Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/uLf79okX-kh3PFXGKsJYo5iYjfc.roa
File: uLf79okX-kh3PFXGKsJYo5iYjfc.roa (raw, json)
Hash identifier: Dci1Y09Pw+MOL91p73azp4RDQbOKDnYEQi2ngWlzsrE=
Subject key identifier: B8:B7:FB:F6:89:17:FA:48:77:3C:55:C6:2A:C2:58:A3:98:98:8D:F7
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6E2A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/uLf79okX-kh3PFXGKsJYo5iYjfc.roa
Signing time: Sat 21 Jun 2025 08:14:06 +0000
ROA not before: Sat 21 Jun 2025 08:14:06 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28202 (0x6e2a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 21 08:14:06 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B8B7FBF68917FA48773C55C62AC258A398988DF7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f0:28:4a:28:7f:6e:1e:69:fc:05:aa:b6:cf:22:
59:13:ec:57:75:e3:5d:1e:46:0a:d0:ff:ad:5a:0c:
2b:21:42:f8:02:1f:38:93:d1:b0:4d:cd:d4:47:84:
7c:73:a0:13:af:41:86:53:cd:d9:81:3a:cc:c7:5c:
66:1f:e5:23:ef:78:8e:07:d0:70:19:0a:e4:4f:64:
b1:82:97:9a:88:e6:3b:18:31:f9:f3:ef:83:57:5f:
d6:cf:a7:28:41:6b:ac:05:db:91:da:74:c3:f3:ec:
d3:80:ad:b8:12:65:d4:85:dc:47:9d:e0:d9:46:2c:
aa:c5:04:ef:62:03:8c:43:1a:94:06:dc:7b:5d:f4:
bc:91:59:93:15:90:79:5a:36:3b:55:71:f7:07:69:
74:2a:4f:79:4f:65:13:ae:82:a1:4a:eb:c2:f6:50:
ab:51:a0:21:52:cd:9e:58:34:43:cd:93:68:e1:2d:
de:37:1a:1f:26:4b:2a:a5:7f:15:56:c2:06:8a:72:
34:7a:b1:89:61:b6:87:12:c2:8b:5c:fe:77:1d:3c:
e2:48:3c:5a:18:6e:f6:b8:7b:96:d5:c8:4d:4c:15:
b1:98:83:2d:d8:4a:0d:b2:1e:a5:d0:e9:df:c7:11:
ab:dd:3d:5f:c7:4b:f4:28:e6:6a:a5:10:fa:d2:c8:
d7:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B8:B7:FB:F6:89:17:FA:48:77:3C:55:C6:2A:C2:58:A3:98:98:8D:F7
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/uLf79okX-kh3PFXGKsJYo5iYjfc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
8b:ee:15:21:d4:b4:8d:cd:1f:c6:d6:f0:6d:c0:7e:b8:84:6d:
25:62:66:5a:c4:8b:05:de:d2:f9:01:49:22:84:39:19:94:0b:
49:c0:d5:c2:ac:af:22:a3:0b:87:66:3c:7a:dd:c1:d5:63:4a:
7c:68:36:ad:d2:c9:76:ba:b7:ee:ee:5e:ac:7b:91:7a:62:f1:
78:a2:b9:22:04:7c:89:47:c7:43:24:7f:5b:cc:f0:f8:f4:b5:
f1:5b:eb:dc:51:a2:c8:a9:27:77:77:a4:4a:e7:70:b5:a2:7a:
f4:9d:86:74:ab:f5:28:0a:2e:3e:a6:97:3f:70:f5:1b:87:ec:
f6:d8:57:2a:86:1b:87:e9:87:cf:a2:e5:cf:3d:1b:2b:ac:da:
4a:0a:ad:c9:a3:d0:87:56:0b:0b:ea:1b:7e:91:ee:3b:7a:b1:
7d:ee:fa:13:12:e5:83:08:b7:e8:65:ac:63:1b:6e:ec:32:b9:
ee:e0:18:c8:c0:41:3b:2a:c6:a8:2d:7a:ac:f9:6b:4c:c3:98:
4c:a2:13:90:00:5e:2b:ea:f1:e2:01:10:74:d7:4b:b2:3a:54:
cc:8b:27:cc:39:5b:1e:5d:59:e1:be:bf:f4:d7:7a:9b:a8:76:
44:a7:f6:ba:4a:94:23:3d:8f:f9:3c:24:aa:09:8a:98:64:cd:
cd:1a:ed:81
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbiowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjEw
ODE0MDZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEI4QjdGQkY2ODkxN0ZB
NDg3NzNDNTVDNjJBQzI1OEEzOTg5ODhERjcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDwKEoof24eafwFqrbPIlkT7Fd1410eRgrQ/61aDCshQvgCHziT
0bBNzdRHhHxzoBOvQYZTzdmBOszHXGYf5SPveI4H0HAZCuRPZLGCl5qI5jsYMfnz
74NXX9bPpyhBa6wF25HadMPz7NOArbgSZdSF3Eed4NlGLKrFBO9iA4xDGpQG3Htd
9LyRWZMVkHlaNjtVcfcHaXQqT3lPZROugqFK68L2UKtRoCFSzZ5YNEPNk2jhLd43
Gh8mSyqlfxVWwgaKcjR6sYlhtocSwotc/ncdPOJIPFoYbva4e5bVyE1MFbGYgy3Y
Sg2yHqXQ6d/HEavdPV/HS/Qo5mqlEPrSyNf1AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUuLf79okX+kh3PFXGKsJYo5iYjfcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3VMZjc5b2tYLWtoM1BG
WEdLc0pZbzVpWWpmYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCL7hUh
1LSNzR/G1vBtwH64hG0lYmZaxIsF3tL5AUkihDkZlAtJwNXCrK8iowuHZjx63cHV
Y0p8aDat0sl2urfu7l6se5F6YvF4orkiBHyJR8dDJH9bzPD49LXxW+vcUaLIqSd3
d6RK53C1onr0nYZ0q/UoCi4+ppc/cPUbh+z22FcqhhuH6YfPouXPPRsrrNpKCq3J
o9CHVgsL6ht+ke47erF97voTEuWDCLfoZaxjG27sMrnu4BjIwEE7KsaoLXqs+WtM
w5hMohOQAF4r6vHiARB010uyOlTMiyfMOVseXVnhvr/013qbqHZEp/a6SpQjPY/5
PCSqCYqYZM3NGu2B
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:45:48 2025 by rpki-client