Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ln956mzLIfLdGkB_joDbUCofKyM.roa
File: ln956mzLIfLdGkB_joDbUCofKyM.roa (raw, json)
Hash identifier: 8xKd79Ra1smzfZIaMx8NXTuBu1uGSoNBAB421mR+MvE=
Subject key identifier: 96:7F:79:EA:6C:CB:21:F2:DD:1A:40:7F:8E:80:DB:50:2A:1F:2B:23
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 775A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ln956mzLIfLdGkB_joDbUCofKyM.roa
Signing time: Tue 15 Jul 2025 14:44:37 +0000
ROA not before: Tue 15 Jul 2025 14:44:37 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30554 (0x775a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 15 14:44:37 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=967F79EA6CCB21F2DD1A407F8E80DB502A1F2B23
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:e9:1b:f0:3a:4d:5b:c6:2b:4b:07:55:78:5e:
c0:69:cc:b1:ba:53:a7:af:f5:e2:47:e6:80:24:2b:
93:2a:44:b8:6a:44:ce:de:6c:b6:c3:44:86:20:fb:
f5:53:df:0a:63:28:0e:44:9e:b1:00:54:7e:a4:dc:
6d:e8:29:44:f3:82:59:30:ec:4a:d2:de:55:40:64:
3e:76:8b:b1:32:6a:a6:dd:e9:8a:ae:c7:9a:38:2d:
95:c5:9b:ab:7c:3e:0b:d7:0d:eb:10:40:b8:af:6e:
ad:77:6f:f6:58:88:1c:bf:96:4c:15:c4:fb:07:0b:
60:88:19:a9:53:db:64:ca:cf:77:ec:8f:90:ed:a0:
fc:7f:b3:f6:ed:ba:62:9c:7c:de:37:c6:fb:cd:8d:
7e:74:b5:10:a6:23:f9:6f:d3:22:c0:de:eb:40:1d:
9e:bb:4d:5d:dd:b9:d5:d5:26:45:67:dc:54:40:dd:
bd:f0:21:5d:42:3f:60:e8:30:61:e9:b5:80:7a:bb:
58:d2:1f:28:da:db:8b:f1:0a:37:d1:bf:66:73:6c:
d7:c8:98:c7:28:39:e7:13:d6:79:fb:76:9f:22:74:
f0:2c:68:1b:71:d6:74:fd:8f:0a:1a:90:50:4c:97:
12:3d:ec:d7:fc:1e:e6:16:c8:c5:e9:76:22:fb:b7:
ca:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:7F:79:EA:6C:CB:21:F2:DD:1A:40:7F:8E:80:DB:50:2A:1F:2B:23
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ln956mzLIfLdGkB_joDbUCofKyM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
36:26:6f:a2:05:fb:41:fb:3c:dc:ef:e8:42:56:b5:26:6e:d7:
c7:aa:e4:3a:68:38:41:46:32:2c:52:4b:17:9e:36:92:23:a5:
8a:ae:e6:c4:f1:be:0a:9b:11:14:ab:3f:38:fc:1d:11:5a:81:
cb:83:ba:23:d9:a6:4b:4c:76:90:70:87:ed:c0:33:d9:dc:dc:
e8:cc:7f:48:bb:5b:28:dc:e0:43:52:3c:3e:29:a9:80:23:a7:
c8:6a:63:ec:2c:5c:f4:09:5d:b7:6a:1b:66:0d:aa:2f:59:84:
b1:f3:ab:d0:be:5c:c4:4d:11:49:32:32:f1:70:cc:ad:00:ad:
ba:63:73:ab:8a:9b:f3:db:07:7f:89:44:ec:f5:c4:4d:15:f1:
1d:b8:43:4e:90:cb:c3:3e:9d:34:69:00:e4:29:06:6f:7e:ff:
0c:27:54:5c:92:4f:5b:28:20:a5:8c:b1:58:52:73:0c:83:72:
ca:65:3c:a8:c8:01:47:93:e2:d8:01:c5:45:2c:63:e5:52:35:
52:50:ff:a0:c2:8f:61:9c:b5:63:1a:14:3a:2c:ed:e7:e7:50:
71:31:82:59:8b:0c:3a:96:fd:db:3c:ce:1c:69:99:d6:04:db:
1a:8c:a2:53:51:c6:92:79:b2:ab:36:d6:2f:2d:17:0c:54:53:
e1:35:cf:ee
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICd1owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTUx
NDQ0MzdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDk2N0Y3OUVBNkNDQjIx
RjJERDFBNDA3RjhFODBEQjUwMkExRjJCMjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDc6RvwOk1bxitLB1V4XsBpzLG6U6ev9eJH5oAkK5MqRLhqRM7e
bLbDRIYg+/VT3wpjKA5EnrEAVH6k3G3oKUTzglkw7ErS3lVAZD52i7Eyaqbd6Yqu
x5o4LZXFm6t8PgvXDesQQLivbq13b/ZYiBy/lkwVxPsHC2CIGalT22TKz3fsj5Dt
oPx/s/btumKcfN43xvvNjX50tRCmI/lv0yLA3utAHZ67TV3dudXVJkVn3FRA3b3w
IV1CP2DoMGHptYB6u1jSHyja24vxCjfRv2ZzbNfImMcoOecT1nn7dp8idPAsaBtx
1nT9jwoakFBMlxI97Nf8HuYWyMXpdiL7t8orAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUln956mzLIfLdGkB/joDbUCofKyMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2xuOTU2bXpMSWZMZEdr
Ql9qb0RiVUNvZkt5TS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA2Jm+i
BftB+zzc7+hCVrUmbtfHquQ6aDhBRjIsUksXnjaSI6WKrubE8b4KmxEUqz84/B0R
WoHLg7oj2aZLTHaQcIftwDPZ3NzozH9Iu1so3OBDUjw+KamAI6fIamPsLFz0CV23
ahtmDaovWYSx86vQvlzETRFJMjLxcMytAK26Y3Oripvz2wd/iUTs9cRNFfEduENO
kMvDPp00aQDkKQZvfv8MJ1Rckk9bKCCljLFYUnMMg3LKZTyoyAFHk+LYAcVFLGPl
UjVSUP+gwo9hnLVjGhQ6LO3n51BxMYJZiww6lv3bPM4caZnWBNsajKJTUcaSebKr
NtYvLRcMVFPhNc/u
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:34:04 2025 by rpki-client