Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/CpyJUcFKTYJSfd9ipmsIrbT-ZQ8.roa
File: CpyJUcFKTYJSfd9ipmsIrbT-ZQ8.roa (raw, json)
Hash identifier: 9+Gr8AVEntnCGi8V1Qv8IUdcrC4zP4ZiYR2g0F/xtmY=
Subject key identifier: 0A:9C:89:51:C1:4A:4D:82:52:7D:DF:62:A6:6B:08:AD:B4:FE:65:0F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3881
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/CpyJUcFKTYJSfd9ipmsIrbT-ZQ8.roa
Signing time: Wed 03 Apr 2024 22:22:20 +0000
ROA not before: Wed 03 Apr 2024 22:22:20 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14465 (0x3881)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 3 22:22:20 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=0A9C8951C14A4D82527DDF62A66B08ADB4FE650F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:39:19:90:a6:c1:8e:f7:9b:73:33:9e:33:49:
3c:22:e5:32:c6:48:51:c3:80:3c:d4:6d:46:d2:75:
70:49:5e:b2:db:c4:2a:0e:a7:62:5b:d1:04:26:c6:
8a:04:30:8e:8d:fc:12:7e:18:94:f7:2a:5f:9c:8d:
4a:eb:ed:64:fb:42:58:08:2e:5d:3c:59:0f:8c:7f:
19:4c:d2:e1:81:38:87:27:43:85:43:1e:85:ca:e6:
da:47:9a:dc:09:f0:d8:c1:c7:03:69:92:29:18:eb:
4c:48:22:58:19:61:b9:0c:d6:90:40:4f:6e:76:d7:
6e:ca:3c:6b:65:63:94:51:8d:2c:3e:c2:fd:80:70:
dd:19:18:79:a5:0b:11:09:4e:70:cb:9a:e3:3c:30:
07:20:d8:5e:f6:45:ec:57:48:43:41:ab:52:d1:66:
bd:4b:92:10:72:b1:3a:a4:4c:47:58:6c:6d:7e:12:
40:95:77:32:56:9c:d0:64:6a:4d:7e:07:95:c0:4b:
d6:5f:a6:ae:b8:53:33:92:c0:0b:f3:44:a3:95:b6:
f4:2b:a6:4e:ca:09:d7:87:a9:b4:1a:8b:97:1d:d4:
1f:60:ac:5e:20:92:48:87:2d:77:4f:33:29:78:df:
8d:43:01:40:85:4a:e8:5a:ee:0f:e3:a6:43:d4:42:
54:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:9C:89:51:C1:4A:4D:82:52:7D:DF:62:A6:6B:08:AD:B4:FE:65:0F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/CpyJUcFKTYJSfd9ipmsIrbT-ZQ8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
4c:ec:59:e8:60:d1:49:76:0b:9e:53:4a:86:0a:b0:c6:14:5e:
38:e0:38:cb:59:c3:8a:53:4f:ab:26:35:0b:fb:d3:68:2d:5b:
e9:ea:4a:cc:e7:a6:41:af:9c:1d:d6:c6:59:92:07:f9:98:30:
f2:0e:39:30:4c:60:62:76:ab:13:47:02:2b:a8:97:d7:30:ce:
c6:3b:af:21:a5:aa:cd:ea:6c:21:e5:e3:5f:75:b8:ae:ee:a2:
d9:dd:0d:9c:4c:56:26:de:df:1c:e1:98:04:5d:bf:92:ff:7f:
2d:7f:10:57:c0:0a:67:ec:80:32:8d:d7:eb:fe:a2:05:a4:c5:
e2:a1:a7:42:45:c8:76:43:c2:54:99:fd:18:7a:6d:de:2c:1f:
b4:7c:89:ac:fd:fc:75:2a:57:d6:41:7c:28:b2:63:78:3d:cd:
42:c7:cc:27:19:37:af:6b:ae:56:96:e5:d9:34:75:60:2d:f5:
a0:25:7b:7d:c5:2c:b0:32:5c:c0:02:3b:3a:08:ac:0d:96:67:
2d:18:d2:9c:6e:a2:2a:b9:52:37:69:f0:0b:f1:58:01:f8:e0:
27:5c:c8:d4:fe:c9:0f:b0:8d:81:c7:7c:2b:31:c7:4f:73:63:
5c:28:0a:01:5f:47:dd:3d:1b:aa:67:91:d0:1c:41:35:67:3a:
b0:64:96:5d
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICOIEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDMy
MjIyMjBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDBBOUM4OTUxQzE0QTRE
ODI1MjdEREY2MkE2NkIwOEFEQjRGRTY1MEYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDiORmQpsGO95tzM54zSTwi5TLGSFHDgDzUbUbSdXBJXrLbxCoO
p2Jb0QQmxooEMI6N/BJ+GJT3Kl+cjUrr7WT7QlgILl08WQ+MfxlM0uGBOIcnQ4VD
HoXK5tpHmtwJ8NjBxwNpkikY60xIIlgZYbkM1pBAT252127KPGtlY5RRjSw+wv2A
cN0ZGHmlCxEJTnDLmuM8MAcg2F72RexXSENBq1LRZr1LkhBysTqkTEdYbG1+EkCV
dzJWnNBkak1+B5XAS9Zfpq64UzOSwAvzRKOVtvQrpk7KCdeHqbQai5cd1B9grF4g
kkiHLXdPMyl4341DAUCFSuha7g/jpkPUQlQHAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUCpyJUcFKTYJSfd9ipmsIrbT+ZQ8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0NweUpVY0ZLVFlKU2Zk
OWlwbXNJcmJULVpROC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAEzsWehg0Ul2C55T
SoYKsMYUXjjgOMtZw4pTT6smNQv702gtW+nqSsznpkGvnB3WxlmSB/mYMPIOOTBM
YGJ2qxNHAiuol9cwzsY7ryGlqs3qbCHl4191uK7uotndDZxMVibe3xzhmARdv5L/
fy1/EFfACmfsgDKN1+v+ogWkxeKhp0JFyHZDwlSZ/Rh6bd4sH7R8iaz9/HUqV9ZB
fCiyY3g9zULHzCcZN69rrlaW5dk0dWAt9aAle33FLLAyXMACOzoIrA2WZy0Y0pxu
oiq5Ujdp8AvxWAH44CdcyNT+yQ+wjYHHfCsxx09zY1woCgFfR909G6pnkdAcQTVn
OrBkll0=
-----END CERTIFICATE-----
Generated at Sat May 17 19:35:32 2025 by rpki-client