Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/lUhzYOlTLO-oGdyUGGE4nnVthpY.roa
File: lUhzYOlTLO-oGdyUGGE4nnVthpY.roa (raw, json)
Hash identifier: iQ43OCxp7Wt1y6G/0ICL2f43Vr3ndqVzfs7DDP2G7/s=
Subject key identifier: 95:48:73:60:E9:53:2C:EF:A8:19:DC:94:18:61:38:9E:75:6D:86:96
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6940
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/lUhzYOlTLO-oGdyUGGE4nnVthpY.roa
Signing time: Sat 07 Jun 2025 18:12:01 +0000
ROA not before: Sat 07 Jun 2025 18:12:01 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26944 (0x6940)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 7 18:12:01 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=95487360E9532CEFA819DC941861389E756D8696
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:7b:b4:9b:cf:a9:e9:c0:c7:d2:34:32:22:9c:
8b:f1:2e:02:19:52:4d:bc:cf:d0:01:9a:9b:01:ed:
08:39:dc:f4:5b:5b:c1:30:79:f8:34:f4:b3:fe:65:
8d:9f:94:63:66:5a:dc:9f:e1:ff:12:0c:ae:52:57:
1f:3a:96:08:f1:e7:19:8c:9b:29:00:c3:04:df:43:
07:ed:c0:47:9c:48:82:87:43:37:12:92:6c:d3:85:
f6:b1:8f:b2:be:72:d0:a3:a7:72:93:db:3e:5f:9d:
0d:12:41:1a:10:bf:eb:8d:22:30:a1:38:c6:3c:7f:
6b:39:e0:de:ea:e3:9a:36:fc:bc:ca:97:d0:35:36:
30:29:da:8d:71:ba:be:ac:27:3b:2c:f4:21:27:e9:
a2:12:e7:2b:13:28:56:5d:69:24:c8:f3:8b:ac:40:
e9:09:55:82:9f:82:72:e3:0c:78:3a:bf:91:14:f2:
fe:00:2d:94:d8:d2:3f:f0:94:e2:a7:4c:be:19:64:
c6:b2:a9:ec:0d:a5:55:09:02:2d:11:03:f2:05:13:
8e:2d:a1:8a:a4:6e:d3:f3:69:7e:b0:bb:6b:f2:b7:
ff:4b:1d:7c:47:b5:80:b7:54:df:a7:23:17:95:57:
c1:b5:fc:f6:fa:60:05:b6:4e:93:85:8b:40:cf:cc:
bf:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:48:73:60:E9:53:2C:EF:A8:19:DC:94:18:61:38:9E:75:6D:86:96
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/lUhzYOlTLO-oGdyUGGE4nnVthpY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
53:64:db:4d:df:44:b8:dc:48:ea:24:2e:97:75:4d:f1:5e:db:
e0:64:d2:b4:62:b0:90:e8:4b:3a:01:07:00:a0:1e:c1:45:8f:
12:8c:42:eb:a5:b1:90:1d:7b:f1:72:87:61:75:bd:16:0e:5e:
57:9d:b4:b7:60:44:3f:8e:e3:64:55:b0:ca:c4:ad:54:6d:bd:
3c:25:0b:d6:c3:a6:c6:fd:fb:41:c5:48:9f:84:43:58:e9:6c:
c3:0d:65:41:c9:b7:73:97:e1:8d:94:35:fb:63:96:e9:b8:9e:
12:8a:39:30:13:18:69:b3:23:a4:43:d8:f1:48:78:d1:4f:58:
6f:97:c8:23:61:07:7d:3b:f7:7b:54:b6:ee:45:0b:e8:9a:61:
12:0f:30:66:81:09:a1:ed:a8:9b:12:c1:4e:17:ee:db:a6:b8:
fb:3a:95:37:d4:f4:0a:47:6b:1d:91:30:a2:49:f7:15:6f:0d:
0d:f8:dc:da:88:99:ef:a5:29:a3:65:33:52:8e:f9:ab:51:35:
98:42:44:4c:e8:5c:7a:cc:c1:2c:04:c6:23:9d:c5:72:9c:a7:
ff:03:ef:21:5e:c8:22:d3:11:89:6a:37:37:2b:31:d3:52:5e:
e6:27:be:5c:e2:8a:58:d7:3f:7f:f0:cb:03:3e:40:43:8c:ce:
8d:13:f4:bd
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICaUAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDcx
ODEyMDFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDk1NDg3MzYwRTk1MzJD
RUZBODE5REM5NDE4NjEzODlFNzU2RDg2OTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6e7Sbz6npwMfSNDIinIvxLgIZUk28z9ABmpsB7Qg53PRbW8Ew
efg09LP+ZY2flGNmWtyf4f8SDK5SVx86lgjx5xmMmykAwwTfQwftwEecSIKHQzcS
kmzThfaxj7K+ctCjp3KT2z5fnQ0SQRoQv+uNIjChOMY8f2s54N7q45o2/LzKl9A1
NjAp2o1xur6sJzss9CEn6aIS5ysTKFZdaSTI84usQOkJVYKfgnLjDHg6v5EU8v4A
LZTY0j/wlOKnTL4ZZMayqewNpVUJAi0RA/IFE44toYqkbtPzaX6wu2vyt/9LHXxH
tYC3VN+nIxeVV8G1/Pb6YAW2TpOFi0DPzL9zAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUlUhzYOlTLO+oGdyUGGE4nnVthpYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2xVaHpZT2xUTE8tb0dk
eVVHR0U0bm5WdGhwWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBTZNtN
30S43EjqJC6XdU3xXtvgZNK0YrCQ6Es6AQcAoB7BRY8SjELrpbGQHXvxcodhdb0W
Dl5XnbS3YEQ/juNkVbDKxK1Ubb08JQvWw6bG/ftBxUifhENY6WzDDWVBybdzl+GN
lDX7Y5bpuJ4SijkwExhpsyOkQ9jxSHjRT1hvl8gjYQd9O/d7VLbuRQvommESDzBm
gQmh7aibEsFOF+7bprj7OpU31PQKR2sdkTCiSfcVbw0N+NzaiJnvpSmjZTNSjvmr
UTWYQkRM6Fx6zMEsBMYjncVynKf/A+8hXsgi0xGJajc3KzHTUl7mJ75c4opY1z9/
8MsDPkBDjM6NE/S9
-----END CERTIFICATE-----
Generated at Sun Jun 22 15:11:29 2025 by rpki-client