Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/uGnyriBNQzX_WcQNZAaCrE3Bt4k.roa
File: uGnyriBNQzX_WcQNZAaCrE3Bt4k.roa (raw, json)
Hash identifier: YD92WhzXKrKEzl37pxnibm49CDceVze+aDio428Vx/0=
Subject key identifier: B8:69:F2:AE:20:4D:43:35:FF:59:C4:0D:64:06:82:AC:4D:C1:B7:89
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7874
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/uGnyriBNQzX_WcQNZAaCrE3Bt4k.roa
Signing time: Fri 18 Jul 2025 13:13:22 +0000
ROA not before: Fri 18 Jul 2025 13:13:22 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30836 (0x7874)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 18 13:13:22 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B869F2AE204D4335FF59C40D640682AC4DC1B789
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:31:3c:bd:6b:47:1e:79:66:5f:9f:14:9a:99:
33:45:8a:9a:32:ba:9f:ca:46:be:bd:fc:81:84:c8:
16:df:e9:d0:90:57:18:1f:7c:5d:8a:01:05:f9:20:
be:f2:47:51:29:f9:ec:8b:2b:20:45:b2:ce:7a:54:
3e:13:e5:6f:34:6a:bd:be:0c:20:39:35:63:2b:fd:
00:7d:d8:8b:8e:df:c7:8c:22:84:40:18:88:c6:b8:
91:fc:e9:b7:f3:9a:2f:62:e4:00:6c:78:e7:e0:3f:
8e:9f:f6:5e:9d:79:70:4f:ae:87:ef:52:bb:e0:e0:
bd:0c:df:cb:fa:bf:d7:fb:c5:22:e2:7e:ee:54:8e:
d1:64:a3:34:af:e3:05:28:c7:76:fc:3f:b7:3e:33:
53:1f:09:2a:ab:db:0f:b3:4d:b8:f2:5f:34:95:a5:
fc:10:bf:fd:73:bb:a1:e5:ac:f9:ac:e1:ac:4d:f7:
11:24:2c:60:9b:5c:b5:50:39:c9:d1:2d:44:e4:c1:
7c:af:8c:a1:14:d4:74:b3:22:bc:b5:b4:0c:af:19:
eb:61:57:0c:dc:4b:b8:72:ec:15:ea:f2:8b:d1:45:
ff:61:e4:a1:80:83:c6:f3:e1:03:55:d4:38:78:cf:
c8:03:5a:ff:ca:fa:f8:81:aa:02:f2:9d:ea:35:a5:
4f:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B8:69:F2:AE:20:4D:43:35:FF:59:C4:0D:64:06:82:AC:4D:C1:B7:89
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/uGnyriBNQzX_WcQNZAaCrE3Bt4k.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
3c:28:60:3a:06:68:70:75:8e:9a:8b:df:71:68:e0:98:8b:d5:
e4:f9:b9:94:31:92:67:ff:ac:57:eb:73:12:de:c2:8f:19:a9:
24:13:5a:07:e2:87:e0:74:8d:c2:14:e8:4d:50:e5:c0:e4:ff:
f5:e2:82:58:c4:fd:3b:1c:aa:a9:98:58:2a:e0:c7:f2:d2:fe:
88:21:ab:0a:eb:97:7c:d4:eb:f5:ad:e0:a9:4f:a7:b0:86:b1:
58:49:c6:a7:5d:e2:c6:19:85:3c:95:0d:e7:3a:60:f5:d9:90:
c1:7d:3d:60:fb:eb:88:cd:cf:3f:55:79:ec:ea:8e:b7:45:63:
af:fa:77:d8:4c:6b:09:13:1f:ca:03:3a:3c:24:86:f7:fd:63:
dd:c0:ca:a9:9c:bd:f0:c7:40:8b:79:55:d7:83:f7:e4:3f:fb:
2c:fa:f8:79:bd:f0:2e:c1:dd:d8:a2:0b:1c:87:7d:49:f1:7a:
92:66:48:8d:bf:7e:4f:8b:c7:5c:d4:fb:ce:82:00:fc:74:6a:
ca:53:23:13:79:9e:23:5f:5a:bf:df:65:94:06:30:4c:59:87:
7a:6d:4b:04:5d:f4:16:7d:15:a3:11:37:bc:0e:30:be:6c:fa:
1c:b0:f5:3b:5a:16:3f:3c:a2:19:6f:cf:2b:39:31:05:cc:b5:
01:de:23:1f
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeHQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTgx
MzEzMjJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEI4NjlGMkFFMjA0RDQz
MzVGRjU5QzQwRDY0MDY4MkFDNERDMUI3ODkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDXMTy9a0ceeWZfnxSamTNFipoyup/KRr69/IGEyBbf6dCQVxgf
fF2KAQX5IL7yR1Ep+eyLKyBFss56VD4T5W80ar2+DCA5NWMr/QB92IuO38eMIoRA
GIjGuJH86bfzmi9i5ABseOfgP46f9l6deXBProfvUrvg4L0M38v6v9f7xSLifu5U
jtFkozSv4wUox3b8P7c+M1MfCSqr2w+zTbjyXzSVpfwQv/1zu6HlrPms4axN9xEk
LGCbXLVQOcnRLUTkwXyvjKEU1HSzIry1tAyvGethVwzcS7hy7BXq8ovRRf9h5KGA
g8bz4QNV1Dh4z8gDWv/K+viBqgLyneo1pU93AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUuGnyriBNQzX/WcQNZAaCrE3Bt4kwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3VHbnlyaUJOUXpYX1dj
UU5aQWFDckUzQnQ0ay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA8KGA6
BmhwdY6ai99xaOCYi9Xk+bmUMZJn/6xX63MS3sKPGakkE1oH4ofgdI3CFOhNUOXA
5P/14oJYxP07HKqpmFgq4Mfy0v6IIasK65d81Ov1reCpT6ewhrFYScanXeLGGYU8
lQ3nOmD12ZDBfT1g++uIzc8/VXns6o63RWOv+nfYTGsJEx/KAzo8JIb3/WPdwMqp
nL3wx0CLeVXXg/fkP/ss+vh5vfAuwd3Yogsch31J8XqSZkiNv35Pi8dc1PvOggD8
dGrKUyMTeZ4jX1q/32WUBjBMWYd6bUsEXfQWfRWjETe8DjC+bPocsPU7WhY/PKIZ
b88rOTEFzLUB3iMf
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:53:27 2025 by rpki-client