51:62:f3:0e:9f:b2:81:74:f8:f0:d4:e4:f8:
3f:b9:a8:75:a6:89:07:55:5f:b7:b2:08:e1:65:52:
fd:a5:ba:57:cf:4c:80:ac:ad:01:22:10:85:1c:5c:
8e:9f:a9:20:e4:51:5c:ce:74:af:cc:11:9c:df:b7:
c4:37:cd:e5:88:3a:c7:07:8d:28:e2:ee:cf:32:c9:
fa:f9:6e:32:76:9f:a6:b8:35:18:b5:86:bd:80:d5:
67:97:5b:55:dc:a3:c7:35:ba:f5:d5:21:2f:72:ec:
76:49:6c:05:6c:1e:b4:9d:a0:2b:22:c4:09:af:13:
40:f1:b9:1d:45:7f:db:f3:01:38:42:9b:e0:12:86:
ad:5c:5c:92:dd:cf:02:a3:1b:08:ad:e6:a7:a6:d2:
49:c5:01:4c:56:25:a7:c5:45:2b:f4:80:ea:45:00:
76:07:b5:65:c3:ae:04:03:6a:4e:24:b9:b6:5f:1f:
0f:bd:b4:70:6e:21:7d:0e:6d:d7:dc:dc:d1:ab:42:
65:11:ab:2d:61:fc:26:2c:4e:5c:a2:26:2d:c7:cf:
92:c1:b2:cd:04:58:29:73:5c:ec:91:9e:b6:c6:e2:
b7:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B8:65:C3:C3:BE:64:56:6D:0F:E8:89:61:E7:8A:C1:10:04:03:BD:F5
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/uGXDw75kVm0P6Ilh54rBEAQDvfU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
b3:d6:69:53:17:78:c3:6a:f2:14:a0:61:ac:14:6c:b7:59:5e:
d9:3e:30:1b:91:44:72:1c:f8:5c:31:8e:f9:ed:55:a2:e4:06:
10:14:c5:8a:95:93:7b:d3:76:d7:42:b1:30:80:4a:c2:03:7c:
66:f1:da:6b:29:78:a3:c9:5e:9d:b1:44:8b:7a:66:dd:9b:f9:
52:b8:bd:c6:de:93:98:a9:c8:01:81:9f:f0:43:f0:da:23:89:
99:8a:d6:8b:88:2b:0a:8b:1e:95:10:3b:e8:68:2e:6d:b4:50:
15:0e:fb:1e:6e:b6:2e:79:48:b1:1c:6a:1e:32:1b:d9:4e:a5:
96:1d:46:99:be:d7:a2:48:96:dc:1f:74:75:25:e1:28:21:bb:
2b:3e:fe:43:d7:0a:57:fb:40:00:9b:dd:74:4c:8e:5a:20:a6:
21:65:9f:4d:0f:c0:9f:9a:42:63:00:2d:0c:fc:23:71:3a:67:
48:82:ae:e8:42:cf:8d:26:9c:2f:87:e5:3a:37:c3:45:72:2e:
a0:da:09:15:be:c3:e9:93:5b:03:08:ac:d3:ed:02:f7:89:4b:
4f:30:3c:99:2a:8c:fb:04:42:5f:c7:5d:62:c8:cc:17:5a:2f:
1a:8e:01:7c:92:dd:8c:d7:3d:58:c1:e9:94:86:53:81:69:1f:
85:dd:e4:79
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcjAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDEx
OTQ0NTlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEI4NjVDM0MzQkU2NDU2
NkQwRkU4ODk2MUU3OEFDMTEwMDQwM0JERjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDO80adTexl/3jvub9OSqHkGfZub1D2pn2RunuFQMzlUWLzDp+y
gXT48NTk+D+5qHWmiQdVX7eyCOFlUv2lulfPTICsrQEiEIUcXI6fqSDkUVzOdK/M
EZzft8Q3zeWIOscHjSji7s8yyfr5bjJ2n6a4NRi1hr2A1WeXW1Xco8c1uvXVIS9y
7HZJbAVsHrSdoCsixAmvE0DxuR1Ff9vzAThCm+AShq1cXJLdzwKjGwit5qem0knF
AUxWJafFRSv0gOpFAHYHtWXDrgQDak4kubZfHw+9tHBuIX0Obdfc3NGrQmURqy1h
/CYsTlyiJi3Hz5LBss0EWClzXOyRnrbG4reFAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUuGXDw75kVm0P6Ilh54rBEAQDvfUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3VHWER3NzVrVm0wUDZJ
bGg1NHJCRUFRRHZmVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCz1mlT
F3jDavIUoGGsFGy3WV7ZPjAbkURyHPhcMY757VWi5AYQFMWKlZN703bXQrEwgErC
A3xm8dprKXijyV6dsUSLembdm/lSuL3G3pOYqcgBgZ/wQ/DaI4mZitaLiCsKix6V
EDvoaC5ttFAVDvsebrYueUixHGoeMhvZTqWWHUaZvteiSJbcH3R1JeEoIbsrPv5D
1wpX+0AAm910TI5aIKYhZZ9ND8CfmkJjAC0M/CNxOmdIgq7oQs+NJpwvh+U6N8NF
ci6g2gkVvsPpk1sDCKzT7QL3iUtPMDyZKoz7BEJfx11iyMwXWi8ajgF8kt2M1z1Y
wemUhlOBaR+F3eR5
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:54:45 2025 by rpki-client