Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/uNfVJpSrnYInPRfpwvjHHxmaeig.roa
File: uNfVJpSrnYInPRfpwvjHHxmaeig.roa (raw, json)
Hash identifier: 4SVB/68rOj+sCKXtxZ0jTiU4yuMBQXB8NCnMVGmS4HY=
Subject key identifier: B8:D7:D5:26:94:AB:9D:82:27:3D:17:E9:C2:F8:C7:1F:19:9A:7A:28
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 77AA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/uNfVJpSrnYInPRfpwvjHHxmaeig.roa
Signing time: Wed 16 Jul 2025 10:42:42 +0000
ROA not before: Wed 16 Jul 2025 10:42:42 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30634 (0x77aa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 16 10:42:42 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B8D7D52694AB9D82273D17E9C2F8C71F199A7A28
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:34:dc:ff:73:48:a4:5c:d4:b0:cf:8e:31:57:
02:91:75:ed:88:9b:95:2d:63:52:61:37:b9:bf:b5:
a7:8c:3d:c6:70:f7:cd:83:b5:a3:c8:45:3c:e7:84:
f0:ee:7d:8c:59:32:3a:7b:66:b6:83:07:27:a2:f2:
95:01:09:ad:18:1b:1b:f5:aa:35:86:a5:ca:b3:70:
41:6b:f8:5b:4c:0b:65:50:1d:27:a1:cc:d6:2d:da:
5d:17:b7:8e:9d:a5:c1:11:7f:33:56:b7:56:43:1a:
42:fa:d7:8e:74:a9:b5:5c:ff:d7:91:55:43:90:64:
57:ab:5f:27:b1:e4:29:42:77:0e:43:f2:9b:ee:ad:
d6:89:e3:0b:be:a4:b5:dc:0d:f6:ca:b7:1d:6f:10:
b0:91:68:0b:6b:ac:9f:03:a1:a5:23:f2:1a:90:08:
d7:84:6d:2e:39:f3:4f:a3:ee:13:8b:bd:f1:63:73:
7e:bd:f3:6a:68:da:e6:fa:88:7d:a9:f7:d7:f1:7b:
44:a8:24:e4:2a:cc:de:b4:2d:92:be:ae:d5:35:a3:
21:f7:79:a1:94:ca:82:85:f1:a0:51:71:74:a7:9c:
54:91:9f:d9:ef:c7:91:01:73:31:1a:ce:ed:51:1a:
72:4a:c1:ec:e5:89:78:c5:71:6d:92:01:08:64:98:
88:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B8:D7:D5:26:94:AB:9D:82:27:3D:17:E9:C2:F8:C7:1F:19:9A:7A:28
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/uNfVJpSrnYInPRfpwvjHHxmaeig.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
06:4c:00:a9:5c:0f:2e:4f:a2:0b:7b:97:6c:f3:00:be:d7:ff:
da:5c:ef:02:23:69:bd:18:e1:33:e4:32:1c:eb:0b:2f:c4:97:
09:ee:18:a1:24:56:80:ee:1d:88:7d:d4:4e:a3:48:4e:75:66:
e6:19:fd:a1:95:7d:d3:e6:7e:e7:00:1e:1f:5e:ce:7e:32:db:
dc:2b:94:89:5f:56:fc:22:b0:18:26:21:3c:29:bb:03:99:4a:
82:95:38:63:da:d8:0f:66:a4:29:aa:45:0e:0b:47:ea:40:3b:
c3:8a:48:cc:59:e3:23:00:07:b3:85:40:db:65:7e:99:f6:48:
ea:c4:a4:e4:38:9c:5a:35:b9:b3:0a:13:aa:cc:a0:b9:f5:82:
c5:03:77:6c:38:ce:e6:12:6b:5d:d1:f5:d7:9f:d3:ce:b3:71:
bd:75:80:fc:a9:98:e8:8f:35:fd:d6:b9:5e:98:43:5d:d0:57:
cc:88:b0:07:b0:bc:a4:f2:d0:4a:fb:9f:13:f6:e4:97:d2:a0:
9b:92:23:e7:a2:61:77:bf:6f:57:23:4f:aa:2b:cf:2b:c5:1f:
5f:f7:b1:41:2c:f0:51:98:b8:63:3e:b9:bd:24:f9:69:56:6b:
59:77:50:7c:68:77:23:9c:b7:32:1b:8c:a7:38:11:c2:10:ec:
fc:7f:72:9b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICd6owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTYx
MDQyNDJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEI4RDdENTI2OTRBQjlE
ODIyNzNEMTdFOUMyRjhDNzFGMTk5QTdBMjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDrNNz/c0ikXNSwz44xVwKRde2Im5UtY1JhN7m/taeMPcZw982D
taPIRTznhPDufYxZMjp7ZraDByei8pUBCa0YGxv1qjWGpcqzcEFr+FtMC2VQHSeh
zNYt2l0Xt46dpcERfzNWt1ZDGkL61450qbVc/9eRVUOQZFerXyex5ClCdw5D8pvu
rdaJ4wu+pLXcDfbKtx1vELCRaAtrrJ8DoaUj8hqQCNeEbS4580+j7hOLvfFjc369
82po2ub6iH2p99fxe0SoJOQqzN60LZK+rtU1oyH3eaGUyoKF8aBRcXSnnFSRn9nv
x5EBczEazu1RGnJKwezliXjFcW2SAQhkmIjbAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUuNfVJpSrnYInPRfpwvjHHxmaeigwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3VOZlZKcFNybllJblBS
ZnB3dmpISHhtYWVpZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAGTACp
XA8uT6ILe5ds8wC+1//aXO8CI2m9GOEz5DIc6wsvxJcJ7hihJFaA7h2IfdROo0hO
dWbmGf2hlX3T5n7nAB4fXs5+MtvcK5SJX1b8IrAYJiE8KbsDmUqClThj2tgPZqQp
qkUOC0fqQDvDikjMWeMjAAezhUDbZX6Z9kjqxKTkOJxaNbmzChOqzKC59YLFA3ds
OM7mEmtd0fXXn9POs3G9dYD8qZjojzX91rlemENd0FfMiLAHsLyk8tBK+58T9uSX
0qCbkiPnomF3v29XI0+qK88rxR9f97FBLPBRmLhjPrm9JPlpVmtZd1B8aHcjnLcy
G4ynOBHCEOz8f3Kb
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:46:32 2025 by rpki-client