Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/uX1hBmtgcxJEF6OszExVVT0DFc8.roa
File: uX1hBmtgcxJEF6OszExVVT0DFc8.roa (raw, json)
Hash identifier: H4YD8ccsnKaMkJNqB77xlleAIHpVRI7aNy0CgkF1vNk=
Subject key identifier: B9:7D:61:06:6B:60:73:12:44:17:A3:AC:CC:4C:55:55:3D:03:15:CF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 70C4
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/uX1hBmtgcxJEF6OszExVVT0DFc8.roa
Signing time: Sat 28 Jun 2025 00:44:27 +0000
ROA not before: Sat 28 Jun 2025 00:44:27 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28868 (0x70c4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 28 00:44:27 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B97D61066B6073124417A3ACCC4C55553D0315CF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:60:92:da:d3:52:7a:c2:4c:e4:ca:e9:06:ba:
11:26:88:69:d1:eb:ba:08:3c:b9:c3:c9:5b:85:88:
93:6c:13:54:e1:10:42:0a:bb:45:0e:19:1c:4c:aa:
78:f0:d2:77:16:82:0c:51:2c:9f:66:20:00:43:18:
69:15:15:a2:e1:90:6d:5d:66:83:40:08:0d:0a:4f:
67:5f:31:27:ea:f1:70:60:91:84:f6:b9:32:82:1d:
2e:09:dd:0f:b3:da:11:11:0c:98:b2:2d:d9:59:43:
b5:aa:1f:d4:47:c1:68:51:73:58:1e:d3:49:3e:a4:
37:56:40:4c:a2:8d:26:c4:b2:39:78:7a:55:79:14:
64:40:75:db:9d:e2:6d:93:20:58:75:cc:61:c8:5a:
5b:da:08:7c:73:19:4f:53:74:c7:6c:5e:7c:87:6b:
fc:8d:0a:ac:42:95:4d:e4:e5:00:06:03:31:c2:eb:
5b:4a:a1:91:01:eb:20:eb:4a:18:5d:1a:e1:8a:84:
41:b8:b2:bb:e5:6e:8a:b6:9c:ec:38:f9:23:02:fe:
53:c4:68:12:e0:0e:c6:20:5e:85:be:e2:cf:d8:45:
8d:5f:6f:4b:8f:ec:e9:9e:0f:af:99:ea:2b:ff:14:
46:a6:1c:a6:3a:4d:72:6a:50:ef:b1:6f:c1:54:a1:
b7:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B9:7D:61:06:6B:60:73:12:44:17:A3:AC:CC:4C:55:55:3D:03:15:CF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/uX1hBmtgcxJEF6OszExVVT0DFc8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
43:30:0f:3d:02:26:0e:46:64:87:d9:0d:fc:10:57:c2:cf:eb:
ea:0c:7c:a9:4a:7d:e8:13:64:3c:59:17:19:63:ef:0f:aa:b5:
27:67:d0:1d:5d:24:46:20:d3:a9:f9:a9:e4:c6:70:60:81:7a:
2a:45:59:14:4c:e1:8d:cb:67:2b:a1:75:f4:27:79:0f:af:28:
58:ac:b5:17:03:f3:bf:77:0a:d0:47:7d:92:6e:74:01:b3:89:
31:9e:e2:08:cf:ba:69:92:e0:ef:7c:df:bd:89:86:6c:54:c7:
b5:ea:e2:13:03:8b:bd:d0:95:8b:89:f0:f9:e2:b8:c3:ce:b3:
b1:36:01:9f:c6:95:f2:cb:90:80:18:59:c0:f9:66:56:a2:c5:
71:67:6b:25:70:11:ed:c2:6e:b4:f1:ea:10:ca:c7:bd:ff:64:
92:45:0d:41:b5:25:94:ef:93:a3:c1:06:12:68:6b:85:52:b6:
f7:1b:61:b8:9c:8e:eb:f1:0d:95:c4:31:da:03:32:8f:c7:3a:
48:49:c8:4f:72:90:03:ad:e1:aa:a4:e5:88:dc:76:60:81:30:
6a:d4:ce:e8:5f:12:3a:6e:a5:46:91:77:9b:26:f3:24:89:fc:
be:b8:e3:da:3e:bf:63:08:0e:37:f2:c8:2c:4c:45:54:6d:5b:
ff:cc:11:d0
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcMQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2Mjgw
MDQ0MjdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEI5N0Q2MTA2NkI2MDcz
MTI0NDE3QTNBQ0NDNEM1NTU1M0QwMzE1Q0YwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCsYJLa01J6wkzkyukGuhEmiGnR67oIPLnDyVuFiJNsE1ThEEIK
u0UOGRxMqnjw0ncWggxRLJ9mIABDGGkVFaLhkG1dZoNACA0KT2dfMSfq8XBgkYT2
uTKCHS4J3Q+z2hERDJiyLdlZQ7WqH9RHwWhRc1ge00k+pDdWQEyijSbEsjl4elV5
FGRAddud4m2TIFh1zGHIWlvaCHxzGU9TdMdsXnyHa/yNCqxClU3k5QAGAzHC61tK
oZEB6yDrShhdGuGKhEG4srvlboq2nOw4+SMC/lPEaBLgDsYgXoW+4s/YRY1fb0uP
7OmeD6+Z6iv/FEamHKY6TXJqUO+xb8FUobftAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUuX1hBmtgcxJEF6OszExVVT0DFc8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3VYMWhCbXRnY3hKRUY2
T3N6RXhWVlQwREZjOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBDMA89
AiYORmSH2Q38EFfCz+vqDHypSn3oE2Q8WRcZY+8PqrUnZ9AdXSRGINOp+ankxnBg
gXoqRVkUTOGNy2croXX0J3kPryhYrLUXA/O/dwrQR32SbnQBs4kxnuIIz7ppkuDv
fN+9iYZsVMe16uITA4u90JWLifD54rjDzrOxNgGfxpXyy5CAGFnA+WZWosVxZ2sl
cBHtwm608eoQyse9/2SSRQ1BtSWU75OjwQYSaGuFUrb3G2G4nI7r8Q2VxDHaAzKP
xzpISchPcpADreGqpOWI3HZggTBq1M7oXxI6bqVGkXebJvMkify+uOPaPr9jCA43
8sgsTEVUbVv/zBHQ
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:46:35 2025 by rpki-client