Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/OFYBvhmpFSE-M5DRnXMTOBxKpbA.roa
File: OFYBvhmpFSE-M5DRnXMTOBxKpbA.roa (raw, json)
Hash identifier: p8BnaYLCvCyFT5dyq0S054Lu+0t7twv/yIT3MoQ+jXs=
Subject key identifier: 38:56:01:BE:19:A9:15:21:3E:33:90:D1:9D:73:13:38:1C:4A:A5:B0
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4E75
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/OFYBvhmpFSE-M5DRnXMTOBxKpbA.roa
Signing time: Fri 03 May 2024 04:53:43 +0000
ROA not before: Fri 03 May 2024 04:53:43 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20085 (0x4e75)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 3 04:53:43 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=385601BE19A915213E3390D19D7313381C4AA5B0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:d8:8c:18:7d:f3:e0:28:17:da:5e:9b:41:e8:
ef:b2:d3:0b:ed:53:ab:3e:6a:8b:57:fb:17:eb:f0:
c5:8d:00:6d:b0:fa:ad:ed:fc:6c:1e:3c:42:85:79:
8c:7f:84:a8:48:c8:0f:cd:15:15:85:40:0c:25:e9:
0f:68:20:23:58:97:74:dd:35:48:73:36:17:c4:49:
d6:fc:73:ac:2a:19:96:e5:35:38:7a:49:7c:9f:02:
23:b3:d9:4d:a2:0b:cb:94:4d:40:7e:3e:7e:13:b4:
14:b7:10:30:1c:62:96:16:6c:f8:1f:ed:e9:67:cd:
52:e1:39:d8:f4:39:72:ed:9b:76:9a:c9:aa:01:32:
ae:40:84:b1:14:51:18:ed:61:3d:8a:b8:f0:ca:76:
2f:8e:7e:c0:13:b5:e6:15:9b:d9:f7:0e:fd:8a:c1:
25:35:d9:50:91:90:42:d1:9a:e0:7e:d1:92:71:8f:
b2:8f:d0:11:01:47:a4:99:c6:12:c2:ed:37:7a:76:
ef:83:87:82:ab:7e:c7:4a:c0:7c:43:93:da:de:67:
27:f3:74:f7:da:e4:5f:d1:55:2f:66:21:71:b8:60:
c1:53:5d:ec:31:9c:08:63:31:af:fb:8e:a1:00:7d:
4d:eb:aa:2b:33:4e:9a:c1:50:6d:d0:5d:d0:ad:6c:
79:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:56:01:BE:19:A9:15:21:3E:33:90:D1:9D:73:13:38:1C:4A:A5:B0
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/OFYBvhmpFSE-M5DRnXMTOBxKpbA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
96:6d:fb:47:54:5f:c1:88:e6:1d:d4:3e:9e:0c:f6:cf:6d:44:
fb:98:10:b8:9e:16:b3:bb:d9:d6:21:20:c2:3f:15:18:85:e2:
18:c3:8e:17:43:37:a2:29:53:23:6f:f6:a0:84:0b:4e:3f:ae:
26:f9:e4:77:7d:b2:1a:22:bb:08:7c:2c:ed:ce:12:50:3d:d2:
6d:e6:f8:1a:5e:c1:63:64:3e:65:0d:0d:9c:ee:bf:20:72:6e:
ca:8d:8e:a5:2f:a3:3f:bc:71:c7:2c:0f:a4:61:2b:3d:94:c8:
fe:19:12:10:7a:54:8e:c3:ad:13:ab:2f:82:00:2c:98:cb:ce:
24:9e:b8:e7:64:59:77:67:58:ef:66:1d:a3:1c:66:48:3f:cb:
3d:e5:55:a6:8d:2c:c4:33:54:24:87:4d:c7:98:eb:55:65:1c:
49:d8:4f:c2:3d:ae:1b:c3:aa:c8:b0:d3:09:ea:fb:c9:4a:3d:
76:b9:75:7c:c0:95:3b:fa:ba:83:59:6e:ec:b5:20:4c:cd:9a:
1e:5a:39:bb:37:85:d5:86:f9:ae:e1:6a:4b:62:c5:d2:7f:06:
20:5b:a7:95:cd:69:88:90:4e:cf:03:ae:0e:55:64:3c:64:e6:
98:f5:60:62:60:e3:17:73:9d:de:fc:3e:15:3c:a7:60:40:2f:
a0:12:46:44
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICTnUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDMw
NDUzNDNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDM4NTYwMUJFMTlBOTE1
MjEzRTMzOTBEMTlENzMxMzM4MUM0QUE1QjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCe2IwYffPgKBfaXptB6O+y0wvtU6s+aotX+xfr8MWNAG2w+q3t
/GwePEKFeYx/hKhIyA/NFRWFQAwl6Q9oICNYl3TdNUhzNhfESdb8c6wqGZblNTh6
SXyfAiOz2U2iC8uUTUB+Pn4TtBS3EDAcYpYWbPgf7elnzVLhOdj0OXLtm3aayaoB
Mq5AhLEUURjtYT2KuPDKdi+OfsATteYVm9n3Dv2KwSU12VCRkELRmuB+0ZJxj7KP
0BEBR6SZxhLC7Td6du+Dh4KrfsdKwHxDk9reZyfzdPfa5F/RVS9mIXG4YMFTXewx
nAhjMa/7jqEAfU3rqiszTprBUG3QXdCtbHkBAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUOFYBvhmpFSE+M5DRnXMTOBxKpbAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L09GWUJ2aG1wRlNFLU01
RFJuWE1UT0J4S3BiQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJZt+0dUX8GI5h3U
Pp4M9s9tRPuYELieFrO72dYhIMI/FRiF4hjDjhdDN6IpUyNv9qCEC04/rib55Hd9
shoiuwh8LO3OElA90m3m+BpewWNkPmUNDZzuvyBybsqNjqUvoz+8cccsD6RhKz2U
yP4ZEhB6VI7DrROrL4IALJjLziSeuOdkWXdnWO9mHaMcZkg/yz3lVaaNLMQzVCSH
TceY61VlHEnYT8I9rhvDqsiw0wnq+8lKPXa5dXzAlTv6uoNZbuy1IEzNmh5aObs3
hdWG+a7haktixdJ/BiBbp5XNaYiQTs8Drg5VZDxk5pj1YGJg4xdznd78PhU8p2BA
L6ASRkQ=
-----END CERTIFICATE-----
Generated at Sat May 17 23:32:10 2025 by rpki-client