Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/HLYw3uRLm2RucY9TfGMQOwybLuE.roa
File: HLYw3uRLm2RucY9TfGMQOwybLuE.roa (raw, json)
Hash identifier: aiAvWgKm6WQWljhHtukcTviwPQqQL5GqVaxWi+bonlw=
Subject key identifier: 1C:B6:30:DE:E4:4B:9B:64:6E:71:8F:53:7C:63:10:3B:0C:9B:2E:E1
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4171
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/HLYw3uRLm2RucY9TfGMQOwybLuE.roa
Signing time: Mon 15 Apr 2024 20:23:01 +0000
ROA not before: Mon 15 Apr 2024 20:23:01 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16753 (0x4171)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 15 20:23:01 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=1CB630DEE44B9B646E718F537C63103B0C9B2EE1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:f8:20:b5:14:c1:81:a1:3d:a7:2b:7e:f2:a4:
2b:f1:41:57:7f:ba:d6:f6:52:00:3e:2a:6b:68:23:
18:9c:08:ef:ec:8d:3b:18:4e:ea:31:22:f1:94:5e:
f7:b4:0b:6b:67:cc:64:c2:e8:c2:ba:77:c3:63:4d:
76:56:f8:01:b7:10:bf:20:a9:30:5a:69:b1:76:aa:
32:61:a2:42:c1:3c:3e:b0:5e:5b:69:6e:62:22:f6:
5a:d3:d3:84:4d:51:9b:0b:43:a5:ac:45:6b:b0:d1:
7f:5c:fe:af:ab:f5:c9:78:63:68:37:2c:dd:b9:55:
b3:16:e1:5b:36:94:d2:c2:26:16:90:f2:ff:a2:6c:
eb:5b:f1:b8:1a:6e:1c:87:5b:55:e5:e0:70:2e:be:
2c:0d:09:90:fd:5d:bd:fe:ac:b6:fe:80:5e:7d:a0:
54:d6:3f:81:6d:85:ef:7c:9f:c9:d9:42:a6:c2:23:
dd:76:97:94:7a:74:23:75:00:1d:2c:7b:da:8b:4e:
95:b3:ea:d1:71:a9:e9:2f:d1:42:c9:69:0b:cb:12:
6e:93:f5:b2:11:18:c5:1f:32:73:8c:14:c5:56:96:
02:5a:10:3d:f8:51:2d:54:fd:56:f2:84:b4:3a:fa:
9a:b2:e5:03:1e:cc:a0:e3:d4:e7:cb:ff:79:d2:de:
e0:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:B6:30:DE:E4:4B:9B:64:6E:71:8F:53:7C:63:10:3B:0C:9B:2E:E1
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/HLYw3uRLm2RucY9TfGMQOwybLuE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
0f:f9:98:b3:58:ef:7c:c3:f2:84:cf:2a:34:84:87:7c:8d:22:
f7:7a:3c:d0:34:8c:b2:7f:88:63:c2:d3:cc:95:92:ce:74:8c:
1e:15:bb:4d:e8:bf:a0:7e:92:15:5f:da:36:19:16:9a:0a:eb:
6a:e8:0b:36:b0:fe:a5:fe:a7:b8:2d:27:51:22:7b:9c:b9:41:
b9:fe:1a:b8:67:5c:a1:42:1a:42:83:56:8c:51:55:ae:a2:5b:
79:57:79:24:7c:6b:ba:0f:47:c5:a1:ac:36:b8:1e:6c:16:c9:
c5:66:7e:12:17:6a:75:35:04:b5:59:f4:e0:e2:ce:95:45:28:
7a:da:ae:e2:5e:51:ba:cd:67:50:1a:7d:6e:54:2d:26:91:aa:
1b:f7:cb:de:04:a5:20:27:74:c2:72:5d:db:0d:52:55:7b:c6:
8d:44:64:c2:9a:b9:7c:81:de:c1:f4:75:78:e1:65:91:1c:5f:
32:4e:a9:97:7a:49:8a:4a:f4:14:a6:0f:0d:87:a4:32:86:cf:
ef:02:20:b0:70:f0:e9:3b:e8:02:9d:de:da:55:5b:d8:8c:d9:
a9:d0:c0:e7:0c:16:7e:ea:64:71:b5:63:f3:f7:c0:44:aa:9a:
fa:3f:4c:38:dc:47:78:35:bd:cf:38:f5:8d:31:db:cd:88:02:
24:e8:d7:0f
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQXEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTUy
MDIzMDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDFDQjYzMERFRTQ0QjlC
NjQ2RTcxOEY1MzdDNjMxMDNCMEM5QjJFRTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCm+CC1FMGBoT2nK37ypCvxQVd/utb2UgA+KmtoIxicCO/sjTsY
TuoxIvGUXve0C2tnzGTC6MK6d8NjTXZW+AG3EL8gqTBaabF2qjJhokLBPD6wXltp
bmIi9lrT04RNUZsLQ6WsRWuw0X9c/q+r9cl4Y2g3LN25VbMW4Vs2lNLCJhaQ8v+i
bOtb8bgabhyHW1Xl4HAuviwNCZD9Xb3+rLb+gF59oFTWP4Fthe98n8nZQqbCI912
l5R6dCN1AB0se9qLTpWz6tFxqekv0ULJaQvLEm6T9bIRGMUfMnOMFMVWlgJaED34
US1U/VbyhLQ6+pqy5QMezKDj1OfL/3nS3uDdAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUHLYw3uRLm2RucY9TfGMQOwybLuEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0hMWXczdVJMbTJSdWNZ
OVRmR01RT3d5Ykx1RS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAA/5mLNY73zD8oTP
KjSEh3yNIvd6PNA0jLJ/iGPC08yVks50jB4Vu03ov6B+khVf2jYZFpoK62roCzaw
/qX+p7gtJ1Eie5y5Qbn+GrhnXKFCGkKDVoxRVa6iW3lXeSR8a7oPR8WhrDa4HmwW
ycVmfhIXanU1BLVZ9ODizpVFKHraruJeUbrNZ1AafW5ULSaRqhv3y94EpSAndMJy
XdsNUlV7xo1EZMKauXyB3sH0dXjhZZEcXzJOqZd6SYpK9BSmDw2HpDKGz+8CILBw
8Ok76AKd3tpVW9iM2anQwOcMFn7qZHG1Y/P3wESqmvo/TDjcR3g1vc849Y0x282I
AiTo1w8=
-----END CERTIFICATE-----
Generated at Sat May 17 23:59:28 2025 by rpki-client