Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/_amirkg6MRhKt96wFlSu4YNLrZU.roa
File: _amirkg6MRhKt96wFlSu4YNLrZU.roa (raw, json)
Hash identifier: JkmwRG7jYDQNnQDJqOIEra3+JlJY5wRQ48Fh16I+Ap4=
Subject key identifier: FD:A9:A2:AE:48:3A:31:18:4A:B7:DE:B0:16:54:AE:E1:83:4B:AD:95
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4A41
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_amirkg6MRhKt96wFlSu4YNLrZU.roa
Signing time: Sat 27 Apr 2024 14:23:33 +0000
ROA not before: Sat 27 Apr 2024 14:23:33 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19009 (0x4a41)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 27 14:23:33 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=FDA9A2AE483A31184AB7DEB01654AEE1834BAD95
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:0d:bd:7d:56:02:cd:26:c9:ac:70:0b:f9:10:
a2:ee:b1:77:7d:3e:68:c8:99:f2:27:86:ad:7a:2b:
52:55:84:f9:5a:47:53:e5:52:d6:d2:c5:71:17:13:
f7:6d:72:86:2c:c0:98:28:4e:a2:72:8d:cd:fc:0d:
71:fb:b4:c3:8a:8d:ab:96:0c:bd:b3:97:92:6c:a8:
5b:0b:28:50:ef:69:51:46:8d:29:7c:e7:50:9c:88:
6a:59:3a:f9:ea:8e:4e:c9:03:7f:f3:31:f7:71:58:
eb:6a:83:0f:14:6a:32:29:11:ff:f7:e3:1f:87:38:
5d:d7:d9:09:7a:3b:29:f1:ae:95:3a:92:60:7b:3e:
dc:76:fc:ac:e7:3d:72:53:ee:53:79:f2:b7:59:e2:
9d:a1:4a:e2:b1:eb:39:cf:0a:24:3e:7f:3e:b0:c9:
d9:c2:6b:8f:b1:b6:b8:ef:16:85:73:0a:23:31:91:
46:b8:27:6a:bf:63:5a:13:28:c3:e8:9d:78:3c:e8:
5e:35:ad:7a:64:77:58:10:c5:70:96:6b:55:f7:ba:
3f:7e:2b:db:ab:4d:6d:22:70:d8:40:81:db:c6:b8:
d5:11:ae:97:b8:15:9f:23:b0:52:d8:0e:bf:fc:26:
5b:64:ef:05:04:b0:e5:b4:19:c2:1f:1b:c3:cb:1d:
9a:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:A9:A2:AE:48:3A:31:18:4A:B7:DE:B0:16:54:AE:E1:83:4B:AD:95
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/_amirkg6MRhKt96wFlSu4YNLrZU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
58:9a:37:16:ea:ed:94:8b:28:9f:c7:f9:10:7d:8e:49:61:c9:
35:88:a3:5d:6c:bb:27:ba:52:5b:ed:ee:36:e4:bf:a1:71:7c:
22:36:06:dc:1f:e1:18:18:00:67:42:9f:83:8e:a6:fa:a8:9d:
c5:07:33:23:07:0f:ba:2a:c8:5f:eb:cf:c2:6b:fa:0e:10:64:
cb:41:8f:69:61:1f:63:21:e7:bb:33:d7:1c:d5:d6:37:38:39:
03:37:43:ed:9f:56:cb:3e:26:a0:21:af:ba:b6:20:02:73:3c:
1c:c6:39:de:e5:b2:d1:e8:c4:f4:c6:cf:2f:54:d8:60:aa:cd:
33:74:93:2e:ef:e1:be:19:74:91:8b:cf:51:cc:30:9e:01:f2:
f7:26:ec:ae:b5:78:51:35:48:3a:1a:4b:87:d2:c8:fb:aa:d9:
af:09:40:97:f7:2a:c3:a7:fd:40:f3:60:ef:b2:2b:f8:cb:4a:
49:53:bf:9e:86:56:71:18:c8:20:61:0f:c5:d4:62:ea:fa:7f:
fa:da:e1:5a:fc:eb:57:ef:57:91:32:dd:0b:a7:3c:fa:98:65:
a7:4e:89:57:34:77:c5:8c:20:f8:04:f7:34:e2:95:38:d7:7b:
93:c1:99:06:1f:18:d0:fb:85:53:bd:0a:92:a0:29:ee:88:37:
79:d0:dd:c3
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICSkEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjcx
NDIzMzNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEZEQTlBMkFFNDgzQTMx
MTg0QUI3REVCMDE2NTRBRUUxODM0QkFEOTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDEDb19VgLNJsmscAv5EKLusXd9PmjImfInhq16K1JVhPlaR1Pl
UtbSxXEXE/dtcoYswJgoTqJyjc38DXH7tMOKjauWDL2zl5JsqFsLKFDvaVFGjSl8
51CciGpZOvnqjk7JA3/zMfdxWOtqgw8UajIpEf/34x+HOF3X2Ql6OynxrpU6kmB7
Ptx2/KznPXJT7lN58rdZ4p2hSuKx6znPCiQ+fz6wydnCa4+xtrjvFoVzCiMxkUa4
J2q/Y1oTKMPonXg86F41rXpkd1gQxXCWa1X3uj9+K9urTW0icNhAgdvGuNURrpe4
FZ8jsFLYDr/8Jltk7wUEsOW0GcIfG8PLHZqFAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU/amirkg6MRhKt96wFlSu4YNLrZUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L19hbWlya2c2TVJoS3Q5
NndGbFN1NFlOTHJaVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAFiaNxbq7ZSLKJ/H
+RB9jklhyTWIo11suye6Ulvt7jbkv6FxfCI2Btwf4RgYAGdCn4OOpvqoncUHMyMH
D7oqyF/rz8Jr+g4QZMtBj2lhH2Mh57sz1xzV1jc4OQM3Q+2fVss+JqAhr7q2IAJz
PBzGOd7lstHoxPTGzy9U2GCqzTN0ky7v4b4ZdJGLz1HMMJ4B8vcm7K61eFE1SDoa
S4fSyPuq2a8JQJf3KsOn/UDzYO+yK/jLSklTv56GVnEYyCBhD8XUYur6f/ra4Vr8
61fvV5Ey3QunPPqYZadOiVc0d8WMIPgE9zTilTjXe5PBmQYfGND7hVO9CpKgKe6I
N3nQ3cM=
-----END CERTIFICATE-----
Generated at Sun May 18 03:25:56 2025 by rpki-client