Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/LzoSV3QAbwHwM0jCp_yt6rNcgMU.roa
File: LzoSV3QAbwHwM0jCp_yt6rNcgMU.roa (raw, json)
Hash identifier: hnSerNj7FEnJk81HpykBz5g117BNGH0+Ozgs9nE1yW0=
Subject key identifier: 2F:3A:12:57:74:00:6F:01:F0:33:48:C2:A7:FC:AD:EA:B3:5C:80:C5
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6BFA
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/LzoSV3QAbwHwM0jCp_yt6rNcgMU.roa
Signing time: Sun 15 Jun 2025 00:42:22 +0000
ROA not before: Sun 15 Jun 2025 00:42:22 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27642 (0x6bfa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 15 00:42:22 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=2F3A125774006F01F03348C2A7FCADEAB35C80C5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:cb:a3:3b:46:c9:88:40:c3:c3:a7:b4:ef:c1:
58:a0:49:0f:93:79:66:87:58:d8:33:a7:33:ba:f8:
e6:5d:c7:17:1e:f3:9b:24:53:01:e3:31:c4:76:de:
1a:9a:95:aa:cb:60:f3:b8:ab:1a:9a:dd:76:04:ea:
4f:23:57:31:2f:1f:2c:f3:4f:96:76:62:b7:4b:df:
03:08:31:4e:e8:1d:b4:05:d3:c2:36:d8:4f:44:b2:
6a:c5:d6:c9:e4:18:70:0e:6c:4a:e9:d4:59:21:f3:
23:7d:5b:f0:74:0d:50:72:a8:41:53:1a:e9:5d:a6:
4d:3d:8a:0b:5b:92:8f:ff:2c:45:84:91:8b:1e:de:
4f:1d:c8:cf:90:64:f7:e9:23:68:fa:bb:6d:e1:c6:
7d:9a:ec:2c:dc:a7:a5:df:02:c7:35:35:7f:18:4b:
aa:3a:dd:0e:8f:94:4f:31:d3:28:ef:42:0c:86:a8:
2f:5c:d7:79:e7:09:f3:0d:d2:d1:c7:3c:15:5a:5b:
c6:84:23:51:2e:0d:16:42:c3:af:0d:bf:46:e6:c5:
1a:2e:f6:13:e1:f7:36:7d:27:09:2b:21:32:e0:6c:
8b:b1:0a:a0:72:64:c0:51:eb:f9:b2:b4:39:b9:ca:
24:7a:c3:ff:3a:b2:e3:9a:3d:4d:5c:1b:d0:17:e2:
a9:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:3A:12:57:74:00:6F:01:F0:33:48:C2:A7:FC:AD:EA:B3:5C:80:C5
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/LzoSV3QAbwHwM0jCp_yt6rNcgMU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
49:da:7f:47:2a:45:9e:85:94:df:b5:d8:4e:c3:a2:72:b0:94:
6f:9f:46:9a:11:6c:4b:c0:24:3b:27:29:e6:bf:a1:88:40:5f:
50:a8:10:02:ac:70:0a:9e:d2:80:2a:4d:cd:36:35:2c:11:60:
4d:dd:50:e2:75:db:7d:a8:48:8d:58:56:47:4c:05:87:c1:1f:
74:2a:f7:d7:b1:b0:5d:8e:06:bd:e0:bf:87:4f:82:d2:85:8a:
f5:36:db:ce:37:8b:03:36:e9:b2:55:f4:21:06:c1:ee:35:71:
4a:ad:6e:d7:fb:58:f7:db:69:29:5b:9e:df:ff:37:db:6f:21:
ad:fc:31:85:7b:d3:6b:98:61:02:9e:f3:47:3a:07:a6:e4:43:
37:c4:49:cb:01:87:27:11:41:b5:db:f9:9e:1f:f9:63:35:2e:
ce:86:64:f9:6b:8c:f5:35:2b:ca:36:90:b5:3b:94:8c:b3:81:
33:bf:09:cd:9f:17:9c:29:f5:04:e1:5a:f9:74:06:ce:82:fb:
ce:75:9b:69:a6:4a:68:53:9b:2f:84:74:18:13:1c:33:f3:64:
44:80:fe:35:1c:2c:0c:bf:c2:a3:75:53:60:ad:fa:66:91:29:
27:b9:8b:9e:72:47:85:cc:85:9e:6e:98:72:4a:0c:8d:31:fb:
fe:02:3c:24
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICa/owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTUw
MDQyMjJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDJGM0ExMjU3NzQwMDZG
MDFGMDMzNDhDMkE3RkNBREVBQjM1QzgwQzUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDOy6M7RsmIQMPDp7TvwVigSQ+TeWaHWNgzpzO6+OZdxxce85sk
UwHjMcR23hqalarLYPO4qxqa3XYE6k8jVzEvHyzzT5Z2YrdL3wMIMU7oHbQF08I2
2E9EsmrF1snkGHAObErp1Fkh8yN9W/B0DVByqEFTGuldpk09igtbko//LEWEkYse
3k8dyM+QZPfpI2j6u23hxn2a7Czcp6XfAsc1NX8YS6o63Q6PlE8x0yjvQgyGqC9c
13nnCfMN0tHHPBVaW8aEI1EuDRZCw68Nv0bmxRou9hPh9zZ9JwkrITLgbIuxCqBy
ZMBR6/mytDm5yiR6w/86suOaPU1cG9AX4qlvAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQULzoSV3QAbwHwM0jCp/yt6rNcgMUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0x6b1NWM1FBYndId00w
akNwX3l0NnJOY2dNVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBJ2n9H
KkWehZTftdhOw6JysJRvn0aaEWxLwCQ7Jynmv6GIQF9QqBACrHAKntKAKk3NNjUs
EWBN3VDiddt9qEiNWFZHTAWHwR90KvfXsbBdjga94L+HT4LShYr1NtvON4sDNumy
VfQhBsHuNXFKrW7X+1j322kpW57f/zfbbyGt/DGFe9NrmGECnvNHOgem5EM3xEnL
AYcnEUG12/meH/ljNS7OhmT5a4z1NSvKNpC1O5SMs4EzvwnNnxecKfUE4Vr5dAbO
gvvOdZtppkpoU5svhHQYExwz82REgP41HCwMv8KjdVNgrfpmkSknuYueckeFzIWe
bphySgyNMfv+Ajwk
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:51:41 2025 by rpki-client