Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/-lsKnEXxK2LtCaDVoVsyB_74SEY.roa
File: -lsKnEXxK2LtCaDVoVsyB_74SEY.roa (raw, json)
Hash identifier: jCFB5ajElPnyFGZnODsoQ2dIYZg9n6MrN+vC3O5tR48=
Subject key identifier: FA:5B:0A:9C:45:F1:2B:62:ED:09:A0:D5:A1:5B:32:07:FE:F8:48:46
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 690A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-lsKnEXxK2LtCaDVoVsyB_74SEY.roa
Signing time: Sat 07 Jun 2025 04:41:52 +0000
ROA not before: Sat 07 Jun 2025 04:41:52 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26890 (0x690a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 7 04:41:52 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=FA5B0A9C45F12B62ED09A0D5A15B3207FEF84846
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:bb:a9:70:53:4a:03:1a:99:ae:68:a4:ca:81:
e5:88:70:71:98:44:72:79:d8:d4:43:90:b4:0b:18:
a2:e6:39:29:19:92:33:bb:2b:85:87:c9:d7:c0:1e:
7a:3a:05:b9:f3:f8:da:b5:ce:6c:66:d2:28:e1:94:
ca:9f:db:ea:dd:4f:fd:59:4f:85:a9:4b:8a:59:df:
bf:56:88:df:a0:cd:eb:bd:d0:af:b7:0a:fc:e5:ee:
99:f6:fa:43:ed:32:34:24:9e:7a:6e:fa:7c:44:3d:
2f:73:43:eb:5d:26:02:47:6c:15:a6:6b:23:94:16:
9f:e9:f4:6f:e3:58:45:f6:67:aa:24:e3:f6:6a:99:
97:7c:38:32:73:71:22:46:bb:a7:77:e3:31:63:95:
09:ec:98:f8:5d:49:0b:5e:62:f6:f1:7e:47:da:bd:
6e:f2:2e:af:91:e4:1d:5f:a3:8c:66:ae:b3:b2:8c:
7d:28:a8:e1:30:af:ed:38:a9:b4:5b:e8:6f:e5:c6:
1a:3b:82:15:b6:59:7f:de:a6:c0:e3:e2:47:c5:94:
b1:05:c7:a9:96:9d:9e:2e:fa:6e:5c:cc:c4:cf:c1:
3b:a0:49:4a:5b:0c:da:e3:12:91:91:59:4a:ef:7e:
73:b6:88:9a:a7:3b:65:95:49:33:63:1c:81:18:1e:
ab:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:5B:0A:9C:45:F1:2B:62:ED:09:A0:D5:A1:5B:32:07:FE:F8:48:46
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-lsKnEXxK2LtCaDVoVsyB_74SEY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
36:c8:40:3e:9b:32:f6:1c:b4:49:79:84:85:9c:68:ba:f7:fe:
83:e6:3f:a7:08:1d:66:78:71:76:9b:ad:70:bb:5f:c4:2d:69:
9f:32:6a:76:f3:51:04:0c:01:37:96:27:7a:68:b8:d9:f3:c8:
88:b7:89:02:9e:a6:54:6a:70:41:a1:46:d1:d2:87:fd:ce:c9:
f6:54:a9:b4:15:1f:f6:34:ae:00:64:3a:6a:1d:f9:af:2c:d2:
52:88:21:e5:7c:88:2a:2d:ff:8b:64:d1:6b:b8:92:2e:9a:f4:
37:28:52:57:6d:41:93:ef:83:1f:a0:d8:c6:57:fe:f4:5b:ed:
61:f3:57:25:e1:5c:b5:65:2d:e9:ef:fb:69:fb:22:67:ee:70:
f4:e7:e1:fd:57:7b:f7:95:6b:6a:f4:33:f7:11:06:24:7f:ca:
e1:42:fa:1c:5a:af:c9:98:e3:63:50:7b:9e:9e:2d:65:fa:8d:
62:33:74:81:a5:c1:85:a8:26:9c:f0:af:06:cc:b8:19:14:b1:
13:22:1c:f5:99:4d:8a:57:18:99:04:de:31:75:c0:9c:32:78:
98:cb:b4:85:fc:5f:6f:14:21:2a:a8:7e:96:d3:2e:d4:73:5a:
7e:9e:62:0a:59:a2:d3:fb:46:3a:48:b0:3d:2c:40:fd:57:46:
0b:b6:ac:1e
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICaQowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDcw
NDQxNTJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEZBNUIwQTlDNDVGMTJC
NjJFRDA5QTBENUExNUIzMjA3RkVGODQ4NDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDfu6lwU0oDGpmuaKTKgeWIcHGYRHJ52NRDkLQLGKLmOSkZkjO7
K4WHydfAHno6Bbnz+Nq1zmxm0ijhlMqf2+rdT/1ZT4WpS4pZ379WiN+gzeu90K+3
Cvzl7pn2+kPtMjQknnpu+nxEPS9zQ+tdJgJHbBWmayOUFp/p9G/jWEX2Z6ok4/Zq
mZd8ODJzcSJGu6d34zFjlQnsmPhdSQteYvbxfkfavW7yLq+R5B1fo4xmrrOyjH0o
qOEwr+04qbRb6G/lxho7ghW2WX/epsDj4kfFlLEFx6mWnZ4u+m5czMTPwTugSUpb
DNrjEpGRWUrvfnO2iJqnO2WVSTNjHIEYHqsRAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU+lsKnEXxK2LtCaDVoVsyB/74SEYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3Ly1sc0tuRVh4SzJMdENh
RFZvVnN5Ql83NFNFWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA2yEA+
mzL2HLRJeYSFnGi69/6D5j+nCB1meHF2m61wu1/ELWmfMmp281EEDAE3lid6aLjZ
88iIt4kCnqZUanBBoUbR0of9zsn2VKm0FR/2NK4AZDpqHfmvLNJSiCHlfIgqLf+L
ZNFruJIumvQ3KFJXbUGT74MfoNjGV/70W+1h81cl4Vy1ZS3p7/tp+yJn7nD05+H9
V3v3lWtq9DP3EQYkf8rhQvocWq/JmONjUHueni1l+o1iM3SBpcGFqCac8K8GzLgZ
FLETIhz1mU2KVxiZBN4xdcCcMniYy7SF/F9vFCEqqH6W0y7Uc1p+nmIKWaLT+0Y6
SLA9LED9V0YLtqwe
-----END CERTIFICATE-----
Generated at Sat Jun 21 23:11:21 2025 by rpki-client