Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/lU62zLbr_lIeZdBonx7CFzAcq3g.roa
File: lU62zLbr_lIeZdBonx7CFzAcq3g.roa (raw, json)
Hash identifier: ozlphphCHnVYZZAyi24+rtqBXq/gDBwZbgCFsUGcgZE=
Subject key identifier: 95:4E:B6:CC:B6:EB:FE:52:1E:65:D0:68:9F:1E:C2:17:30:1C:AB:78
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6350
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/lU62zLbr_lIeZdBonx7CFzAcq3g.roa
Signing time: Thu 22 May 2025 22:10:48 +0000
ROA not before: Thu 22 May 2025 22:10:48 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25424 (0x6350)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 22 22:10:48 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=954EB6CCB6EBFE521E65D0689F1EC217301CAB78
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:79:2f:74:85:66:1b:31:60:7e:d4:b1:53:44:
94:b0:f4:85:cf:1c:0b:b3:59:f7:56:f4:ec:03:ef:
76:3f:1e:f8:84:11:5f:13:20:09:62:1f:0a:ee:3f:
f4:cb:82:67:93:b2:96:14:fe:43:6b:85:e5:83:d2:
05:a7:24:72:e9:73:df:7a:6b:63:3a:ef:a0:8d:21:
32:01:26:12:24:2c:4a:af:f0:9a:d9:6d:1a:ab:05:
71:f9:99:51:bc:a5:2a:fc:c8:a1:40:c7:6b:b7:39:
73:ec:37:68:18:a8:02:89:d5:ff:ec:3e:de:07:9a:
2c:26:3a:ce:ef:71:41:b5:c6:c1:14:3a:82:ba:d5:
88:98:b2:b4:47:ff:bf:90:f8:4f:30:b9:7c:c9:ef:
3a:8d:31:8a:38:24:f7:75:88:5c:ab:ce:71:df:42:
1e:3b:26:0a:86:6f:7b:2b:ef:5a:c9:59:6a:a4:f3:
7f:86:2d:a3:23:5a:5c:92:13:4b:b4:e8:e9:03:04:
d1:51:d2:be:19:a2:5c:fc:9d:85:78:b1:8f:61:3e:
41:b8:fc:54:65:25:12:50:ff:b1:ee:82:10:5d:c3:
61:73:87:65:dc:7a:3a:b7:8b:6b:f5:84:da:1b:35:
74:48:f0:1c:37:8a:cd:ff:61:00:ee:74:ed:ed:a5:
76:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:4E:B6:CC:B6:EB:FE:52:1E:65:D0:68:9F:1E:C2:17:30:1C:AB:78
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/lU62zLbr_lIeZdBonx7CFzAcq3g.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
70:2a:b7:2a:31:6d:e8:ef:80:16:07:d0:51:57:b8:d2:6c:af:
5f:e4:d1:a6:df:bb:03:c9:08:57:20:69:8b:90:6a:3d:d1:d7:
04:91:49:26:b1:ec:7e:c9:3d:1b:08:5d:7f:96:9b:21:e8:8e:
80:12:22:b4:8b:46:50:40:53:42:80:52:d3:be:56:8a:85:55:
1a:fb:83:34:71:b2:fc:6e:9d:50:3d:9d:c3:37:6a:31:9f:41:
d2:a1:cc:b1:b9:ca:64:63:00:26:0e:e0:c1:c9:fe:c5:7f:02:
0d:d6:1c:1c:dc:3b:8a:b1:56:8c:22:ce:c3:2d:82:9e:73:a2:
12:b0:13:6b:7b:ae:ce:62:a5:83:7e:1d:00:14:64:3b:36:3b:
b0:42:e5:ad:9f:d3:e6:6a:5c:29:85:2e:ea:08:32:e9:26:07:
c5:c6:58:db:77:48:f3:30:39:d1:c8:25:f3:d3:52:33:37:73:
e5:f6:8c:69:c7:fb:ef:ad:f0:6f:fe:71:de:d5:a0:4e:73:1f:
3b:ce:0a:3e:14:ea:78:74:85:53:e7:39:e3:04:64:0c:23:cd:
b4:82:62:a7:ae:19:80:b7:dc:de:1b:e7:93:0c:90:ee:20:c8:
86:af:bb:27:c0:3e:38:42:e4:62:0a:3b:c9:be:a9:db:41:39:
98:57:15:9b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICY1AwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjIy
MjEwNDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDk1NEVCNkNDQjZFQkZF
NTIxRTY1RDA2ODlGMUVDMjE3MzAxQ0FCNzgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCteS90hWYbMWB+1LFTRJSw9IXPHAuzWfdW9OwD73Y/HviEEV8T
IAliHwruP/TLgmeTspYU/kNrheWD0gWnJHLpc996a2M676CNITIBJhIkLEqv8JrZ
bRqrBXH5mVG8pSr8yKFAx2u3OXPsN2gYqAKJ1f/sPt4HmiwmOs7vcUG1xsEUOoK6
1YiYsrRH/7+Q+E8wuXzJ7zqNMYo4JPd1iFyrznHfQh47JgqGb3sr71rJWWqk83+G
LaMjWlySE0u06OkDBNFR0r4Zolz8nYV4sY9hPkG4/FRlJRJQ/7HughBdw2Fzh2Xc
ejq3i2v1hNobNXRI8Bw3is3/YQDudO3tpXaDAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUlU62zLbr/lIeZdBonx7CFzAcq3gwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2xVNjJ6TGJyX2xJZVpk
Qm9ueDdDRnpBY3EzZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBwKrcq
MW3o74AWB9BRV7jSbK9f5NGm37sDyQhXIGmLkGo90dcEkUkmsex+yT0bCF1/lpsh
6I6AEiK0i0ZQQFNCgFLTvlaKhVUa+4M0cbL8bp1QPZ3DN2oxn0HSocyxucpkYwAm
DuDByf7FfwIN1hwc3DuKsVaMIs7DLYKec6ISsBNre67OYqWDfh0AFGQ7NjuwQuWt
n9PmalwphS7qCDLpJgfFxljbd0jzMDnRyCXz01IzN3Pl9oxpx/vvrfBv/nHe1aBO
cx87zgo+FOp4dIVT5znjBGQMI820gmKnrhmAt9zeG+eTDJDuIMiGr7snwD44QuRi
CjvJvqnbQTmYVxWb
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:04:00 2025 by rpki-client