Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/L9Sj2kz2-Fsm2RWUXedCMqtOZ00.roa
File: L9Sj2kz2-Fsm2RWUXedCMqtOZ00.roa (raw, json)
Hash identifier: J+FAf0WKfa4xmD9EiEV6tY19ijmo6SfwWqvCd4c4gAw=
Subject key identifier: 2F:D4:A3:DA:4C:F6:F8:5B:26:D9:15:94:5D:E7:42:32:AB:4E:67:4D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 78E0
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/L9Sj2kz2-Fsm2RWUXedCMqtOZ00.roa
Signing time: Sat 19 Jul 2025 16:13:15 +0000
ROA not before: Sat 19 Jul 2025 16:13:15 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30944 (0x78e0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 19 16:13:15 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=2FD4A3DA4CF6F85B26D915945DE74232AB4E674D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:c1:32:0d:90:63:97:29:35:4b:71:32:d0:80:
31:bb:21:a7:39:75:e9:61:3a:74:17:6c:b9:5d:93:
20:42:5c:9a:2f:2f:0c:92:e4:1c:64:e1:1d:01:78:
03:9d:44:9a:e7:07:80:bc:18:c0:3c:83:83:68:ce:
19:74:2d:d6:74:04:e1:7a:d2:bc:91:10:3f:61:50:
ba:5d:4e:8d:44:bd:15:34:f3:4f:61:4e:24:10:60:
10:bd:23:6d:75:f0:0f:60:bd:59:54:7a:22:ba:1c:
ad:21:6c:2b:a3:ef:b3:08:2f:7e:30:b5:d6:b4:f3:
62:4e:56:8a:18:83:f4:b5:2d:e5:e7:72:95:ab:3d:
02:be:fd:e9:1e:16:78:82:4f:95:83:26:f4:bf:a0:
92:33:f5:fa:f3:d0:df:40:df:5f:7b:3f:4b:ed:ed:
44:b3:cd:ea:21:32:7a:bb:ee:38:48:58:30:08:26:
d9:43:40:ab:d1:b7:8f:00:42:a8:5e:ae:e9:b0:4b:
22:1a:5c:38:e5:72:87:82:78:4c:f9:93:94:5b:60:
70:43:aa:41:6f:6e:e8:7e:ed:1d:36:05:18:b1:f4:
1f:5c:d6:c1:c8:e3:c5:c0:e7:44:66:6a:08:ee:d4:
d7:c9:37:d1:0a:57:21:77:4e:e3:46:ec:55:00:61:
9c:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:D4:A3:DA:4C:F6:F8:5B:26:D9:15:94:5D:E7:42:32:AB:4E:67:4D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/L9Sj2kz2-Fsm2RWUXedCMqtOZ00.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
15:51:b0:2f:0d:51:83:3e:3c:db:88:79:c5:5b:d8:ca:9e:83:
4b:b6:44:c9:59:b1:df:ce:a7:73:12:c2:e4:43:fc:27:ae:3a:
32:a0:76:de:0f:a8:7f:b9:c3:88:fd:86:fd:08:b8:fe:83:32:
12:17:f6:cc:9e:e6:5e:db:ee:07:e5:cc:c8:54:f5:96:e9:66:
72:a1:c5:13:96:68:6e:5d:57:a9:14:4b:81:d6:75:42:49:41:
83:0a:ac:1a:28:04:bd:5c:05:a7:9b:a2:e7:31:c2:58:24:75:
93:f5:17:2d:41:4e:e7:02:9c:7c:23:4e:38:4c:ba:79:00:06:
f4:55:33:f9:04:d0:c3:1e:a4:4b:99:62:62:fd:7a:12:26:97:
97:27:ce:2b:c5:88:e5:51:e8:33:fb:ce:0e:7e:d6:d8:f8:36:
92:92:13:08:82:e6:f6:2b:8d:b0:29:45:bd:29:22:7e:69:7d:
7d:7d:cd:9c:fe:7a:7b:4d:fa:f3:82:e6:bf:a5:17:1e:a1:0b:
cc:db:44:2c:00:05:cb:63:ef:7a:20:26:b2:fe:36:6d:8d:30:
8a:5a:0b:a3:14:8e:19:24:5a:18:52:80:c0:19:dd:2a:52:41:
61:ec:93:ad:5d:d0:21:a5:1d:07:30:45:38:2b:f1:9a:0f:71:
30:19:38:68
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeOAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTkx
NjEzMTVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDJGRDRBM0RBNENGNkY4
NUIyNkQ5MTU5NDVERTc0MjMyQUI0RTY3NEQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDfwTINkGOXKTVLcTLQgDG7Iac5delhOnQXbLldkyBCXJovLwyS
5Bxk4R0BeAOdRJrnB4C8GMA8g4Nozhl0LdZ0BOF60ryRED9hULpdTo1EvRU0809h
TiQQYBC9I2118A9gvVlUeiK6HK0hbCuj77MIL34wtda082JOVooYg/S1LeXncpWr
PQK+/ekeFniCT5WDJvS/oJIz9frz0N9A3197P0vt7USzzeohMnq77jhIWDAIJtlD
QKvRt48AQqherumwSyIaXDjlcoeCeEz5k5RbYHBDqkFvbuh+7R02BRix9B9c1sHI
48XA50Rmagju1NfJN9EKVyF3TuNG7FUAYZwFAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUL9Sj2kz2+Fsm2RWUXedCMqtOZ00wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0w5U2oya3oyLUZzbTJS
V1VYZWRDTXF0T1owMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAVUbAv
DVGDPjzbiHnFW9jKnoNLtkTJWbHfzqdzEsLkQ/wnrjoyoHbeD6h/ucOI/Yb9CLj+
gzISF/bMnuZe2+4H5czIVPWW6WZyocUTlmhuXVepFEuB1nVCSUGDCqwaKAS9XAWn
m6LnMcJYJHWT9RctQU7nApx8I044TLp5AAb0VTP5BNDDHqRLmWJi/XoSJpeXJ84r
xYjlUegz+84OftbY+DaSkhMIgub2K42wKUW9KSJ+aX19fc2c/np7Tfrzgua/pRce
oQvM20QsAAXLY+96ICay/jZtjTCKWgujFI4ZJFoYUoDAGd0qUkFh7JOtXdAhpR0H
MEU4K/GaD3EwGTho
-----END CERTIFICATE-----
Generated at Sun Jul 20 16:39:37 2025 by rpki-client