Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Lt8s8kuUith3slD1RkHg9QJ_6EE.roa
File: Lt8s8kuUith3slD1RkHg9QJ_6EE.roa (raw, json)
Hash identifier: YkGQyDiT3Q1ODVvP+9uIj0wOMPC9i2ugAElLrBxNInQ=
Subject key identifier: 2E:DF:2C:F2:4B:94:8A:D8:77:B2:50:F5:46:41:E0:F5:02:7F:E8:41
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 76E4
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Lt8s8kuUith3slD1RkHg9QJ_6EE.roa
Signing time: Mon 14 Jul 2025 09:14:42 +0000
ROA not before: Mon 14 Jul 2025 09:14:42 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30436 (0x76e4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 14 09:14:42 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=2EDF2CF24B948AD877B250F54641E0F5027FE841
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:1e:c6:dd:88:d8:2c:6e:86:cb:f9:ab:47:e6:
99:43:3c:15:2e:1e:f7:85:a9:97:0f:81:1d:b1:65:
65:c5:8b:3d:dd:76:0c:50:06:41:f8:52:51:f0:e1:
dd:a7:f9:7d:e4:98:de:10:8e:56:5c:3a:8e:f7:95:
f4:58:1b:0e:e7:22:ab:62:47:ff:3e:b6:a8:41:0a:
5e:6e:0c:95:1b:2e:4d:7d:7e:bc:5f:39:59:be:a4:
ad:62:bb:a6:d5:77:a7:37:80:24:41:70:4e:6b:fe:
9e:2f:3d:ae:cb:0d:c9:dd:43:9b:8a:30:2d:a4:68:
26:fb:99:64:f8:23:cb:01:70:6a:1d:7c:6f:d2:f7:
9e:a6:ae:33:9d:f4:00:bb:36:b3:8f:b6:ec:19:3f:
cf:a1:41:24:8a:72:5d:8d:5a:8f:60:d4:ab:f2:9a:
9c:bf:1c:eb:59:a5:68:63:86:b8:44:19:36:fb:6d:
bd:ba:d7:15:84:5f:ce:20:9f:37:8f:6f:0a:45:41:
21:b5:c2:af:66:77:9c:56:6b:3e:d5:76:74:74:45:
c3:7c:1a:8a:27:ca:4c:e2:9c:8f:af:06:0b:90:86:
7f:f7:38:9a:3f:6e:d3:8e:2d:36:c0:1c:33:be:54:
9e:f8:8b:28:c7:0d:49:71:66:07:b7:4f:5a:77:d2:
ea:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:DF:2C:F2:4B:94:8A:D8:77:B2:50:F5:46:41:E0:F5:02:7F:E8:41
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Lt8s8kuUith3slD1RkHg9QJ_6EE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
01:9b:02:2c:92:72:91:3a:a8:c4:e9:13:68:b0:06:95:68:3b:
d1:f3:92:ef:0f:d5:c0:d3:da:c6:fc:6b:a5:31:13:58:17:60:
a1:2a:39:00:39:2b:96:a0:2b:8d:3f:21:86:f0:6b:4a:6f:cb:
f0:84:7e:0e:fe:df:b2:f8:b9:5e:e9:a4:97:03:fc:9c:1c:14:
20:41:fa:f1:13:fe:36:2e:89:25:9f:a5:31:97:92:a7:6a:48:
b1:32:ce:34:82:ef:25:ed:fa:98:4d:04:b0:88:6e:66:77:ce:
78:6a:c7:47:9d:c3:47:65:cd:b4:e1:9e:01:37:c0:b3:86:d9:
29:6b:0f:7d:d3:e3:5b:39:d9:b7:95:f3:d9:6b:b3:cf:87:a8:
31:75:64:42:95:cf:39:ec:08:01:68:e0:1f:42:f4:e6:3f:6b:
78:60:b0:de:32:df:f1:84:df:b6:74:78:d8:19:40:e1:7e:94:
dc:33:fa:4d:f9:14:37:13:f4:00:9f:7e:73:33:59:c4:2e:1d:
4e:60:cd:15:7c:e0:be:cf:08:44:a7:81:c9:cd:2d:c5:ca:f5:
95:62:fe:ae:71:7a:2e:6f:72:38:d8:c5:61:17:c3:d8:5c:b3:
df:10:db:d6:5f:a1:b6:d9:74:8e:15:fa:37:fa:49:4d:24:d3:
75:33:88:e1
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICduQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTQw
OTE0NDJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDJFREYyQ0YyNEI5NDhB
RDg3N0IyNTBGNTQ2NDFFMEY1MDI3RkU4NDEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCtHsbdiNgsbobL+atH5plDPBUuHveFqZcPgR2xZWXFiz3ddgxQ
BkH4UlHw4d2n+X3kmN4QjlZcOo73lfRYGw7nIqtiR/8+tqhBCl5uDJUbLk19frxf
OVm+pK1iu6bVd6c3gCRBcE5r/p4vPa7LDcndQ5uKMC2kaCb7mWT4I8sBcGodfG/S
956mrjOd9AC7NrOPtuwZP8+hQSSKcl2NWo9g1Kvympy/HOtZpWhjhrhEGTb7bb26
1xWEX84gnzePbwpFQSG1wq9md5xWaz7VdnR0RcN8GoonykzinI+vBguQhn/3OJo/
btOOLTbAHDO+VJ74iyjHDUlxZge3T1p30urnAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQULt8s8kuUith3slD1RkHg9QJ/6EEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0x0OHM4a3VVaXRoM3Ns
RDFSa0hnOVFKXzZFRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQABmwIs
knKROqjE6RNosAaVaDvR85LvD9XA09rG/GulMRNYF2ChKjkAOSuWoCuNPyGG8GtK
b8vwhH4O/t+y+Lle6aSXA/ycHBQgQfrxE/42Lokln6Uxl5KnakixMs40gu8l7fqY
TQSwiG5md854asdHncNHZc204Z4BN8Czhtkpaw990+NbOdm3lfPZa7PPh6gxdWRC
lc857AgBaOAfQvTmP2t4YLDeMt/xhN+2dHjYGUDhfpTcM/pN+RQ3E/QAn35zM1nE
Lh1OYM0VfOC+zwhEp4HJzS3FyvWVYv6ucXoub3I42MVhF8PYXLPfENvWX6G22XSO
Ffo3+klNJNN1M4jh
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:35:13 2025 by rpki-client