Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/aJDvZL5yuRgntW26T6uvpPus9DM.roa
File: aJDvZL5yuRgntW26T6uvpPus9DM.roa (raw, json)
Hash identifier: eJRXvoVPPvtuT5Wzre2Hy8OfDTfygx9Li60il4xsu7E=
Subject key identifier: 68:90:EF:64:BE:72:B9:18:27:B5:6D:BA:4F:AB:AF:A4:FB:AC:F4:33
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 48E1
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/aJDvZL5yuRgntW26T6uvpPus9DM.roa
Signing time: Thu 25 Apr 2024 18:23:32 +0000
ROA not before: Thu 25 Apr 2024 18:23:32 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18657 (0x48e1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 25 18:23:32 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=6890EF64BE72B91827B56DBA4FABAFA4FBACF433
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:29:c1:cc:17:1d:77:38:ca:ea:4e:7d:e6:92:
0e:50:55:60:44:4b:10:bb:37:4c:43:36:c4:d0:c1:
d8:52:47:c9:ba:b9:ae:50:1e:1e:9f:ea:d7:2c:dc:
37:b6:61:86:1a:f7:99:32:b8:66:c0:77:49:3b:94:
24:79:45:27:52:2a:7d:fa:7b:74:55:ba:ff:43:e1:
6e:0a:87:9f:71:eb:66:2a:8f:32:00:ad:e2:da:5f:
0d:bb:11:8d:53:4d:e8:b8:61:aa:37:dc:18:bc:c7:
f4:6d:a8:0c:02:a2:17:b9:9c:e6:49:a0:40:49:00:
5e:d2:4f:46:4c:07:24:8d:78:2f:b3:4c:24:3d:4b:
a1:95:b3:60:b4:5c:5b:3f:aa:99:92:ec:ca:92:f3:
47:e5:a6:eb:2d:79:ad:fd:67:43:36:e5:77:96:b2:
ca:3c:65:81:02:d6:d6:e9:6f:96:ce:cb:da:92:73:
5a:22:52:02:b0:2b:25:f9:e1:f9:72:f9:b5:69:a0:
7d:22:c8:7d:e9:9b:85:0f:de:55:e0:e0:e4:f9:30:
bf:17:3d:0f:f0:37:81:d0:58:6d:be:55:bf:3f:95:
7d:fc:64:a2:c8:c8:56:d5:11:f0:b7:8a:a4:30:f2:
d2:01:95:72:f0:94:31:a3:b0:8c:c1:c5:7f:f6:a5:
50:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:90:EF:64:BE:72:B9:18:27:B5:6D:BA:4F:AB:AF:A4:FB:AC:F4:33
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/aJDvZL5yuRgntW26T6uvpPus9DM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
8c:a1:24:82:40:a2:10:8b:27:cd:81:e0:0a:41:ca:82:6e:d3:
08:c9:71:a5:1b:66:ac:d1:78:b1:b1:b3:75:3d:3a:99:cb:4d:
58:4b:2a:cb:a3:d5:31:84:c8:e1:e2:6f:8c:28:d2:c8:40:3e:
b4:04:29:5d:d6:6d:08:ea:17:c3:a7:72:ed:f3:ff:a5:41:e7:
86:22:9d:59:18:7e:df:cd:87:ed:41:11:89:9c:ab:a4:9f:d8:
f2:f8:c5:fa:75:db:eb:7f:11:cf:f6:17:70:ea:6e:35:c8:8b:
83:35:83:55:94:e5:fa:2c:6f:f9:48:c2:0a:e6:33:fb:da:71:
04:1f:15:78:c3:d0:14:bf:a7:e0:9f:4b:d4:87:a6:b6:e2:c0:
31:57:9a:bb:0a:f3:ff:fa:6c:4e:99:bc:42:a7:a7:db:c3:1d:
3e:6d:87:a2:2c:3f:ac:a1:17:29:2d:88:4b:c6:b9:d6:e6:e8:
5b:93:ac:8b:59:10:22:f0:c8:43:b1:ce:4c:02:3c:f4:a4:a6:
b0:71:52:2a:58:74:d2:c8:59:a3:87:20:39:0e:6d:b3:bd:38:
f4:72:24:25:4c:82:8b:38:e2:58:99:24:a5:95:11:b1:39:95:
bd:be:ff:f2:80:a3:71:0d:53:7e:da:52:0a:9d:c5:bc:31:88:
85:3f:37:1b
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICSOEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjUx
ODIzMzJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDY4OTBFRjY0QkU3MkI5
MTgyN0I1NkRCQTRGQUJBRkE0RkJBQ0Y0MzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDUKcHMFx13OMrqTn3mkg5QVWBESxC7N0xDNsTQwdhSR8m6ua5Q
Hh6f6tcs3De2YYYa95kyuGbAd0k7lCR5RSdSKn36e3RVuv9D4W4Kh59x62YqjzIA
reLaXw27EY1TTei4Yao33Bi8x/RtqAwCohe5nOZJoEBJAF7ST0ZMBySNeC+zTCQ9
S6GVs2C0XFs/qpmS7MqS80flpustea39Z0M25XeWsso8ZYEC1tbpb5bOy9qSc1oi
UgKwKyX54fly+bVpoH0iyH3pm4UP3lXg4OT5ML8XPQ/wN4HQWG2+Vb8/lX38ZKLI
yFbVEfC3iqQw8tIBlXLwlDGjsIzBxX/2pVAHAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUaJDvZL5yuRgntW26T6uvpPus9DMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2FKRHZaTDV5dVJnbnRX
MjZUNnV2cFB1czlETS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAIyhJIJAohCLJ82B
4ApByoJu0wjJcaUbZqzReLGxs3U9OpnLTVhLKsuj1TGEyOHib4wo0shAPrQEKV3W
bQjqF8Oncu3z/6VB54YinVkYft/Nh+1BEYmcq6Sf2PL4xfp12+t/Ec/2F3DqbjXI
i4M1g1WU5fosb/lIwgrmM/vacQQfFXjD0BS/p+CfS9SHprbiwDFXmrsK8//6bE6Z
vEKnp9vDHT5th6IsP6yhFyktiEvGudbm6FuTrItZECLwyEOxzkwCPPSkprBxUipY
dNLIWaOHIDkObbO9OPRyJCVMgos44liZJKWVEbE5lb2+//KAo3ENU37aUgqdxbwx
iIU/Nxs=
-----END CERTIFICATE-----
Generated at Sat May 17 19:42:26 2025 by rpki-client