Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/lrde9ukjMDqnuMTqYt-FKGwagDQ.roa
File: lrde9ukjMDqnuMTqYt-FKGwagDQ.roa (raw, json)
Hash identifier: hXzq1DpNNyfX9w7Q/kevPFByy+N/FkFfRYOuiLQu2n8=
Subject key identifier: 96:B7:5E:F6:E9:23:30:3A:A7:B8:C4:EA:62:DF:85:28:6C:1A:80:34
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6442
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/lrde9ukjMDqnuMTqYt-FKGwagDQ.roa
Signing time: Sun 25 May 2025 10:42:03 +0000
ROA not before: Sun 25 May 2025 10:42:03 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25666 (0x6442)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 25 10:42:03 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=96B75EF6E923303AA7B8C4EA62DF85286C1A8034
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:b5:84:a1:d2:64:b0:a1:a2:cd:55:01:e2:09:
a4:ff:c3:ad:29:de:bb:91:fb:89:86:30:02:9c:dd:
05:bb:9c:57:80:f5:10:cb:b2:a8:70:d0:99:6b:b3:
a9:d3:d4:54:a9:6a:3d:62:8c:66:66:e9:69:17:cd:
77:e1:2f:19:3b:66:c9:7c:fb:0c:b5:a6:cd:03:18:
c2:52:bc:7d:55:0e:4c:aa:dd:f3:07:3a:22:b7:34:
32:14:34:60:92:32:44:bf:ba:66:7f:52:18:b3:d2:
c1:7d:68:4f:f4:ec:45:ef:31:f6:d8:b7:54:ff:a7:
28:fe:23:d0:09:78:a1:3b:73:bf:55:c3:a6:92:b1:
1a:be:de:97:af:8f:40:6f:8d:66:8d:35:23:6e:11:
8f:9d:fc:23:d0:d9:37:dd:70:68:d8:2b:44:2c:6d:
3c:05:be:b3:a1:dd:26:33:94:6a:20:2a:c2:2c:c2:
d9:2f:76:6a:14:01:e0:05:6c:22:7c:34:6a:86:ac:
44:10:66:71:b5:1d:e9:1d:0e:39:06:31:93:76:c4:
c2:7a:91:70:e4:c0:bd:5b:a9:5f:70:b8:a8:67:30:
98:79:00:7e:36:fe:a2:69:e8:b1:6d:1b:f4:25:8a:
c7:23:f5:51:bc:dd:a7:7e:76:9c:61:2c:43:11:28:
01:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:B7:5E:F6:E9:23:30:3A:A7:B8:C4:EA:62:DF:85:28:6C:1A:80:34
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/lrde9ukjMDqnuMTqYt-FKGwagDQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
35:4c:e7:9b:f8:8f:52:cd:f2:f9:60:8f:b4:7f:aa:8d:17:b1:
38:8a:7c:72:f3:8a:b5:52:33:4b:31:5a:29:30:29:ee:74:be:
71:84:23:5a:8f:58:e9:81:9e:df:d8:a5:91:57:bd:de:63:bd:
fb:2a:4f:03:ef:69:1f:0b:b8:13:b8:ab:07:62:4f:64:a7:27:
11:fd:36:1d:9f:27:9c:5c:b8:d5:7f:7d:ad:7b:44:e9:ec:71:
cd:93:95:a4:06:43:be:6f:14:12:71:83:11:40:d4:ba:65:47:
9f:e5:e7:0b:fd:23:20:bc:3b:8e:42:8d:94:92:79:c0:8b:a4:
9b:f6:a9:5b:18:19:66:b2:48:75:cf:03:ea:0f:f1:fa:7a:95:
01:99:8a:a9:23:a0:e3:98:bb:0b:bc:da:a5:dd:37:a7:67:d0:
c1:fb:f7:41:b4:3a:d8:04:ce:5f:63:78:42:88:93:3e:a4:b1:
60:9c:08:fa:86:18:2f:b5:64:5a:ce:32:02:a4:bb:83:08:af:
55:d7:50:c3:a6:6f:55:34:2c:2b:1b:09:e3:2a:5c:e7:60:df:
1a:13:1a:0c:02:c1:49:ba:4b:a4:fe:a4:a8:c6:be:6f:f0:fe:
71:05:f7:8c:c9:28:5a:e1:dc:47:f9:8e:ca:77:4c:99:8f:85:
72:4b:67:0e
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZEIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjUx
MDQyMDNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDk2Qjc1RUY2RTkyMzMw
M0FBN0I4QzRFQTYyREY4NTI4NkMxQTgwMzQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDqtYSh0mSwoaLNVQHiCaT/w60p3ruR+4mGMAKc3QW7nFeA9RDL
sqhw0Jlrs6nT1FSpaj1ijGZm6WkXzXfhLxk7Zsl8+wy1ps0DGMJSvH1VDkyq3fMH
OiK3NDIUNGCSMkS/umZ/Uhiz0sF9aE/07EXvMfbYt1T/pyj+I9AJeKE7c79Vw6aS
sRq+3pevj0BvjWaNNSNuEY+d/CPQ2TfdcGjYK0QsbTwFvrOh3SYzlGogKsIswtkv
dmoUAeAFbCJ8NGqGrEQQZnG1HekdDjkGMZN2xMJ6kXDkwL1bqV9wuKhnMJh5AH42
/qJp6LFtG/Qliscj9VG83ad+dpxhLEMRKAEhAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUlrde9ukjMDqnuMTqYt+FKGwagDQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2xyZGU5dWtqTURxbnVN
VHFZdC1GS0d3YWdEUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA1TOeb
+I9SzfL5YI+0f6qNF7E4inxy84q1UjNLMVopMCnudL5xhCNaj1jpgZ7f2KWRV73e
Y737Kk8D72kfC7gTuKsHYk9kpycR/TYdnyecXLjVf32te0Tp7HHNk5WkBkO+bxQS
cYMRQNS6ZUef5ecL/SMgvDuOQo2UknnAi6Sb9qlbGBlmskh1zwPqD/H6epUBmYqp
I6DjmLsLvNql3TenZ9DB+/dBtDrYBM5fY3hCiJM+pLFgnAj6hhgvtWRazjICpLuD
CK9V11DDpm9VNCwrGwnjKlznYN8aExoMAsFJukuk/qSoxr5v8P5xBfeMySha4dxH
+Y7Kd0yZj4VyS2cO
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:37:04 2025 by rpki-client