Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/mfLTdRHEZabU1JGUXb9VFKdIv9Y.roa
File: mfLTdRHEZabU1JGUXb9VFKdIv9Y.roa (raw, json)
Hash identifier: i7bG0RlKQEUuTdg/Ycq1nuKXA9+8PPdV1mEHrzKFKuw=
Subject key identifier: 99:F2:D3:75:11:C4:65:A6:D4:D4:91:94:5D:BF:55:14:A7:48:BF:D6
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 786C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/mfLTdRHEZabU1JGUXb9VFKdIv9Y.roa
Signing time: Fri 18 Jul 2025 11:14:51 +0000
ROA not before: Fri 18 Jul 2025 11:14:51 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30828 (0x786c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 18 11:14:51 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=99F2D37511C465A6D4D491945DBF5514A748BFD6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:52:ee:ba:a7:21:26:70:65:5a:89:e7:c2:17:
02:30:2d:46:9a:71:5e:26:3b:79:7e:b6:ad:ee:ef:
00:12:b9:3a:ef:9d:76:4c:6f:e2:10:fb:74:a7:53:
3d:45:75:e1:e2:58:5b:c6:49:e2:f2:da:d6:10:f6:
3d:a7:8a:56:cb:06:15:15:e4:51:aa:9d:5c:df:44:
90:bc:e3:3f:09:26:0e:49:bc:a3:ab:fa:91:9d:44:
1a:ce:c2:8a:01:8b:40:33:59:f4:c6:2b:a5:e8:cc:
44:3b:90:c0:d9:ff:0f:eb:eb:d8:99:c1:c0:51:0f:
28:12:c4:5a:5d:2b:92:b7:d0:52:d9:e5:c4:78:7b:
7f:ee:a4:ed:d2:d9:8f:4f:37:fd:64:4a:7d:19:2c:
17:7e:ce:eb:db:04:a0:7f:df:5e:72:c4:0c:25:97:
15:12:82:29:af:3d:b6:04:f5:05:29:05:1a:4c:54:
b8:b6:60:2b:5e:d4:ea:9c:37:fa:5d:3e:83:59:68:
25:c5:f3:bf:92:cc:f0:71:b3:57:a6:af:15:3e:07:
1f:b1:0e:e6:b5:31:35:bc:20:ff:23:e5:15:c0:bf:
a1:83:c0:48:4c:41:52:2d:1f:fe:d0:9e:7c:3f:85:
3e:0c:87:4e:76:cc:08:e4:2f:13:12:bf:89:43:7b:
3a:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:F2:D3:75:11:C4:65:A6:D4:D4:91:94:5D:BF:55:14:A7:48:BF:D6
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/mfLTdRHEZabU1JGUXb9VFKdIv9Y.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
0f:d3:dc:eb:01:96:c9:cf:5e:0f:0c:bf:22:e6:f4:14:e9:17:
6e:90:17:a9:c6:ed:d6:ea:83:4f:ca:50:1e:7d:6b:35:f9:0e:
d3:3f:a4:f3:83:cf:0d:00:2d:36:a5:7c:97:43:af:57:f0:b4:
fc:c5:29:52:af:c6:76:54:a7:b0:2a:6a:1b:00:29:66:25:48:
ed:8c:8f:e3:67:0c:96:20:3c:6d:88:32:06:96:4f:92:05:a5:
ca:4b:17:db:30:6a:64:02:28:cf:2a:08:e0:98:79:ba:66:38:
29:05:fc:f7:b2:65:c1:93:4a:4a:0e:3d:7c:c7:75:8a:4a:82:
68:0a:4e:0f:23:c6:78:4f:28:0c:86:ad:55:d4:36:42:47:f4:
8d:ff:ec:b9:8e:65:bd:c8:ca:3e:55:e8:d1:07:cd:fc:aa:52:
86:2d:0f:27:71:96:af:03:f4:1e:9c:a2:83:50:51:ce:d0:d8:
91:d6:ef:c2:48:3f:4f:2e:fe:48:d9:a6:f7:26:65:4c:21:89:
bf:c1:d0:81:9f:e0:e0:b0:99:e5:5b:ca:c7:5f:86:a6:f5:84:
b0:af:9d:da:55:ef:9a:b5:a7:4f:7a:61:71:b9:ff:7b:f6:43:
63:3f:d1:cc:24:fd:c2:83:31:be:cf:23:5b:47:56:e9:d1:1a:
52:4c:2c:38
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICeGwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTgx
MTE0NTFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDk5RjJEMzc1MTFDNDY1
QTZENEQ0OTE5NDVEQkY1NTE0QTc0OEJGRDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDXUu66pyEmcGVaiefCFwIwLUaacV4mO3l+tq3u7wASuTrvnXZM
b+IQ+3SnUz1FdeHiWFvGSeLy2tYQ9j2nilbLBhUV5FGqnVzfRJC84z8JJg5JvKOr
+pGdRBrOwooBi0AzWfTGK6XozEQ7kMDZ/w/r69iZwcBRDygSxFpdK5K30FLZ5cR4
e3/upO3S2Y9PN/1kSn0ZLBd+zuvbBKB/315yxAwllxUSgimvPbYE9QUpBRpMVLi2
YCte1OqcN/pdPoNZaCXF87+SzPBxs1emrxU+Bx+xDua1MTW8IP8j5RXAv6GDwEhM
QVItH/7Qnnw/hT4Mh052zAjkLxMSv4lDezqvAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUmfLTdRHEZabU1JGUXb9VFKdIv9YwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L21mTFRkUkhFWmFiVTFK
R1VYYjlWRktkSXY5WS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAP09zr
AZbJz14PDL8i5vQU6RdukBepxu3W6oNPylAefWs1+Q7TP6Tzg88NAC02pXyXQ69X
8LT8xSlSr8Z2VKewKmobAClmJUjtjI/jZwyWIDxtiDIGlk+SBaXKSxfbMGpkAijP
KgjgmHm6ZjgpBfz3smXBk0pKDj18x3WKSoJoCk4PI8Z4TygMhq1V1DZCR/SN/+y5
jmW9yMo+VejRB838qlKGLQ8ncZavA/QenKKDUFHO0NiR1u/CSD9PLv5I2ab3JmVM
IYm/wdCBn+DgsJnlW8rHX4am9YSwr53aVe+atadPemFxuf979kNjP9HMJP3CgzG+
zyNbR1bp0RpSTCw4
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:46:49 2025 by rpki-client