Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/uHeLYHcq0-mry5E09KZAR4XdcDg.roa
File: uHeLYHcq0-mry5E09KZAR4XdcDg.roa (raw, json)
Hash identifier: qkcbTc8xwEplXqKxmldh2k53Lp8AroiOm3i/1pLKMcg=
Subject key identifier: B8:77:8B:60:77:2A:D3:E9:AB:CB:91:34:F4:A6:40:47:85:DD:70:38
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 76C8
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/uHeLYHcq0-mry5E09KZAR4XdcDg.roa
Signing time: Mon 14 Jul 2025 02:17:34 +0000
ROA not before: Mon 14 Jul 2025 02:17:34 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30408 (0x76c8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 14 02:17:34 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B8778B60772AD3E9ABCB9134F4A6404785DD7038
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:aa:14:17:7f:ec:a4:0a:41:0a:b8:63:97:19:
56:0c:8e:6a:89:4d:9d:c8:38:99:43:5d:99:21:34:
b9:f7:f0:dd:c0:67:7b:c0:06:78:54:65:a3:bd:4c:
e1:4b:87:e4:bf:b5:a7:d6:81:33:f9:26:73:a3:69:
b3:ff:a9:43:f6:40:f4:68:e0:34:e2:fa:fd:03:4a:
f6:bc:f0:fd:3d:15:94:fa:36:6a:62:4b:f1:cf:17:
d7:99:d0:f4:6e:75:bd:b8:7a:99:09:40:4c:09:21:
a0:60:44:b5:e4:35:29:64:f6:1a:35:a7:0a:01:fa:
f6:61:d0:7c:44:d0:df:e9:21:68:fc:f4:6a:39:ec:
02:9b:0c:61:3f:55:75:38:8a:e0:38:04:cf:93:c4:
de:74:6f:88:67:cd:33:8a:42:1c:e8:85:43:a5:fd:
6f:eb:86:ed:11:dd:d2:47:2b:65:72:fe:a4:7c:86:
bc:90:72:a4:56:0a:70:08:82:fd:f8:3b:b7:e1:91:
c9:41:cd:b4:41:39:35:1a:8a:d2:b5:a8:26:ce:7a:
31:43:77:48:29:07:d6:07:3c:5a:68:e6:19:a1:47:
1a:fc:c7:91:24:14:e1:67:2c:ac:db:b7:d9:06:4a:
ab:d8:78:0d:1a:c4:6b:52:c3:56:f9:0a:1e:16:b0:
96:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B8:77:8B:60:77:2A:D3:E9:AB:CB:91:34:F4:A6:40:47:85:DD:70:38
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/uHeLYHcq0-mry5E09KZAR4XdcDg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
10:02:67:18:50:f6:b5:41:ff:3e:f6:ec:75:26:60:19:f4:42:
5a:56:ab:09:0b:3e:99:4b:3c:9d:fc:5a:cf:6d:78:24:e8:45:
be:96:e5:de:37:98:cc:a2:e8:54:47:7d:c7:84:2d:cb:e2:59:
ff:a3:f4:97:ef:cf:10:d4:e3:d9:a2:3f:00:f4:04:86:1d:b9:
c7:55:3f:e0:b5:df:d0:23:13:41:05:6c:de:ba:8c:80:ae:ec:
e2:78:fb:64:6d:7a:0c:d0:ec:78:51:c2:f4:77:4a:54:cc:38:
ad:de:45:a8:3e:70:f2:e5:2c:2b:f0:ac:7d:b6:27:59:b1:73:
3f:48:e3:a8:64:f9:55:5b:55:05:62:c3:87:f3:cb:85:7b:b3:
2c:5c:40:50:33:ec:e8:33:49:96:dd:65:4c:a0:c6:d0:94:c0:
e5:5e:18:41:e7:3e:62:36:be:c5:8e:fc:bc:f5:c4:fe:13:ff:
3a:44:7c:60:4f:95:e6:de:aa:f2:9f:8a:30:38:68:05:20:7c:
64:5c:5a:b7:3a:9b:2a:42:ec:4a:d0:b1:59:51:30:1d:05:19:
5d:5e:7c:0e:1c:29:22:56:df:6d:81:92:aa:ab:d2:7f:53:20:
c6:d2:0b:02:be:50:d6:f2:2d:94:40:58:4c:10:0a:8d:8c:a9:
18:4e:6f:fe
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdsgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTQw
MjE3MzRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEI4Nzc4QjYwNzcyQUQz
RTlBQkNCOTEzNEY0QTY0MDQ3ODVERDcwMzgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDQqhQXf+ykCkEKuGOXGVYMjmqJTZ3IOJlDXZkhNLn38N3AZ3vA
BnhUZaO9TOFLh+S/tafWgTP5JnOjabP/qUP2QPRo4DTi+v0DSva88P09FZT6Nmpi
S/HPF9eZ0PRudb24epkJQEwJIaBgRLXkNSlk9ho1pwoB+vZh0HxE0N/pIWj89Go5
7AKbDGE/VXU4iuA4BM+TxN50b4hnzTOKQhzohUOl/W/rhu0R3dJHK2Vy/qR8hryQ
cqRWCnAIgv34O7fhkclBzbRBOTUaitK1qCbOejFDd0gpB9YHPFpo5hmhRxr8x5Ek
FOFnLKzbt9kGSqvYeA0axGtSw1b5Ch4WsJbfAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUuHeLYHcq0+mry5E09KZAR4XdcDgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3VIZUxZSGNxMC1tcnk1
RTA5S1pBUjRYZGNEZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAQAmcY
UPa1Qf8+9ux1JmAZ9EJaVqsJCz6ZSzyd/FrPbXgk6EW+luXeN5jMouhUR33HhC3L
4ln/o/SX788Q1OPZoj8A9ASGHbnHVT/gtd/QIxNBBWzeuoyAruziePtkbXoM0Ox4
UcL0d0pUzDit3kWoPnDy5Swr8Kx9tidZsXM/SOOoZPlVW1UFYsOH88uFe7MsXEBQ
M+zoM0mW3WVMoMbQlMDlXhhB5z5iNr7Fjvy89cT+E/86RHxgT5Xm3qryn4owOGgF
IHxkXFq3OpsqQuxK0LFZUTAdBRldXnwOHCkiVt9tgZKqq9J/UyDG0gsCvlDW8i2U
QFhMEAqNjKkYTm/+
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:33:04 2025 by rpki-client