Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/lP_Nkvqhee-wIACz0uif7NMdGdk.roa
File: lP_Nkvqhee-wIACz0uif7NMdGdk.roa (raw, json)
Hash identifier: 7Bk7z8DwJgRLdnUTkGNDvYUF6yohIFpJislWxktV09A=
Subject key identifier: 94:FF:CD:92:FA:A1:79:EF:B0:20:00:B3:D2:E8:9F:EC:D3:1D:19:D9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6450
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/lP_Nkvqhee-wIACz0uif7NMdGdk.roa
Signing time: Sun 25 May 2025 14:11:04 +0000
ROA not before: Sun 25 May 2025 14:11:04 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25680 (0x6450)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 25 14:11:04 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=94FFCD92FAA179EFB02000B3D2E89FECD31D19D9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:49:6e:38:57:87:57:3b:a4:0b:37:c5:f9:63:
72:66:65:7d:cc:3d:92:f1:1c:ca:7b:4c:6b:9c:3b:
e8:27:ff:f1:67:1f:67:ee:b6:2e:33:3d:58:35:94:
14:31:c2:bd:67:cd:f8:72:29:68:68:b2:1c:d9:b2:
92:88:79:6f:38:30:73:6c:ce:bf:99:59:31:d7:06:
38:14:45:66:c4:c1:53:50:3c:2a:ad:c6:df:aa:e0:
ef:dd:7a:db:14:03:a7:e1:df:1c:93:f1:99:3d:eb:
be:35:c5:09:0d:1e:19:b7:92:7d:a0:cb:a7:9b:b2:
a8:16:90:c6:b5:42:ca:b4:e3:d1:ab:19:6a:0e:af:
f4:06:89:3b:c7:e0:0e:ce:17:45:d8:f6:ef:4c:f9:
88:e1:ab:c4:8a:52:cd:83:f6:13:f1:bd:c3:5c:df:
ec:88:7f:39:2b:07:34:90:53:b6:8b:2a:b4:d7:99:
89:4d:39:22:04:b8:d8:1d:46:e0:a2:fa:93:15:4d:
0e:e8:ae:10:bb:f6:2a:f8:59:47:14:34:9d:d1:9b:
70:35:d2:fe:e4:4b:60:1f:d8:c9:24:17:21:2a:77:
e6:1f:30:75:f7:b4:38:8e:b7:d3:ff:9f:04:b4:bf:
d1:2a:e0:46:8e:1b:40:5f:48:46:78:01:94:15:87:
c4:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:FF:CD:92:FA:A1:79:EF:B0:20:00:B3:D2:E8:9F:EC:D3:1D:19:D9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/lP_Nkvqhee-wIACz0uif7NMdGdk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
b6:98:f7:4e:17:c1:f1:7b:d7:e6:3e:cf:e5:e8:0a:0b:d0:8c:
11:78:e9:1c:89:3c:82:5a:ad:9f:90:66:11:4d:9b:aa:d2:25:
d8:cc:de:a7:f5:02:95:f6:1b:b5:86:09:4f:47:44:2f:c5:6d:
60:6b:e1:38:f3:9d:b6:e3:44:3d:b4:76:03:62:e9:47:9d:44:
be:9c:d7:ce:c4:e5:48:03:98:62:51:eb:6a:9d:e8:90:b0:5e:
64:eb:c9:cf:7c:e4:b4:dc:68:27:fa:6c:06:f0:45:73:52:44:
50:19:5b:93:14:64:ed:b6:89:69:2c:39:5b:dc:b6:8c:b9:76:
54:b9:2d:c4:13:10:2d:86:57:38:ec:5b:0c:45:38:81:97:65:
77:e9:b0:44:f0:98:60:7c:10:e9:da:be:c6:04:c5:ea:7c:69:
e8:9d:bc:6a:4c:17:86:06:00:9e:66:84:8a:76:b4:65:99:7c:
e9:2d:12:76:af:61:31:1e:c2:db:8c:de:ef:34:24:dc:4f:3c:
74:12:0b:c5:60:ee:2e:c7:7c:12:66:4e:6d:20:d4:b5:10:d6:
c0:a7:a5:05:75:38:29:20:3f:23:86:ea:85:5e:05:c1:51:76:
8a:66:ef:d9:15:74:f9:84:ca:03:50:34:4f:89:a3:5c:4c:d2:
13:32:09:2d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZFAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjUx
NDExMDRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDk0RkZDRDkyRkFBMTc5
RUZCMDIwMDBCM0QyRTg5RkVDRDMxRDE5RDkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCoSW44V4dXO6QLN8X5Y3JmZX3MPZLxHMp7TGucO+gn//FnH2fu
ti4zPVg1lBQxwr1nzfhyKWhoshzZspKIeW84MHNszr+ZWTHXBjgURWbEwVNQPCqt
xt+q4O/detsUA6fh3xyT8Zk96741xQkNHhm3kn2gy6ebsqgWkMa1Qsq049GrGWoO
r/QGiTvH4A7OF0XY9u9M+Yjhq8SKUs2D9hPxvcNc3+yIfzkrBzSQU7aLKrTXmYlN
OSIEuNgdRuCi+pMVTQ7orhC79ir4WUcUNJ3Rm3A10v7kS2Af2MkkFyEqd+YfMHX3
tDiOt9P/nwS0v9Eq4EaOG0BfSEZ4AZQVh8SnAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUlP/Nkvqhee+wIACz0uif7NMdGdkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2xQX05rdnFoZWUtd0lB
Q3owdWlmN05NZEdkay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQC2mPdO
F8Hxe9fmPs/l6AoL0IwReOkciTyCWq2fkGYRTZuq0iXYzN6n9QKV9hu1hglPR0Qv
xW1ga+E4852240Q9tHYDYulHnUS+nNfOxOVIA5hiUetqneiQsF5k68nPfOS03Ggn
+mwG8EVzUkRQGVuTFGTttolpLDlb3LaMuXZUuS3EExAthlc47FsMRTiBl2V36bBE
8JhgfBDp2r7GBMXqfGnonbxqTBeGBgCeZoSKdrRlmXzpLRJ2r2ExHsLbjN7vNCTc
Tzx0EgvFYO4ux3wSZk5tINS1ENbAp6UFdTgpID8jhuqFXgXBUXaKZu/ZFXT5hMoD
UDRPiaNcTNITMgkt
-----END CERTIFICATE-----
Generated at Sun Jun 15 09:23:06 2025 by rpki-client