Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/UKSMBA2CtE9nuBNgkw_I5lKp1QQ.roa
File: UKSMBA2CtE9nuBNgkw_I5lKp1QQ.roa (raw, json)
Hash identifier: RXDsqbZOOrAK9713di1bBxq35ndeWUmG+4Kdzi4XH1Y=
Subject key identifier: 50:A4:8C:04:0D:82:B4:4F:67:B8:13:60:93:0F:C8:E6:52:A9:D5:04
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 60AA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/UKSMBA2CtE9nuBNgkw_I5lKp1QQ.roa
Signing time: Thu 15 May 2025 20:40:36 +0000
ROA not before: Thu 15 May 2025 20:40:36 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24746 (0x60aa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 15 20:40:36 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=50A48C040D82B44F67B81360930FC8E652A9D504
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:3d:ad:c4:f1:81:5b:a3:d3:fd:47:1d:b4:5d:
78:35:6d:5f:c5:bd:a5:34:81:77:95:25:27:67:e4:
7a:3b:72:12:62:cf:84:f7:0c:0f:18:f7:d6:ca:de:
09:02:b2:46:9d:3d:b2:42:aa:6b:fd:9f:c1:0c:70:
9d:f1:1e:cd:a8:2b:20:df:83:1f:e3:36:7b:94:45:
b0:f4:47:ff:fc:a3:03:9f:ed:92:20:06:51:c0:3e:
8b:24:f9:ed:9e:77:c2:4a:ba:b9:31:70:7a:50:22:
99:93:64:9c:47:cd:3b:54:16:ba:bd:3f:a6:e4:bc:
ac:03:40:b4:ab:af:48:83:d0:58:09:fe:94:fa:8a:
73:43:d3:1e:54:d5:1e:0e:df:34:91:5a:04:cf:28:
b0:54:05:09:64:b3:58:f6:2d:81:44:3b:8a:f0:1e:
87:d5:53:c3:48:83:82:d7:d6:6e:4e:19:35:18:b1:
46:21:53:61:94:eb:ee:8c:e8:c8:3d:50:33:f0:e4:
12:35:8a:60:53:15:09:50:7b:3d:a2:49:45:69:f5:
3c:09:8e:3f:15:28:ed:be:49:12:cb:98:87:13:80:
9f:45:f7:5f:78:b0:b2:3d:23:d3:ee:f0:ba:7c:e4:
23:c1:96:82:65:3e:a9:aa:1a:24:55:61:77:11:a1:
e1:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
50:A4:8C:04:0D:82:B4:4F:67:B8:13:60:93:0F:C8:E6:52:A9:D5:04
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/UKSMBA2CtE9nuBNgkw_I5lKp1QQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
17:99:75:bf:b7:91:cb:d8:e2:09:30:f6:35:dd:74:77:65:6a:
7d:5c:82:16:31:f4:15:ca:5d:f0:5c:0c:80:a3:cd:9d:bc:2e:
06:80:12:e7:7e:9e:53:3d:29:d2:cb:5b:b0:7e:e0:4b:e5:9d:
bc:9e:9a:47:b1:b9:6c:69:01:1a:e7:25:5b:f5:a5:c1:be:26:
4e:80:4f:2a:51:5b:3a:09:db:87:88:76:9b:12:91:cc:60:7b:
44:d4:d5:fa:2e:5c:f6:52:3a:6c:71:ca:92:43:34:b3:41:12:
65:7d:4b:fc:6a:2a:84:7d:b4:5b:9e:08:b8:db:ea:6f:bc:08:
78:ca:1e:28:65:a6:91:5a:05:4e:c6:59:86:d2:d9:dd:57:42:
eb:b4:68:78:8e:25:87:af:9e:f4:0a:aa:9f:b6:a2:3b:d8:3e:
ee:3f:13:03:3b:e2:bf:4d:25:58:77:0b:5e:63:c8:f6:a7:c3:
e6:7a:b7:2e:7d:58:f5:5d:5f:f2:0c:52:61:bf:c5:56:6c:49:
49:7a:bd:d3:63:e7:8b:ef:d6:35:aa:89:7a:84:43:c3:bf:54:
1b:53:80:90:a6:a2:98:57:a8:d5:ba:cd:62:94:84:15:f7:57:
93:7d:02:3c:07:4e:60:56:c2:76:01:0b:c2:e1:08:b7:fe:fa:
9b:13:5c:21
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYKowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTUy
MDQwMzZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDUwQTQ4QzA0MEQ4MkI0
NEY2N0I4MTM2MDkzMEZDOEU2NTJBOUQ1MDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDVPa3E8YFbo9P9Rx20XXg1bV/FvaU0gXeVJSdn5Ho7chJiz4T3
DA8Y99bK3gkCskadPbJCqmv9n8EMcJ3xHs2oKyDfgx/jNnuURbD0R//8owOf7ZIg
BlHAPosk+e2ed8JKurkxcHpQIpmTZJxHzTtUFrq9P6bkvKwDQLSrr0iD0FgJ/pT6
inND0x5U1R4O3zSRWgTPKLBUBQlks1j2LYFEO4rwHofVU8NIg4LX1m5OGTUYsUYh
U2GU6+6M6Mg9UDPw5BI1imBTFQlQez2iSUVp9TwJjj8VKO2+SRLLmIcTgJ9F9194
sLI9I9Pu8Lp85CPBloJlPqmqGiRVYXcRoeEHAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUUKSMBA2CtE9nuBNgkw/I5lKp1QQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1VLU01CQTJDdEU5bnVC
Tmdrd19JNWxLcDFRUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAXmXW/
t5HL2OIJMPY13XR3ZWp9XIIWMfQVyl3wXAyAo82dvC4GgBLnfp5TPSnSy1uwfuBL
5Z28nppHsblsaQEa5yVb9aXBviZOgE8qUVs6CduHiHabEpHMYHtE1NX6Llz2Ujps
ccqSQzSzQRJlfUv8aiqEfbRbngi42+pvvAh4yh4oZaaRWgVOxlmG0tndV0LrtGh4
jiWHr570CqqftqI72D7uPxMDO+K/TSVYdwteY8j2p8PmercufVj1XV/yDFJhv8VW
bElJer3TY+eL79Y1qol6hEPDv1QbU4CQpqKYV6jVus1ilIQV91eTfQI8B05gVsJ2
AQvC4Qi3/vqbE1wh
-----END CERTIFICATE-----
Generated at Sun May 18 03:30:55 2025 by rpki-client