Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/lFsa3y-xxCcha4Ur85v4_whZQ90.roa
File: lFsa3y-xxCcha4Ur85v4_whZQ90.roa (raw, json)
Hash identifier: 8jQHpsEGVc72TxJazStEWxn0+Y0yzosNMUFbqvPJATM=
Subject key identifier: 94:5B:1A:DF:2F:B1:C4:27:21:6B:85:2B:F3:9B:F8:FF:08:59:43:DD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7602
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/lFsa3y-xxCcha4Ur85v4_whZQ90.roa
Signing time: Sat 12 Jul 2025 00:41:37 +0000
ROA not before: Sat 12 Jul 2025 00:41:37 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30210 (0x7602)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 12 00:41:37 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=945B1ADF2FB1C427216B852BF39BF8FF085943DD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:3b:40:07:98:c5:05:47:ca:07:d8:21:dc:c8:
ce:8a:b4:7a:f6:c0:6d:ba:88:60:ed:57:c0:54:1c:
01:ef:9c:09:80:01:66:8b:ba:27:89:57:32:0f:fa:
36:09:e7:fc:67:7c:70:29:c4:9a:a3:a9:3e:bf:e5:
49:13:7c:f6:bf:91:59:1c:b2:f0:1c:f0:a0:70:40:
50:37:c3:cd:ad:69:85:94:c0:d4:a6:ed:97:33:e2:
6a:41:29:b0:73:89:e0:d0:79:95:09:0c:5e:66:53:
ea:87:6b:4f:63:a7:ce:86:04:c4:88:c8:1d:11:e1:
34:fa:bf:5e:bd:b8:e4:5e:9c:3d:a4:f5:8e:5f:54:
38:a6:62:4f:0e:cf:85:fa:d5:34:41:42:44:69:d1:
b3:fa:1c:5b:4c:64:79:9c:68:23:bc:46:a4:08:4b:
1a:2c:74:82:83:a0:7c:65:46:a2:48:d5:f0:75:80:
5d:e7:47:7a:11:37:de:bc:6d:77:d8:0e:34:0a:28:
96:82:9b:74:30:78:3e:a7:82:ef:1d:8c:ac:ad:39:
e6:40:49:08:22:32:77:76:a4:b6:80:15:bd:32:a7:
92:b5:c1:73:b4:6d:ec:89:fc:ac:9b:56:08:3d:cf:
5f:6b:17:ec:6f:65:c5:64:cd:f0:f2:e2:47:ae:72:
42:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:5B:1A:DF:2F:B1:C4:27:21:6B:85:2B:F3:9B:F8:FF:08:59:43:DD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/lFsa3y-xxCcha4Ur85v4_whZQ90.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
43:4c:c1:e3:0b:ee:71:4b:7b:4f:df:bc:86:7c:ae:8f:26:56:
8c:51:cc:8d:7f:1b:91:3b:ad:27:61:af:36:fb:ae:03:3b:a4:
84:c7:52:df:e7:38:c3:a3:1e:9b:73:c7:b8:5a:ba:d9:e0:30:
86:46:11:c7:e2:df:13:cb:2f:13:ea:0e:ba:29:22:25:09:27:
aa:18:ed:dc:30:38:21:f7:ca:26:a0:61:16:25:9b:5c:d9:0e:
df:8b:0c:ce:ef:3b:ba:7b:e8:6c:78:f5:75:ff:d6:85:f6:2c:
f5:ef:e2:c8:df:03:17:90:85:0d:9f:cc:11:d4:eb:9c:d9:36:
ce:f5:38:49:f6:b2:63:53:90:f3:34:1a:18:92:58:7d:04:0b:
a9:8f:71:10:f4:12:6a:5d:f2:fa:2a:64:ca:7b:a9:5a:15:b0:
aa:94:58:b0:68:25:59:d2:78:bd:c9:60:d8:d2:9f:bc:fc:87:
22:b6:d0:aa:16:83:41:f7:25:1d:bd:47:a4:62:f5:75:9f:d4:
4f:c3:e6:96:e8:5f:42:cb:78:df:b6:ca:31:c7:af:96:9f:1c:
2e:e3:bb:24:d7:43:17:01:e9:7c:b8:b4:42:60:c7:a4:aa:e6:
ad:ce:b7:ba:24:1a:10:71:50:d1:e8:ab:87:11:bd:f8:90:c6:
e3:60:64:de
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdgIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTIw
MDQxMzdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDk0NUIxQURGMkZCMUM0
MjcyMTZCODUyQkYzOUJGOEZGMDg1OTQzREQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDNO0AHmMUFR8oH2CHcyM6KtHr2wG26iGDtV8BUHAHvnAmAAWaL
uieJVzIP+jYJ5/xnfHApxJqjqT6/5UkTfPa/kVkcsvAc8KBwQFA3w82taYWUwNSm
7Zcz4mpBKbBzieDQeZUJDF5mU+qHa09jp86GBMSIyB0R4TT6v169uORenD2k9Y5f
VDimYk8Oz4X61TRBQkRp0bP6HFtMZHmcaCO8RqQISxosdIKDoHxlRqJI1fB1gF3n
R3oRN968bXfYDjQKKJaCm3QweD6ngu8djKytOeZASQgiMnd2pLaAFb0yp5K1wXO0
beyJ/KybVgg9z19rF+xvZcVkzfDy4keuckIhAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUlFsa3y+xxCcha4Ur85v4/whZQ90wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2xGc2EzeS14eENjaGE0
VXI4NXY0X3doWlE5MC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBDTMHj
C+5xS3tP37yGfK6PJlaMUcyNfxuRO60nYa82+64DO6SEx1Lf5zjDox6bc8e4WrrZ
4DCGRhHH4t8Tyy8T6g66KSIlCSeqGO3cMDgh98omoGEWJZtc2Q7fiwzO7zu6e+hs
ePV1/9aF9iz17+LI3wMXkIUNn8wR1Ouc2TbO9ThJ9rJjU5DzNBoYklh9BAupj3EQ
9BJqXfL6KmTKe6laFbCqlFiwaCVZ0ni9yWDY0p+8/IcittCqFoNB9yUdvUekYvV1
n9RPw+aW6F9Cy3jftsoxx6+Wnxwu47sk10MXAel8uLRCYMekquatzre6JBoQcVDR
6KuHEb34kMbjYGTe
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:41:14 2025 by rpki-client