Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/LFhK-Zs-GfkY6UYI8pJgZU_bgg4.roa
File: LFhK-Zs-GfkY6UYI8pJgZU_bgg4.roa (raw, json)
Hash identifier: xF6/Jdn77yPPdxhy9kEWlitcGoOvF2438fK50tMIMgg=
Subject key identifier: 2C:58:4A:F9:9B:3E:19:F9:18:E9:46:08:F2:92:60:65:4F:DB:82:0E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6F8A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/LFhK-Zs-GfkY6UYI8pJgZU_bgg4.roa
Signing time: Wed 25 Jun 2025 00:14:25 +0000
ROA not before: Wed 25 Jun 2025 00:14:25 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28554 (0x6f8a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 25 00:14:25 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=2C584AF99B3E19F918E94608F29260654FDB820E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:ac:14:cd:03:3e:59:e2:e4:7a:12:34:f8:85:
61:22:c1:a1:36:c0:c7:22:db:db:f6:e7:d7:75:4f:
08:f1:c3:3b:55:25:8c:da:39:6c:af:76:de:ee:c4:
bc:1d:3e:1c:6c:a2:4d:96:64:95:28:4f:e9:cf:79:
ec:2c:93:16:dd:cc:86:e1:c4:f5:02:9a:eb:f3:f6:
13:bf:b4:31:08:03:11:34:3d:a1:9c:89:48:5f:4d:
79:3e:2d:c2:1d:85:02:06:7d:08:fd:57:cf:25:7c:
ca:81:de:db:1d:49:da:75:fe:e2:26:cf:b1:60:b5:
2e:a6:e3:07:c7:8d:59:c1:8b:48:8b:e3:a4:a1:f4:
18:ff:ac:98:eb:07:35:da:4f:ad:5f:7b:ca:68:d4:
3e:61:27:00:dd:df:ad:9e:cc:27:72:62:63:1b:2b:
eb:a4:9d:3b:d6:ef:97:be:62:7b:02:fa:a2:73:be:
0a:01:45:6e:5e:3f:23:20:29:c7:25:63:99:bf:ee:
9d:fa:26:e5:97:97:27:dc:23:c2:2d:af:fa:3b:eb:
cb:ed:10:fb:6f:31:b6:9f:6b:9a:d4:2d:3d:6c:c3:
44:79:dc:80:7e:ef:13:ec:b2:cd:d5:6a:79:63:d4:
5d:ea:d0:12:ad:4c:b4:13:c1:c0:ed:9a:36:e0:da:
1f:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2C:58:4A:F9:9B:3E:19:F9:18:E9:46:08:F2:92:60:65:4F:DB:82:0E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/LFhK-Zs-GfkY6UYI8pJgZU_bgg4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
b7:a5:33:b7:bc:15:7c:be:83:3e:4f:cd:07:ab:95:0e:a8:11:
5c:85:a9:af:a7:0e:c5:79:cc:a7:64:f1:53:b1:04:97:30:db:
d3:6a:da:8d:dd:45:17:73:da:a8:4b:68:1b:43:f8:46:64:4a:
81:62:76:f6:c5:05:e3:9f:82:4d:2a:03:09:1d:2a:76:3f:71:
9f:43:cd:b7:af:ea:ff:a9:c5:bc:75:f1:3a:ad:da:dd:f0:7c:
33:ad:0f:16:bd:8f:cb:ca:bd:ab:32:b0:08:f4:a1:d9:c8:1f:
23:9a:c5:9d:2f:c6:f4:6d:9a:e0:d1:95:ae:be:45:6d:62:7f:
89:47:2e:e8:6f:96:be:8e:39:6c:aa:45:93:49:fb:41:75:d5:
ce:92:da:49:f6:15:66:d2:2f:b5:12:8e:42:e5:e1:f7:74:0e:
7c:e1:fd:f5:3e:00:9d:b9:a7:9b:eb:ad:f8:04:e4:ec:b8:8d:
a2:7e:8b:c4:5b:f0:ab:05:4b:de:32:7c:ad:d0:0c:9a:c5:4c:
49:90:89:66:8b:a2:ea:c0:49:84:ea:40:b1:ac:71:17:3c:c0:
07:b6:3d:20:4d:b9:52:48:fa:e5:94:5d:2c:47:65:f2:0f:e8:
2b:50:b2:c0:c4:fd:44:4d:b8:f6:f1:5e:10:fe:32:f3:23:92:
b7:46:81:9b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICb4owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjUw
MDE0MjVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDJDNTg0QUY5OUIzRTE5
RjkxOEU5NDYwOEYyOTI2MDY1NEZEQjgyMEUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDnrBTNAz5Z4uR6EjT4hWEiwaE2wMci29v259d1TwjxwztVJYza
OWyvdt7uxLwdPhxsok2WZJUoT+nPeewskxbdzIbhxPUCmuvz9hO/tDEIAxE0PaGc
iUhfTXk+LcIdhQIGfQj9V88lfMqB3tsdSdp1/uImz7FgtS6m4wfHjVnBi0iL46Sh
9Bj/rJjrBzXaT61fe8po1D5hJwDd362ezCdyYmMbK+uknTvW75e+YnsC+qJzvgoB
RW5ePyMgKcclY5m/7p36JuWXlyfcI8Itr/o768vtEPtvMbafa5rULT1sw0R53IB+
7xPsss3Vanlj1F3q0BKtTLQTwcDtmjbg2h8rAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQULFhK+Zs+GfkY6UYI8pJgZU/bgg4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0xGaEstWnMtR2ZrWTZV
WUk4cEpnWlVfYmdnNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQC3pTO3
vBV8voM+T80Hq5UOqBFchamvpw7FecynZPFTsQSXMNvTatqN3UUXc9qoS2gbQ/hG
ZEqBYnb2xQXjn4JNKgMJHSp2P3GfQ823r+r/qcW8dfE6rdrd8HwzrQ8WvY/Lyr2r
MrAI9KHZyB8jmsWdL8b0bZrg0ZWuvkVtYn+JRy7ob5a+jjlsqkWTSftBddXOktpJ
9hVm0i+1Eo5C5eH3dA584f31PgCduaeb6634BOTsuI2ifovEW/CrBUveMnyt0Aya
xUxJkIlmi6LqwEmE6kCxrHEXPMAHtj0gTblSSPrllF0sR2XyD+grULLAxP1ETbj2
8V4Q/jLzI5K3RoGb
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:49:37 2025 by rpki-client