Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/LaWj7i5YA9oLcgh3ux4Gcpau2Jg.roa
File: LaWj7i5YA9oLcgh3ux4Gcpau2Jg.roa (raw, json)
Hash identifier: MDxKh5A7IX7KxJjhw9G3zFHWSaWt2XnwH7ZnuM7An4Q=
Subject key identifier: 2D:A5:A3:EE:2E:58:03:DA:0B:72:08:77:BB:1E:06:72:96:AE:D8:98
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6BCE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/LaWj7i5YA9oLcgh3ux4Gcpau2Jg.roa
Signing time: Sat 14 Jun 2025 13:42:22 +0000
ROA not before: Sat 14 Jun 2025 13:42:22 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27598 (0x6bce)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 14 13:42:22 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=2DA5A3EE2E5803DA0B720877BB1E067296AED898
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:97:22:fa:71:e1:cf:fa:18:d6:e5:11:23:e2:
d5:3a:47:aa:09:fb:b7:cd:be:30:c1:30:c9:f1:51:
ce:2d:67:38:6a:7f:71:a4:75:16:83:6e:db:ed:49:
dd:90:15:8e:87:b6:68:5a:a6:80:e1:16:58:90:cd:
73:a5:15:ac:18:64:00:e8:8d:1e:a6:40:6c:30:97:
d8:d6:6d:9f:a2:c8:52:af:59:47:95:fd:c8:75:0a:
23:5e:ba:03:2d:db:8d:72:25:73:f7:f4:60:41:39:
13:50:cb:56:44:88:8f:20:1e:65:9a:93:07:84:56:
2d:16:34:80:72:62:fc:fc:0e:42:ac:ef:17:ce:27:
87:6d:6a:8c:e5:a9:7d:3c:8a:74:1f:86:2c:3f:39:
32:55:3a:79:25:19:1c:3f:5c:c0:11:1a:61:b9:00:
a1:43:b1:67:1c:64:28:68:1c:a6:60:9a:87:4b:cc:
94:49:99:d5:a1:f1:41:7b:f6:da:70:6c:94:d3:ec:
31:7f:73:17:1c:67:eb:e3:ba:2f:a3:40:d3:a5:c2:
fe:3f:ad:c0:8d:6f:5a:a2:a7:f7:6a:a8:17:82:c4:
68:24:aa:f3:1f:8d:9c:90:61:6c:92:3a:e7:05:70:
c7:97:da:fb:99:4e:fb:86:da:e3:f4:a1:e9:d1:b8:
68:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:A5:A3:EE:2E:58:03:DA:0B:72:08:77:BB:1E:06:72:96:AE:D8:98
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/LaWj7i5YA9oLcgh3ux4Gcpau2Jg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
4b:b1:c9:7e:ea:aa:00:46:e5:4b:7a:39:9e:37:b8:7f:e3:21:
dd:cf:f4:e4:22:17:3c:95:76:9c:b5:cc:50:bb:d2:f0:5d:7e:
41:bd:c7:d9:5c:dc:2b:f8:01:46:0d:06:b8:ab:5e:75:fc:15:
3d:df:53:44:37:85:9c:6d:af:e8:f9:bd:b8:14:7c:fd:36:10:
db:7a:dc:6e:2c:00:c0:6a:63:e3:ea:be:bc:54:55:f8:50:75:
fb:06:a7:06:3e:3f:2c:6a:af:2a:a0:44:b9:a8:3c:d6:4a:ab:
e9:a8:75:1d:2b:4e:d6:4e:30:8e:40:c3:32:60:07:9b:22:dd:
74:57:0f:d5:38:e6:66:1e:b1:76:ca:1c:9d:47:54:00:ca:4d:
6a:25:4b:e0:1d:b2:8e:73:4e:58:b6:7c:5b:ab:e4:87:23:92:
80:be:b0:74:af:11:a4:11:b1:c4:c1:de:67:35:3e:5c:73:7d:
27:60:ce:f9:23:a7:7a:34:d2:f5:0f:86:08:a0:e5:9b:06:40:
ba:46:e4:84:59:df:1c:71:50:99:57:48:6a:4c:fd:ea:7f:aa:
df:b5:91:53:48:6a:63:ff:87:dd:e9:f2:07:21:b9:2a:5f:1f:
5a:e4:f1:cf:20:ab:1b:1b:77:e9:1c:0f:6f:ac:1b:92:fb:a9:
30:30:8b:cf
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICa84wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTQx
MzQyMjJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDJEQTVBM0VFMkU1ODAz
REEwQjcyMDg3N0JCMUUwNjcyOTZBRUQ4OTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDhlyL6ceHP+hjW5REj4tU6R6oJ+7fNvjDBMMnxUc4tZzhqf3Gk
dRaDbtvtSd2QFY6HtmhapoDhFliQzXOlFawYZADojR6mQGwwl9jWbZ+iyFKvWUeV
/ch1CiNeugMt241yJXP39GBBORNQy1ZEiI8gHmWakweEVi0WNIByYvz8DkKs7xfO
J4dtaozlqX08inQfhiw/OTJVOnklGRw/XMARGmG5AKFDsWccZChoHKZgmodLzJRJ
mdWh8UF79tpwbJTT7DF/cxccZ+vjui+jQNOlwv4/rcCNb1qip/dqqBeCxGgkqvMf
jZyQYWySOucFcMeX2vuZTvuG2uP0oenRuGgVAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQULaWj7i5YA9oLcgh3ux4Gcpau2JgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0xhV2o3aTVZQTlvTGNn
aDN1eDRHY3BhdTJKZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBLscl+
6qoARuVLejmeN7h/4yHdz/TkIhc8lXactcxQu9LwXX5BvcfZXNwr+AFGDQa4q151
/BU931NEN4Wcba/o+b24FHz9NhDbetxuLADAamPj6r68VFX4UHX7BqcGPj8saq8q
oES5qDzWSqvpqHUdK07WTjCOQMMyYAebIt10Vw/VOOZmHrF2yhydR1QAyk1qJUvg
HbKOc05Ytnxbq+SHI5KAvrB0rxGkEbHEwd5nNT5cc30nYM75I6d6NNL1D4YIoOWb
BkC6RuSEWd8ccVCZV0hqTP3qf6rftZFTSGpj/4fd6fIHIbkqXx9a5PHPIKsbG3fp
HA9vrBuS+6kwMIvP
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:57:25 2025 by rpki-client