Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/L3yJva38pY5i3dDjKQUbRVCBPjI.roa
File: L3yJva38pY5i3dDjKQUbRVCBPjI.roa (raw, json)
Hash identifier: J3cTbdETutH6P3PS2SFFnAJ9aX3h7AA6Z+cqHJZMtNI=
Subject key identifier: 2F:7C:89:BD:AD:FC:A5:8E:62:DD:D0:E3:29:05:1B:45:50:81:3E:32
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 69C0
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/L3yJva38pY5i3dDjKQUbRVCBPjI.roa
Signing time: Mon 09 Jun 2025 02:12:02 +0000
ROA not before: Mon 09 Jun 2025 02:12:02 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27072 (0x69c0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 9 02:12:02 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=2F7C89BDADFCA58E62DDD0E329051B4550813E32
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:48:11:ee:f1:71:c5:93:81:1a:89:49:71:a4:
78:a9:c6:73:9a:8b:fd:03:75:df:56:83:5b:a1:3f:
4f:8f:e4:c9:ef:80:b4:8d:59:09:ed:d8:4a:ac:71:
ac:b4:42:34:52:be:70:81:6f:f7:71:6c:af:c3:f2:
bf:3e:54:7b:53:20:e9:a3:b4:b5:45:8f:b9:07:51:
8b:fc:f8:39:89:7b:07:af:dc:d2:32:64:9e:f0:7a:
94:3b:4d:92:b1:c6:f6:33:f6:63:f7:ea:2a:c9:91:
4f:28:f8:1f:bb:60:f5:48:34:f0:38:d1:74:d0:53:
2a:8f:93:cb:21:81:60:1c:18:7a:b8:d0:91:68:76:
20:65:7a:8b:bc:2d:27:e1:42:c1:b3:2f:c9:64:20:
9f:d4:fa:15:4a:f5:2c:be:26:6b:00:aa:7d:8b:24:
7b:f1:35:6d:3d:73:74:72:cf:0e:0d:3e:f2:9f:1c:
7a:5b:72:e7:f5:f0:9d:84:a4:5b:37:8a:d1:0d:7f:
ab:69:fa:de:d3:d0:24:76:b9:a6:27:21:de:e5:21:
80:c1:59:32:cb:03:05:38:9e:d0:a9:63:4f:20:98:
36:d9:4e:2a:4e:4a:28:d9:ae:77:d1:85:8a:34:c2:
4a:06:48:f9:83:26:4a:f1:e9:30:33:e2:24:5e:63:
33:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:7C:89:BD:AD:FC:A5:8E:62:DD:D0:E3:29:05:1B:45:50:81:3E:32
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/L3yJva38pY5i3dDjKQUbRVCBPjI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
40:49:0b:35:7c:29:cf:87:39:f6:6b:bc:27:69:7e:4f:aa:72:
3b:04:ae:96:7b:3a:ea:87:e7:ad:4f:94:ea:13:31:94:ac:44:
ac:be:78:e8:d8:86:07:4a:83:c0:2c:9e:9c:ab:c8:82:ce:83:
6d:3d:f7:09:f3:76:ab:2a:7c:37:04:e8:3f:4b:b7:5a:e8:ed:
94:86:2b:6e:2b:2c:7d:fd:58:ae:a8:0d:9e:95:9d:c7:13:c5:
8a:cb:5a:ec:c3:94:ad:01:86:c3:ce:04:99:90:f3:96:da:63:
dc:90:91:e3:59:88:f6:42:4e:6a:0a:7b:fa:ae:1d:94:86:bd:
2b:96:53:4a:d1:7b:67:66:7c:6b:41:c0:0e:41:6f:1a:97:f9:
81:0f:23:3f:84:06:25:1d:ae:08:60:c7:ce:d2:76:62:7c:68:
8a:ef:5c:03:40:3d:8f:68:ea:85:7d:18:47:97:e3:c6:17:7d:
ca:dd:b2:6f:9d:11:be:50:85:91:2a:98:c7:c2:1f:a0:ef:b6:
71:5a:06:2e:70:41:d7:90:8d:10:18:30:fb:7c:3f:d5:6a:e6:
eb:68:dd:5d:75:85:5e:07:fb:f5:f1:73:59:49:67:53:02:bf:
bc:fa:7b:6a:b5:f2:21:ef:28:52:63:02:19:3f:45:97:ad:c2:
7f:df:01:19
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICacAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDkw
MjEyMDJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDJGN0M4OUJEQURGQ0E1
OEU2MkRERDBFMzI5MDUxQjQ1NTA4MTNFMzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCxSBHu8XHFk4EaiUlxpHipxnOai/0Ddd9Wg1uhP0+P5MnvgLSN
WQnt2Eqscay0QjRSvnCBb/dxbK/D8r8+VHtTIOmjtLVFj7kHUYv8+DmJewev3NIy
ZJ7wepQ7TZKxxvYz9mP36irJkU8o+B+7YPVINPA40XTQUyqPk8shgWAcGHq40JFo
diBleou8LSfhQsGzL8lkIJ/U+hVK9Sy+JmsAqn2LJHvxNW09c3Ryzw4NPvKfHHpb
cuf18J2EpFs3itENf6tp+t7T0CR2uaYnId7lIYDBWTLLAwU4ntCpY08gmDbZTipO
SijZrnfRhYo0wkoGSPmDJkrx6TAz4iReYzNJAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUL3yJva38pY5i3dDjKQUbRVCBPjIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0wzeUp2YTM4cFk1aTNk
RGpLUVViUlZDQlBqSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBASQs1
fCnPhzn2a7wnaX5PqnI7BK6Wezrqh+etT5TqEzGUrESsvnjo2IYHSoPALJ6cq8iC
zoNtPfcJ83arKnw3BOg/S7da6O2UhituKyx9/ViuqA2elZ3HE8WKy1rsw5StAYbD
zgSZkPOW2mPckJHjWYj2Qk5qCnv6rh2Uhr0rllNK0XtnZnxrQcAOQW8al/mBDyM/
hAYlHa4IYMfO0nZifGiK71wDQD2PaOqFfRhHl+PGF33K3bJvnRG+UIWRKpjHwh+g
77ZxWgYucEHXkI0QGDD7fD/VaubraN1ddYVeB/v18XNZSWdTAr+8+ntqtfIh7yhS
YwIZP0WXrcJ/3wEZ
-----END CERTIFICATE-----
Generated at Fri Jun 20 18:19:31 2025 by rpki-client