Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/RX1imK2f8-PZsn3PkD0CElNt-Lo.roa
File: RX1imK2f8-PZsn3PkD0CElNt-Lo.roa (raw, json)
Hash identifier: ob4ElEhHH95lNP5bZA7qjALAJwHY+J1wyz6RSL9sxOs=
Subject key identifier: 45:7D:62:98:AD:9F:F3:E3:D9:B2:7D:CF:90:3D:02:12:53:6D:F8:BA
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5485
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/RX1imK2f8-PZsn3PkD0CElNt-Lo.roa
Signing time: Sat 11 May 2024 06:54:02 +0000
ROA not before: Sat 11 May 2024 06:54:02 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21637 (0x5485)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 11 06:54:02 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=457D6298AD9FF3E3D9B27DCF903D0212536DF8BA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:43:5d:c0:1c:ab:3b:5f:70:2e:7f:fa:ee:d2:
b2:d7:88:b3:f4:0c:45:ff:23:6f:c5:99:7f:79:f4:
c8:7d:67:14:20:6d:23:1b:a6:01:6e:d3:8d:54:47:
a9:6e:cf:d1:cc:1d:86:b9:07:a5:46:8e:e4:21:19:
8b:7e:ac:60:31:5b:9d:11:7f:8f:82:d4:af:4e:bb:
40:ab:7c:0f:f2:b1:14:29:b0:1e:c5:ef:b5:99:c4:
f5:bb:67:96:5e:a3:19:78:78:a8:85:0e:e9:31:ab:
88:23:d9:e9:47:bb:61:90:7d:2d:45:5e:1c:30:3f:
f1:a1:ce:1a:1a:55:9a:31:01:05:f6:47:cf:a2:62:
88:ae:08:4c:89:59:50:8c:7c:aa:0e:2c:df:87:d2:
55:d7:d5:fa:c7:91:da:4e:f0:8b:80:fd:98:21:0d:
e8:f9:34:71:b9:c4:a3:fe:fc:61:60:1f:63:b4:19:
70:92:48:8a:60:5d:72:b7:d4:07:ef:8f:0c:e5:7b:
09:92:5b:a8:86:bc:a0:f4:d3:97:17:9c:ff:39:21:
5e:81:b2:3e:62:3c:74:aa:ec:b6:db:a5:70:6f:fb:
9f:ff:f5:41:03:e8:f9:02:9e:b8:27:bf:ce:0b:50:
b3:34:45:27:22:48:58:77:4b:c8:e9:76:ca:57:15:
99:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:7D:62:98:AD:9F:F3:E3:D9:B2:7D:CF:90:3D:02:12:53:6D:F8:BA
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/RX1imK2f8-PZsn3PkD0CElNt-Lo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
05:91:55:6f:4e:06:3e:af:31:08:8d:b6:59:14:c6:41:0b:e6:
ed:43:df:79:23:92:82:22:0f:42:91:f0:c5:16:76:50:40:97:
34:2b:88:e5:03:a2:43:a3:19:a2:4b:e8:0c:20:fb:07:48:c1:
ab:c8:f6:b5:d4:cf:62:ff:2a:bc:35:60:a4:3a:92:bc:e2:27:
c2:29:5b:a6:58:39:70:3c:23:d4:b9:2f:07:e8:8e:49:a1:7e:
11:ed:79:aa:e8:ad:e8:b7:ad:1f:18:c6:a5:08:f0:e5:23:b9:
34:72:b0:4d:d4:14:09:48:4a:a5:50:34:92:e7:7c:f8:9d:ec:
67:54:85:1a:db:fc:56:61:f7:cc:94:c4:81:02:74:32:76:ba:
38:94:72:f7:8c:56:d8:31:c2:37:61:97:43:81:5d:aa:03:db:
19:e9:38:1b:75:a6:15:74:33:6f:ff:47:35:17:1e:15:0e:f4:
25:10:50:1f:89:39:32:b3:8f:57:cc:7d:19:1a:f7:66:e2:30:
1e:00:d8:b3:2a:36:e8:92:a9:f8:c5:03:95:d1:4a:37:c1:aa:
96:17:43:5b:69:b3:8e:94:f3:8f:3c:40:08:99:07:e0:61:1d:
ed:2e:b4:85:8c:3d:3e:7c:2f:46:ab:59:84:54:77:48:2a:a2:
18:a8:44:d9
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICVIUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTEw
NjU0MDJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQ1N0Q2Mjk4QUQ5RkYz
RTNEOUIyN0RDRjkwM0QwMjEyNTM2REY4QkEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDFQ13AHKs7X3Auf/ru0rLXiLP0DEX/I2/FmX959Mh9ZxQgbSMb
pgFu041UR6luz9HMHYa5B6VGjuQhGYt+rGAxW50Rf4+C1K9Ou0CrfA/ysRQpsB7F
77WZxPW7Z5Zeoxl4eKiFDukxq4gj2elHu2GQfS1FXhwwP/GhzhoaVZoxAQX2R8+i
YoiuCEyJWVCMfKoOLN+H0lXX1frHkdpO8IuA/ZghDej5NHG5xKP+/GFgH2O0GXCS
SIpgXXK31AfvjwzlewmSW6iGvKD005cXnP85IV6Bsj5iPHSq7LbbpXBv+5//9UED
6PkCnrgnv84LULM0RSciSFh3S8jpdspXFZnxAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQURX1imK2f8+PZsn3PkD0CElNt+LowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1JYMWltSzJmOC1QWnNu
M1BrRDBDRWxOdC1Mby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAAWRVW9OBj6vMQiN
tlkUxkEL5u1D33kjkoIiD0KR8MUWdlBAlzQriOUDokOjGaJL6Awg+wdIwavI9rXU
z2L/Krw1YKQ6krziJ8IpW6ZYOXA8I9S5LwfojkmhfhHtearorei3rR8YxqUI8OUj
uTRysE3UFAlISqVQNJLnfPid7GdUhRrb/FZh98yUxIECdDJ2ujiUcveMVtgxwjdh
l0OBXaoD2xnpOBt1phV0M2//RzUXHhUO9CUQUB+JOTKzj1fMfRka92biMB4A2LMq
NuiSqfjFA5XRSjfBqpYXQ1tps46U8488QAiZB+BhHe0utIWMPT58L0arWYRUd0gq
ohioRNk=
-----END CERTIFICATE-----
Generated at Sat May 17 19:44:23 2025 by rpki-client