Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/9itYkO9sw7PXB-kv351UpAOVX_k.roa
File: 9itYkO9sw7PXB-kv351UpAOVX_k.roa (raw, json)
Hash identifier: WE8y2KB7z47TuD04+57Q7wJIbQGw4vVkqzZwdjgXFlU=
Subject key identifier: F6:2B:58:90:EF:6C:C3:B3:D7:07:E9:2F:DF:9D:54:A4:03:95:5F:F9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4229
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/9itYkO9sw7PXB-kv351UpAOVX_k.roa
Signing time: Tue 16 Apr 2024 19:22:57 +0000
ROA not before: Tue 16 Apr 2024 19:22:57 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16937 (0x4229)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 16 19:22:57 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=F62B5890EF6CC3B3D707E92FDF9D54A403955FF9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:df:89:73:a8:e3:73:32:8f:35:69:63:9d:aa:
66:49:a3:1a:d8:a4:6a:d7:f2:a8:da:fd:de:bb:48:
3d:f0:05:85:13:a3:15:52:4e:66:f9:58:af:34:b6:
77:c5:78:a5:c9:75:ba:69:9c:51:fd:c0:71:a9:eb:
ae:fa:0f:5d:cd:36:1a:55:f2:90:48:5d:28:19:71:
7d:54:1a:0a:97:6f:30:ea:79:4a:3e:9e:08:c1:5f:
ca:93:75:60:24:fa:f0:91:3b:b0:05:54:eb:2b:75:
bd:d0:14:1d:8c:3f:36:63:80:c7:9d:41:a7:e4:7d:
b7:5a:b4:62:07:cf:eb:6a:57:83:b4:ce:51:a5:e8:
4b:41:23:31:95:9b:91:a3:a0:fd:b1:21:a4:2c:07:
32:fd:c6:c2:76:c9:9f:55:92:af:a3:f9:f5:d7:05:
31:52:aa:c3:c2:c6:a7:6a:9f:99:7e:6e:d9:4e:fe:
aa:1d:a6:3f:cd:b1:90:a5:43:c0:6b:fc:8b:b9:8e:
bd:18:da:06:12:81:b1:29:93:23:5e:a2:cf:48:62:
75:2f:3d:58:94:df:7a:41:4d:12:af:0b:9e:c7:77:
b4:ce:9d:3e:73:e6:2c:a2:5c:7c:50:ae:16:66:2b:
95:27:60:a6:75:33:7a:64:67:c4:ae:9d:d7:0c:d6:
0d:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:2B:58:90:EF:6C:C3:B3:D7:07:E9:2F:DF:9D:54:A4:03:95:5F:F9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/9itYkO9sw7PXB-kv351UpAOVX_k.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
75:53:af:95:16:8a:cf:6f:ea:30:17:67:a9:1b:c9:5c:0f:af:
ba:b2:3d:29:7c:5a:2a:3a:37:85:7b:94:9f:4e:c5:68:c5:2d:
56:8f:c5:e0:41:0c:d2:79:bc:47:ce:c2:01:f1:ea:bb:e9:57:
da:12:4c:9f:c5:68:e9:e9:40:4c:18:ca:72:bc:85:39:24:55:
85:6a:1c:59:79:ca:28:29:a0:df:73:32:66:c5:d6:4a:04:8d:
f9:3c:a5:ab:ae:b9:dd:23:a7:9a:4d:28:9b:bb:4f:9d:10:3f:
7e:97:b9:e4:8e:9b:56:b5:fe:b1:f7:5f:69:35:0b:74:73:92:
94:e8:11:e4:b6:a7:4e:47:ab:a5:df:fc:68:47:e3:77:bd:77:
10:00:40:3b:2b:e2:c5:82:0c:79:8d:59:eb:fb:3d:36:d5:81:
a9:ff:da:f7:fd:30:7b:17:67:62:31:4f:0a:ed:fc:40:13:58:
aa:60:1a:11:dd:18:31:ea:c3:8e:a3:2b:75:c3:60:35:76:00:
b4:10:4d:12:d5:a8:a5:c6:dc:5e:0a:7a:da:c2:4d:1b:61:58:
ec:a3:a0:0d:a2:0a:3f:1e:b1:ec:df:6d:ed:e9:be:c0:0a:5e:
af:cd:3f:84:fb:43:a6:6b:70:da:f7:e3:dc:19:f1:be:d9:c6:
7d:c3:f5:bc
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQikwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTYx
OTIyNTdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEY2MkI1ODkwRUY2Q0Mz
QjNENzA3RTkyRkRGOUQ1NEE0MDM5NTVGRjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDD34lzqONzMo81aWOdqmZJoxrYpGrX8qja/d67SD3wBYUToxVS
Tmb5WK80tnfFeKXJdbppnFH9wHGp6676D13NNhpV8pBIXSgZcX1UGgqXbzDqeUo+
ngjBX8qTdWAk+vCRO7AFVOsrdb3QFB2MPzZjgMedQafkfbdatGIHz+tqV4O0zlGl
6EtBIzGVm5GjoP2xIaQsBzL9xsJ2yZ9Vkq+j+fXXBTFSqsPCxqdqn5l+btlO/qod
pj/NsZClQ8Br/Iu5jr0Y2gYSgbEpkyNeos9IYnUvPViU33pBTRKvC57Hd7TOnT5z
5iyiXHxQrhZmK5UnYKZ1M3pkZ8SundcM1g2jAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU9itYkO9sw7PXB+kv351UpAOVX/kwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzlpdFlrTzlzdzdQWEIt
a3YzNTFVcEFPVlhfay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAHVTr5UWis9v6jAX
Z6kbyVwPr7qyPSl8Wio6N4V7lJ9OxWjFLVaPxeBBDNJ5vEfOwgHx6rvpV9oSTJ/F
aOnpQEwYynK8hTkkVYVqHFl5yigpoN9zMmbF1koEjfk8pauuud0jp5pNKJu7T50Q
P36XueSOm1a1/rH3X2k1C3RzkpToEeS2p05Hq6Xf/GhH43e9dxAAQDsr4sWCDHmN
Wev7PTbVgan/2vf9MHsXZ2IxTwrt/EATWKpgGhHdGDHqw46jK3XDYDV2ALQQTRLV
qKXG3F4KetrCTRthWOyjoA2iCj8esezfbe3pvsAKXq/NP4T7Q6ZrcNr349wZ8b7Z
xn3D9bw=
-----END CERTIFICATE-----
Generated at Sat May 17 22:37:20 2025 by rpki-client