Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/lrYUMSzQlgRDf_uUWDD1hL6TYIQ.roa
File: lrYUMSzQlgRDf_uUWDD1hL6TYIQ.roa (raw, json)
Hash identifier: XAmftFz23ldBXGwBh9nUqAOU8NfSW+vZ3sOemMrQuSs=
Subject key identifier: 96:B6:14:31:2C:D0:96:04:43:7F:FB:94:58:30:F5:84:BE:93:60:84
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7756
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/lrYUMSzQlgRDf_uUWDD1hL6TYIQ.roa
Signing time: Tue 15 Jul 2025 13:41:53 +0000
ROA not before: Tue 15 Jul 2025 13:41:53 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30550 (0x7756)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 15 13:41:53 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=96B614312CD09604437FFB945830F584BE936084
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:b8:1d:89:fd:86:0e:0e:15:e1:c3:b6:80:48:
30:7a:12:08:c4:c9:53:ba:b7:89:5c:25:d2:5c:40:
25:ee:c8:50:ca:82:2f:96:50:6a:b4:ec:ed:2c:ba:
2f:7e:74:6a:e9:0e:fc:44:07:68:dc:bf:00:a2:55:
19:4f:da:ba:f9:1f:b6:ca:d6:15:2c:ed:25:99:61:
21:73:eb:1e:d8:ba:c0:ee:ce:68:a6:25:79:0e:99:
37:05:f1:f8:05:e6:d5:b3:3f:99:c3:df:37:89:00:
89:b3:31:46:50:05:20:0e:09:06:96:ad:df:44:31:
9b:a8:61:ef:5d:a4:05:9a:1c:cf:0b:86:ce:b7:03:
2b:73:2c:31:97:56:d0:3a:10:92:b4:03:4a:24:25:
62:b8:ac:bb:1b:34:a1:22:78:17:ab:67:7f:99:57:
b4:7a:6e:17:52:39:8b:ff:28:a1:c1:0f:21:f9:17:
38:d5:45:da:f7:53:66:6c:b0:00:3c:91:30:00:6a:
9d:17:64:81:f8:02:6e:db:88:c6:85:56:20:bb:6d:
66:57:43:55:1d:14:82:19:25:af:8a:ea:6e:82:12:
82:63:9d:2e:8f:2e:4e:8b:6e:77:85:eb:7d:f6:3d:
a2:55:6a:fd:85:fd:38:7c:a6:13:da:bc:ec:54:bc:
d8:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:B6:14:31:2C:D0:96:04:43:7F:FB:94:58:30:F5:84:BE:93:60:84
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/lrYUMSzQlgRDf_uUWDD1hL6TYIQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
37:ea:1e:26:54:e9:69:39:d1:79:5d:16:e0:c6:ef:38:08:1f:
07:d8:dd:0e:bf:39:37:b2:0f:a4:52:dc:f8:f5:96:b5:ce:cf:
9a:02:30:bb:0f:96:1b:d3:e8:58:e7:ae:27:71:76:0d:ba:05:
3f:cc:05:93:d3:a2:1f:89:27:0e:6d:0c:f9:4b:66:1f:85:2e:
59:09:a6:04:03:a5:cb:5d:c1:46:b8:44:97:37:d0:cc:fe:32:
87:b9:b4:be:11:e4:8a:04:b0:17:d6:3c:cf:9b:4e:d5:98:b3:
4b:f3:a4:c8:9e:ce:13:92:f1:2c:60:35:ac:1b:83:c1:c7:d4:
03:61:4f:8e:44:a7:61:3f:4f:fb:cb:73:af:4a:76:ea:45:20:
0b:cb:5a:bf:7d:95:5b:34:f2:6f:55:0a:0c:de:57:63:12:7e:
58:14:10:4e:d6:de:47:64:f9:7d:8d:53:38:0b:79:b8:c6:20:
64:e7:29:e7:23:8c:48:24:a8:1d:88:33:58:57:8d:fb:7d:6c:
5b:7e:12:00:68:ea:60:ee:70:76:35:b7:5c:54:bc:0c:ac:89:
95:a6:a9:37:cc:e8:b5:b3:89:cb:62:6d:01:60:c2:9a:7c:f5:
25:f1:51:0c:23:e4:72:33:14:8d:ef:7b:2a:15:5f:9e:4b:72:
d5:2e:10:bd
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICd1YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTUx
MzQxNTNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDk2QjYxNDMxMkNEMDk2
MDQ0MzdGRkI5NDU4MzBGNTg0QkU5MzYwODQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDUuB2J/YYODhXhw7aASDB6EgjEyVO6t4lcJdJcQCXuyFDKgi+W
UGq07O0sui9+dGrpDvxEB2jcvwCiVRlP2rr5H7bK1hUs7SWZYSFz6x7YusDuzmim
JXkOmTcF8fgF5tWzP5nD3zeJAImzMUZQBSAOCQaWrd9EMZuoYe9dpAWaHM8Lhs63
AytzLDGXVtA6EJK0A0okJWK4rLsbNKEieBerZ3+ZV7R6bhdSOYv/KKHBDyH5FzjV
Rdr3U2ZssAA8kTAAap0XZIH4Am7biMaFViC7bWZXQ1UdFIIZJa+K6m6CEoJjnS6P
Lk6LbneF6332PaJVav2F/Th8phPavOxUvNirAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUlrYUMSzQlgRDf/uUWDD1hL6TYIQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2xyWVVNU3pRbGdSRGZf
dVVXREQxaEw2VFlJUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA36h4m
VOlpOdF5XRbgxu84CB8H2N0Ovzk3sg+kUtz49Za1zs+aAjC7D5Yb0+hY564ncXYN
ugU/zAWT06IfiScObQz5S2YfhS5ZCaYEA6XLXcFGuESXN9DM/jKHubS+EeSKBLAX
1jzPm07VmLNL86TIns4TkvEsYDWsG4PBx9QDYU+ORKdhP0/7y3OvSnbqRSALy1q/
fZVbNPJvVQoM3ldjEn5YFBBO1t5HZPl9jVM4C3m4xiBk5ynnI4xIJKgdiDNYV437
fWxbfhIAaOpg7nB2NbdcVLwMrImVpqk3zOi1s4nLYm0BYMKafPUl8VEMI+RyMxSN
73sqFV+eS3LVLhC9
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:35:01 2025 by rpki-client