Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/KLlkO5wd7i6ENhGQWemzRqUHIB8.roa
File: KLlkO5wd7i6ENhGQWemzRqUHIB8.roa (raw, json)
Hash identifier: oNB64tnDrvjseuTwC6OJeeCOiuzLSUuu4ktjlWLuUUg=
Subject key identifier: 28:B9:64:3B:9C:1D:EE:2E:84:36:11:90:59:E9:B3:46:A5:07:20:1F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 70F0
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/KLlkO5wd7i6ENhGQWemzRqUHIB8.roa
Signing time: Sat 28 Jun 2025 11:44:43 +0000
ROA not before: Sat 28 Jun 2025 11:44:43 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28912 (0x70f0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 28 11:44:43 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=28B9643B9C1DEE2E8436119059E9B346A507201F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:ce:90:38:25:98:55:43:d1:a1:1e:85:71:8f:
a6:76:7f:fb:e9:95:c0:fc:0c:80:62:84:b3:86:e5:
da:e0:f7:30:0c:c9:c1:37:9f:35:a1:4a:93:59:db:
e3:6d:e1:f7:29:c7:af:da:aa:6f:be:fc:36:a3:db:
22:92:08:e5:1a:bb:21:bd:c5:dc:f6:03:cc:5b:72:
48:a5:8f:e5:9f:92:6e:5b:9e:2d:b0:a7:66:ed:9d:
ff:96:6f:f5:8d:2f:31:31:c6:36:42:87:28:47:f8:
a1:c5:03:ed:3b:3f:a0:74:d8:f3:11:96:34:86:72:
51:08:73:85:f9:c9:f2:26:5c:0a:0f:ba:f0:5c:c4:
62:7c:25:77:ae:f4:07:41:cb:7b:3d:c8:6f:c7:12:
68:db:98:95:10:41:e3:0d:25:68:e9:e2:72:10:0c:
ae:fd:8d:c4:bd:70:c0:8a:7f:35:2f:ca:02:95:39:
ea:50:5b:12:0d:15:e8:6f:06:ab:79:78:97:20:6a:
48:0e:1c:0f:29:d3:98:07:67:6a:de:3e:22:97:2d:
7a:96:43:ae:95:8a:dc:15:36:dd:d0:51:26:cd:31:
ac:ac:03:7e:0a:46:c0:fb:d7:17:74:62:0f:3c:00:
f1:c2:6c:91:0c:61:ef:2e:b5:05:7d:56:0c:02:94:
90:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:B9:64:3B:9C:1D:EE:2E:84:36:11:90:59:E9:B3:46:A5:07:20:1F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/KLlkO5wd7i6ENhGQWemzRqUHIB8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
5a:81:e2:78:27:b2:a7:52:b1:a4:4d:f5:84:f3:fa:49:4e:1d:
8a:b5:a1:0d:15:9f:a9:e6:00:91:fd:74:33:b0:b5:62:5d:3f:
6c:1a:15:33:25:30:87:4a:b6:c1:b6:e5:d9:f7:9e:7f:75:97:
2b:5a:ab:b2:39:fc:f4:c2:64:31:3f:f4:b3:6a:92:59:2f:ac:
a0:58:c0:ea:98:65:ac:8c:b5:0d:23:6f:8b:f7:84:80:74:4b:
4e:d7:78:e0:2f:c8:e2:f4:b5:8b:b5:9a:2d:21:ed:c8:e2:a8:
08:f6:40:ac:cc:54:23:6c:90:1d:a2:66:a2:16:f8:6f:7b:d6:
f0:64:bd:08:ca:60:0a:42:55:f6:9a:83:63:b6:c7:c3:21:8b:
7d:fa:f0:10:ec:46:81:ac:33:77:bb:88:6c:56:a2:ca:10:96:
9a:fd:8d:92:f9:2e:38:b1:bc:e6:a5:84:9c:eb:30:d0:5c:c4:
58:1b:29:a1:29:74:8b:b5:64:a1:6b:50:7e:1d:5e:2b:8b:11:
2a:ce:8c:6e:02:b5:2e:6c:d9:53:9e:f9:23:d5:76:97:d0:96:
a8:a3:cf:32:8b:5f:66:24:c1:1a:36:a1:97:81:3a:56:7a:e7:
f6:6b:4e:32:59:c8:17:a2:55:6e:b3:ef:93:8e:75:48:20:b7:
61:7e:e5:51
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcPAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2Mjgx
MTQ0NDNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDI4Qjk2NDNCOUMxREVF
MkU4NDM2MTE5MDU5RTlCMzQ2QTUwNzIwMUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKzpA4JZhVQ9GhHoVxj6Z2f/vplcD8DIBihLOG5drg9zAMycE3
nzWhSpNZ2+Nt4fcpx6/aqm++/Daj2yKSCOUauyG9xdz2A8xbckilj+Wfkm5bni2w
p2btnf+Wb/WNLzExxjZChyhH+KHFA+07P6B02PMRljSGclEIc4X5yfImXAoPuvBc
xGJ8JXeu9AdBy3s9yG/HEmjbmJUQQeMNJWjp4nIQDK79jcS9cMCKfzUvygKVOepQ
WxINFehvBqt5eJcgakgOHA8p05gHZ2rePiKXLXqWQ66VitwVNt3QUSbNMaysA34K
RsD71xd0Yg88APHCbJEMYe8utQV9VgwClJBlAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUKLlkO5wd7i6ENhGQWemzRqUHIB8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0tMbGtPNXdkN2k2RU5o
R1FXZW16UnFVSElCOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBageJ4
J7KnUrGkTfWE8/pJTh2KtaENFZ+p5gCR/XQzsLViXT9sGhUzJTCHSrbBtuXZ955/
dZcrWquyOfz0wmQxP/SzapJZL6ygWMDqmGWsjLUNI2+L94SAdEtO13jgL8ji9LWL
tZotIe3I4qgI9kCszFQjbJAdomaiFvhve9bwZL0IymAKQlX2moNjtsfDIYt9+vAQ
7EaBrDN3u4hsVqLKEJaa/Y2S+S44sbzmpYSc6zDQXMRYGymhKXSLtWSha1B+HV4r
ixEqzoxuArUubNlTnvkj1XaX0Jaoo88yi19mJMEaNqGXgTpWeuf2a04yWcgXolVu
s++TjnVIILdhfuVR
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:35:48 2025 by rpki-client