Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Lpmkaby2Mq0aXzYh1Jh5asXFqPA.roa
File: Lpmkaby2Mq0aXzYh1Jh5asXFqPA.roa (raw, json)
Hash identifier: Y9TiVUIPracLFgtuNgstyvYY15benl1+AmAoJCLTIVk=
Subject key identifier: 2E:99:A4:69:BC:B6:32:AD:1A:5F:36:21:D4:98:79:6A:C5:C5:A8:F0
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 78BC
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Lpmkaby2Mq0aXzYh1Jh5asXFqPA.roa
Signing time: Sat 19 Jul 2025 07:12:09 +0000
ROA not before: Sat 19 Jul 2025 07:12:09 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30908 (0x78bc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 19 07:12:09 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=2E99A469BCB632AD1A5F3621D498796AC5C5A8F0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:9e:c3:e3:09:44:02:28:ca:88:12:f4:3e:79:
05:7f:bf:ac:b2:6c:b2:12:43:bc:7e:2c:6d:ee:84:
e1:d4:95:81:f9:6b:e2:5e:54:50:83:be:83:60:ea:
ac:75:fa:c8:f6:b4:08:eb:2e:08:55:8d:c0:31:3a:
09:62:d8:6e:af:b4:66:cf:19:32:78:b8:c3:ef:a0:
6f:1b:17:44:0b:68:84:fe:9e:c5:7e:ec:21:88:70:
81:ac:25:75:0d:24:c6:c5:eb:80:e1:b7:d6:45:8f:
ee:bd:ae:16:a5:2e:ec:05:3d:f3:58:d8:41:83:c0:
7c:e4:d5:2d:0d:98:de:0b:df:3f:2a:d8:47:36:3a:
b2:f3:93:32:63:85:89:29:0d:7a:79:6e:94:1d:89:
34:c1:35:eb:27:c1:6a:bc:0c:27:dc:74:98:35:14:
1e:56:2e:f4:60:4f:3c:5b:e2:3a:06:65:36:38:11:
17:c2:3c:70:40:35:28:cc:4d:1b:e4:31:00:36:69:
86:1c:34:f9:1c:bf:c9:31:09:9e:23:23:be:7d:4e:
a3:ec:a8:7c:ef:a2:cb:cd:60:18:bc:a5:da:55:52:
70:95:a6:47:72:1f:e2:75:f0:57:a7:0b:eb:29:27:
0e:bf:31:0e:54:61:ef:9d:a9:2f:a5:a2:4e:ab:2a:
0b:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:99:A4:69:BC:B6:32:AD:1A:5F:36:21:D4:98:79:6A:C5:C5:A8:F0
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Lpmkaby2Mq0aXzYh1Jh5asXFqPA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
70:83:28:28:3c:2a:a7:45:9c:24:c0:e4:96:27:cd:08:d7:d8:
0b:93:cc:3c:64:3a:93:d4:b9:af:4e:a1:dc:99:53:fc:df:25:
58:15:51:20:b1:d1:7e:14:3e:b4:54:41:01:c8:a1:85:ef:9a:
f9:77:07:8b:4f:df:85:f9:5e:c6:40:54:00:01:a7:49:72:fe:
8c:3e:d7:84:12:6f:7e:3f:b7:5a:9d:0b:a1:59:67:da:13:3b:
ad:1d:4a:1f:1f:e5:35:d4:fc:0c:13:41:4c:9c:3e:7d:8a:38:
f1:a5:98:98:a5:f2:58:b7:72:6e:f6:e3:98:7d:5b:00:57:e4:
10:af:c8:a0:02:3b:af:07:bc:4b:f5:d3:aa:77:8c:24:e6:75:
2d:19:23:f1:7f:0d:86:0d:2c:4b:97:1a:75:dc:b4:56:71:bf:
ae:b0:75:34:8e:16:43:aa:8f:9c:79:f2:f9:f2:23:92:bd:80:
60:84:c5:01:1b:9a:aa:77:73:37:97:eb:09:fd:85:44:0f:68:
db:6a:4e:b8:71:05:76:58:09:60:16:cd:df:80:08:61:cd:80:
55:ae:fc:fe:a9:14:63:d4:94:84:19:da:4d:7d:b1:ba:c5:77:
5b:fc:e5:c5:49:33:f2:df:e4:45:bf:78:62:f2:18:74:97:79:
c6:e7:c9:10
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeLwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTkw
NzEyMDlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDJFOTlBNDY5QkNCNjMy
QUQxQTVGMzYyMUQ0OTg3OTZBQzVDNUE4RjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC3nsPjCUQCKMqIEvQ+eQV/v6yybLISQ7x+LG3uhOHUlYH5a+Je
VFCDvoNg6qx1+sj2tAjrLghVjcAxOgli2G6vtGbPGTJ4uMPvoG8bF0QLaIT+nsV+
7CGIcIGsJXUNJMbF64Dht9ZFj+69rhalLuwFPfNY2EGDwHzk1S0NmN4L3z8q2Ec2
OrLzkzJjhYkpDXp5bpQdiTTBNesnwWq8DCfcdJg1FB5WLvRgTzxb4joGZTY4ERfC
PHBANSjMTRvkMQA2aYYcNPkcv8kxCZ4jI759TqPsqHzvosvNYBi8pdpVUnCVpkdy
H+J18FenC+spJw6/MQ5UYe+dqS+lok6rKgu/AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQULpmkaby2Mq0aXzYh1Jh5asXFqPAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0xwbWthYnkyTXEwYVh6
WWgxSmg1YXNYRnFQQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBwgygo
PCqnRZwkwOSWJ80I19gLk8w8ZDqT1LmvTqHcmVP83yVYFVEgsdF+FD60VEEByKGF
75r5dweLT9+F+V7GQFQAAadJcv6MPteEEm9+P7danQuhWWfaEzutHUofH+U11PwM
E0FMnD59ijjxpZiYpfJYt3Ju9uOYfVsAV+QQr8igAjuvB7xL9dOqd4wk5nUtGSPx
fw2GDSxLlxp13LRWcb+usHU0jhZDqo+cefL58iOSvYBghMUBG5qqd3M3l+sJ/YVE
D2jbak64cQV2WAlgFs3fgAhhzYBVrvz+qRRj1JSEGdpNfbG6xXdb/OXFSTPy3+RF
v3hi8hh0l3nG58kQ
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:57:58 2025 by rpki-client