Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/1HncQ6HOF-57uoD7KSMBo_rR_Nc.roa
File: 1HncQ6HOF-57uoD7KSMBo_rR_Nc.roa (raw, json)
Hash identifier: iZsKcDsvR8NZr0K8fT2jw00uM1Y25wkBfSH2+tmnzdw=
Subject key identifier: D4:79:DC:43:A1:CE:17:EE:7B:BA:80:FB:29:23:01:A3:FA:D1:FC:D7
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4ABD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1HncQ6HOF-57uoD7KSMBo_rR_Nc.roa
Signing time: Sun 28 Apr 2024 05:53:24 +0000
ROA not before: Sun 28 Apr 2024 05:53:24 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19133 (0x4abd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 28 05:53:24 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D479DC43A1CE17EE7BBA80FB292301A3FAD1FCD7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:fa:76:af:01:f2:2d:89:1a:5c:29:91:c3:79:
77:0a:3c:be:07:03:7d:ea:b3:f3:0a:e6:5d:94:2d:
8e:d9:0b:bc:08:c1:f1:a7:33:63:40:23:8e:e7:47:
07:78:fe:54:2c:dd:54:77:ef:bd:5b:8a:b0:d6:38:
17:6f:1b:c6:f2:c0:a5:67:7a:ef:37:c0:53:db:b7:
a0:dd:e5:27:7f:13:15:7c:a0:0b:e4:93:dd:81:05:
3a:dc:57:5b:0a:2c:3b:05:59:b2:fb:ee:30:2b:9d:
97:19:dd:5e:f2:13:f7:da:8f:4d:70:39:19:7d:e0:
6e:e2:63:f1:33:15:f7:58:2d:c9:5f:b7:6a:98:49:
75:96:8c:30:e2:59:13:e9:00:88:9b:36:76:34:1d:
0a:c0:56:55:e1:fd:f9:9b:3f:eb:05:bf:86:cc:58:
33:18:ac:07:03:dc:bc:ce:f6:f5:f5:74:c7:13:6b:
a4:1a:5c:87:01:54:f3:14:ed:0f:96:2e:32:4f:d6:
e6:f4:cd:c7:0a:5c:20:ec:e7:b7:52:8e:76:e6:32:
2b:81:41:61:62:37:65:71:3f:5b:d9:da:97:fe:70:
2f:e8:a6:ab:88:ca:d9:80:cb:a2:75:84:a7:15:85:
b5:1c:dc:b1:7c:af:91:1c:3e:af:11:74:75:c7:69:
06:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:79:DC:43:A1:CE:17:EE:7B:BA:80:FB:29:23:01:A3:FA:D1:FC:D7
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1HncQ6HOF-57uoD7KSMBo_rR_Nc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
1e:38:47:e6:01:6f:45:0a:2d:70:ec:90:f6:c2:c7:66:d7:c5:
8b:6d:e9:db:b9:81:d6:e0:8e:92:21:c6:c5:98:9a:b1:10:a2:
f1:99:bb:ce:5b:0d:5c:d4:05:45:92:3c:2f:69:f0:20:54:f3:
5b:f4:35:64:d0:e6:8d:4a:f7:43:be:b8:4f:26:e4:9a:7d:6a:
96:95:ad:fe:de:05:5b:c4:7d:8c:3e:39:8d:ef:b4:12:fe:8a:
13:8e:62:83:0c:1b:cb:f8:f9:57:f5:58:26:40:53:c4:1d:b7:
26:21:41:3f:0f:f1:a9:4c:ae:86:e1:bd:02:58:ed:e3:d1:19:
3b:f1:e4:c7:f4:bf:a2:60:50:42:9a:d4:17:12:53:ba:35:39:
05:33:45:6d:a5:a9:c9:7c:48:25:93:f4:21:9a:2b:27:c1:36:
6e:5b:3f:83:2b:68:12:d2:6e:fc:85:7c:df:47:46:3a:bb:21:
2e:42:ed:3b:40:e4:7b:91:b8:58:c7:43:30:6f:91:b2:41:ac:
f0:13:55:67:cc:d0:00:2c:6b:aa:93:dc:54:10:bf:d2:d3:b5:
0a:22:92:8a:93:a5:be:54:5d:7d:b8:a9:69:5d:c1:cb:3d:c9:
fc:d6:d5:8b:af:da:22:52:da:18:fd:d5:99:c2:a0:fb:0b:ed:
96:d0:07:62
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICSr0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjgw
NTUzMjRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQ0NzlEQzQzQTFDRTE3
RUU3QkJBODBGQjI5MjMwMUEzRkFEMUZDRDcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDT+navAfItiRpcKZHDeXcKPL4HA33qs/MK5l2ULY7ZC7wIwfGn
M2NAI47nRwd4/lQs3VR3771birDWOBdvG8bywKVneu83wFPbt6Dd5Sd/ExV8oAvk
k92BBTrcV1sKLDsFWbL77jArnZcZ3V7yE/faj01wORl94G7iY/EzFfdYLclft2qY
SXWWjDDiWRPpAIibNnY0HQrAVlXh/fmbP+sFv4bMWDMYrAcD3LzO9vX1dMcTa6Qa
XIcBVPMU7Q+WLjJP1ub0zccKXCDs57dSjnbmMiuBQWFiN2VxP1vZ2pf+cC/opquI
ytmAy6J1hKcVhbUc3LF8r5EcPq8RdHXHaQblAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU1HncQ6HOF+57uoD7KSMBo/rR/NcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzFIbmNRNkhPRi01N3Vv
RDdLU01Cb19yUl9OYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAB44R+YBb0UKLXDs
kPbCx2bXxYtt6du5gdbgjpIhxsWYmrEQovGZu85bDVzUBUWSPC9p8CBU81v0NWTQ
5o1K90O+uE8m5Jp9apaVrf7eBVvEfYw+OY3vtBL+ihOOYoMMG8v4+Vf1WCZAU8Qd
tyYhQT8P8alMrobhvQJY7ePRGTvx5Mf0v6JgUEKa1BcSU7o1OQUzRW2lqcl8SCWT
9CGaKyfBNm5bP4MraBLSbvyFfN9HRjq7IS5C7TtA5HuRuFjHQzBvkbJBrPATVWfM
0AAsa6qT3FQQv9LTtQoikoqTpb5UXX24qWldwcs9yfzW1Yuv2iJS2hj91ZnCoPsL
7ZbQB2I=
-----END CERTIFICATE-----
Generated at Sat May 17 22:41:20 2025 by rpki-client