Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/lTDMz_ixf84C0o_7DwokEgwp-Ms.roa
File: lTDMz_ixf84C0o_7DwokEgwp-Ms.roa (raw, json)
Hash identifier: 0iu3ziOL4FUduK8QlRilouikrJd0+5196Hr8sdz1Eb8=
Subject key identifier: 95:30:CC:CF:F8:B1:7F:CE:02:D2:8F:FB:0F:0A:24:12:0C:29:F8:CB
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 72BC
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/lTDMz_ixf84C0o_7DwokEgwp-Ms.roa
Signing time: Thu 03 Jul 2025 06:44:53 +0000
ROA not before: Thu 03 Jul 2025 06:44:53 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29372 (0x72bc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 3 06:44:53 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=9530CCCFF8B17FCE02D28FFB0F0A24120C29F8CB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:e8:27:1f:d2:0f:9c:1e:ff:8b:06:d1:50:65:
e8:3f:9d:b5:ee:7e:43:6c:fb:03:8b:ba:c5:d1:ff:
33:b0:99:0d:c1:04:ba:e0:95:33:6f:b7:b4:eb:1d:
e4:69:df:6e:32:66:49:c5:d5:c1:a5:00:8b:55:ab:
b1:98:59:79:f4:5b:52:dd:e9:fa:43:c4:89:0f:d7:
91:a7:17:9c:df:b7:5e:34:7a:35:02:d9:79:46:40:
a5:96:95:f8:30:19:91:49:08:a7:3f:4d:54:b5:24:
32:89:49:a5:d8:fe:50:a8:82:8d:6a:94:0a:9e:f5:
fc:4f:d1:ab:70:f8:2e:8e:27:52:a3:f0:5d:50:a7:
cb:1f:ba:2a:ac:09:e0:08:91:b3:3f:5e:a1:bb:69:
f3:8d:fd:1c:2c:39:fd:8f:1a:25:1c:63:71:30:d4:
ef:29:dc:9b:da:a9:c5:ac:cd:a7:01:a2:e3:5b:4f:
13:69:b7:55:22:b1:3d:dc:32:ff:ce:1b:e5:04:b8:
f5:24:39:b1:1e:8f:3f:9a:1d:86:2a:5d:7e:a5:6b:
4e:5e:ed:08:7a:c4:d5:d0:f1:4f:a3:79:3c:0a:e3:
54:38:56:59:f4:ef:83:ca:1c:61:54:39:b9:23:60:
05:98:a0:30:36:3f:5c:06:3c:60:4c:19:f3:19:02:
43:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:30:CC:CF:F8:B1:7F:CE:02:D2:8F:FB:0F:0A:24:12:0C:29:F8:CB
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/lTDMz_ixf84C0o_7DwokEgwp-Ms.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
7d:35:08:4f:07:ff:0a:bc:cb:6b:c8:c2:e9:d0:b1:56:2a:9a:
fa:83:a3:40:df:c1:77:5d:61:7a:d4:ed:63:9a:d1:6f:f1:65:
c0:90:b2:d8:0d:9e:55:ef:8c:86:7c:7b:66:de:6a:7f:14:b5:
a0:e9:dc:81:98:30:48:f6:b2:99:3a:f7:d2:7b:71:04:aa:74:
3a:48:2e:70:e7:fb:8c:5f:73:ac:c0:00:e1:46:22:98:e7:7b:
df:3a:1a:10:0c:2b:fc:7a:15:b6:38:f7:10:ee:c7:01:97:a9:
90:82:c8:2e:19:1c:05:77:36:50:df:dc:8b:47:21:16:90:8e:
43:32:50:e1:27:b7:a2:e7:47:31:07:f3:d1:47:95:d3:a2:58:
de:30:c4:68:50:7c:ef:92:6b:38:a4:47:18:a4:56:70:ad:fe:
f4:d0:d6:da:54:a3:85:39:c4:26:19:e2:5d:43:d4:89:3b:2b:
0c:a8:92:8b:41:78:ed:36:65:da:d9:d2:a3:c8:2a:0b:dc:88:
9b:43:54:2a:05:cd:f2:b4:73:f1:11:ce:ad:32:0b:27:85:0c:
16:38:59:f8:77:a8:27:88:f1:e4:0d:e8:7d:18:96:8a:26:6c:
3c:64:fe:f6:4a:ca:80:bc:47:5e:70:cd:2c:25:1a:02:a7:4d:
3a:80:19:df
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcrwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDMw
NjQ0NTNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDk1MzBDQ0NGRjhCMTdG
Q0UwMkQyOEZGQjBGMEEyNDEyMEMyOUY4Q0IwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC06Ccf0g+cHv+LBtFQZeg/nbXufkNs+wOLusXR/zOwmQ3BBLrg
lTNvt7TrHeRp324yZknF1cGlAItVq7GYWXn0W1Ld6fpDxIkP15GnF5zft140ejUC
2XlGQKWWlfgwGZFJCKc/TVS1JDKJSaXY/lCogo1qlAqe9fxP0atw+C6OJ1Kj8F1Q
p8sfuiqsCeAIkbM/XqG7afON/RwsOf2PGiUcY3Ew1O8p3JvaqcWszacBouNbTxNp
t1UisT3cMv/OG+UEuPUkObEejz+aHYYqXX6la05e7Qh6xNXQ8U+jeTwK41Q4Vln0
74PKHGFUObkjYAWYoDA2P1wGPGBMGfMZAkN9AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUlTDMz/ixf84C0o/7DwokEgwp+MswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2xURE16X2l4Zjg0QzBv
XzdEd29rRWd3cC1Ncy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB9NQhP
B/8KvMtryMLp0LFWKpr6g6NA38F3XWF61O1jmtFv8WXAkLLYDZ5V74yGfHtm3mp/
FLWg6dyBmDBI9rKZOvfSe3EEqnQ6SC5w5/uMX3OswADhRiKY53vfOhoQDCv8ehW2
OPcQ7scBl6mQgsguGRwFdzZQ39yLRyEWkI5DMlDhJ7ei50cxB/PRR5XToljeMMRo
UHzvkms4pEcYpFZwrf700NbaVKOFOcQmGeJdQ9SJOysMqJKLQXjtNmXa2dKjyCoL
3IibQ1QqBc3ytHPxEc6tMgsnhQwWOFn4d6gniPHkDeh9GJaKJmw8ZP72SsqAvEde
cM0sJRoCp006gBnf
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:37:37 2025 by rpki-client