Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/5LKjKah0lLeU9uTClLk-O4yjwls.roa
File: 5LKjKah0lLeU9uTClLk-O4yjwls.roa (raw, json)
Hash identifier: MLZbTR2VxpXvjc3mz5DJ7pRoz7f0kgbl+aBE7j/X2Z0=
Subject key identifier: E4:B2:A3:29:A8:74:94:B7:94:F6:E4:C2:94:B9:3E:3B:8C:A3:C2:5B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 68A6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/5LKjKah0lLeU9uTClLk-O4yjwls.roa
Signing time: Fri 06 Jun 2025 03:41:44 +0000
ROA not before: Fri 06 Jun 2025 03:41:44 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26790 (0x68a6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 6 03:41:44 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=E4B2A329A87494B794F6E4C294B93E3B8CA3C25B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:b1:33:b2:37:0d:2e:92:eb:48:52:51:b4:12:
1f:9e:0e:96:77:4d:c8:b1:5c:f5:57:46:ab:2e:02:
76:84:db:3b:11:cf:a2:d1:ce:4f:2d:47:28:65:96:
e9:ec:cf:71:4d:35:a4:11:77:3a:4b:68:b6:3b:71:
21:3a:0f:e0:c8:43:9b:3c:48:f6:c8:b8:78:1a:b7:
88:c4:f5:09:d6:5d:e6:a0:d6:1f:53:90:90:01:5d:
96:e3:5c:3a:0f:b9:a2:a7:c0:c7:ac:25:1a:ab:7c:
bb:5b:8e:f7:a1:7b:dd:0a:24:ed:31:29:ce:ea:1a:
8f:5a:b6:96:68:13:5e:15:49:27:96:50:dc:69:9d:
fb:80:57:93:3a:28:81:49:a6:43:b5:dd:c8:24:82:
a6:d2:59:10:d3:4e:22:d7:5f:ac:b3:bf:50:a1:6d:
4b:dd:40:1b:65:ee:e1:7c:ea:5f:bf:6d:42:41:1e:
12:78:1c:39:f0:54:a9:23:db:1f:d3:fc:26:04:1b:
49:47:56:b6:7f:ee:22:3d:ea:90:80:05:30:3c:e5:
d1:8f:60:1a:b9:a6:29:ac:98:2a:9c:a0:37:22:f0:
23:dd:38:03:41:c9:ab:a6:4f:7c:43:1e:8d:4c:10:
bf:00:01:aa:42:f5:08:2d:81:9f:0d:b3:20:73:ed:
49:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E4:B2:A3:29:A8:74:94:B7:94:F6:E4:C2:94:B9:3E:3B:8C:A3:C2:5B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/5LKjKah0lLeU9uTClLk-O4yjwls.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
37:ff:9a:c6:ae:a6:d9:93:ff:3e:fa:fd:ce:bf:e2:2b:93:57:
66:c3:b6:ec:c9:ce:5f:ee:ef:70:c9:46:bf:c0:d7:31:76:ad:
2d:d3:15:d6:45:38:05:d5:48:16:c0:5a:01:1a:07:b2:3e:75:
b8:35:c4:39:7d:75:c4:94:93:26:dc:73:b1:3e:a1:ee:95:c0:
40:1b:53:22:cd:fe:89:8c:ab:72:a5:14:c0:16:c0:3f:9d:fc:
0f:88:d1:68:98:23:e6:3d:58:65:1a:79:69:32:22:af:30:06:
c9:0b:d8:be:32:42:c4:9f:0c:44:91:c4:47:70:9f:15:33:e1:
14:43:bf:86:cd:7a:b5:da:70:41:86:c4:2c:a6:db:5e:28:3c:
c6:e1:2c:5c:85:3a:c1:32:d1:b6:83:56:75:5c:8f:92:e7:1a:
42:9b:10:3e:04:bb:f5:f3:e7:0a:4d:db:40:42:14:9c:4e:1f:
e9:22:5c:94:1a:fe:38:c1:6e:c1:32:46:30:2e:4e:0c:91:b8:
15:91:97:c8:83:23:5f:c7:99:b2:f6:64:e5:12:19:af:31:7c:
84:98:74:bf:fb:9a:fe:54:4e:d1:b3:95:43:a2:43:db:a1:92:
65:59:c4:86:68:15:26:af:7f:27:d0:93:e5:71:47:42:43:1d:
be:c4:01:c6
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICaKYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDYw
MzQxNDRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEU0QjJBMzI5QTg3NDk0
Qjc5NEY2RTRDMjk0QjkzRTNCOENBM0MyNUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDYsTOyNw0ukutIUlG0Eh+eDpZ3TcixXPVXRqsuAnaE2zsRz6LR
zk8tRyhllunsz3FNNaQRdzpLaLY7cSE6D+DIQ5s8SPbIuHgat4jE9QnWXeag1h9T
kJABXZbjXDoPuaKnwMesJRqrfLtbjvehe90KJO0xKc7qGo9atpZoE14VSSeWUNxp
nfuAV5M6KIFJpkO13cgkgqbSWRDTTiLXX6yzv1ChbUvdQBtl7uF86l+/bUJBHhJ4
HDnwVKkj2x/T/CYEG0lHVrZ/7iI96pCABTA85dGPYBq5pimsmCqcoDci8CPdOANB
yaumT3xDHo1MEL8AAapC9QgtgZ8NsyBz7Un3AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU5LKjKah0lLeU9uTClLk+O4yjwlswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzVMS2pLYWgwbExlVTl1
VENsTGstTzR5andscy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQA3/5rG
rqbZk/8++v3Ov+Irk1dmw7bsyc5f7u9wyUa/wNcxdq0t0xXWRTgF1UgWwFoBGgey
PnW4NcQ5fXXElJMm3HOxPqHulcBAG1Mizf6JjKtypRTAFsA/nfwPiNFomCPmPVhl
GnlpMiKvMAbJC9i+MkLEnwxEkcRHcJ8VM+EUQ7+GzXq12nBBhsQsptteKDzG4Sxc
hTrBMtG2g1Z1XI+S5xpCmxA+BLv18+cKTdtAQhScTh/pIlyUGv44wW7BMkYwLk4M
kbgVkZfIgyNfx5my9mTlEhmvMXyEmHS/+5r+VE7Rs5VDokPboZJlWcSGaBUmr38n
0JPlcUdCQx2+xAHG
-----END CERTIFICATE-----
Generated at Sun Jun 22 00:23:37 2025 by rpki-client