Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/bk8pbnuD9T2mWPnAhaND74L-bVo.roa
File: bk8pbnuD9T2mWPnAhaND74L-bVo.roa (raw, json)
Hash identifier: tdsOYrst4qccPMjujg+ui8AyeUpS2DCIhb5vR1BBLnE=
Subject key identifier: 6E:4F:29:6E:7B:83:F5:3D:A6:58:F9:C0:85:A3:43:EF:82:FE:6D:5A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 48F5
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/bk8pbnuD9T2mWPnAhaND74L-bVo.roa
Signing time: Thu 25 Apr 2024 20:53:19 +0000
ROA not before: Thu 25 Apr 2024 20:53:19 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18677 (0x48f5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 25 20:53:19 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=6E4F296E7B83F53DA658F9C085A343EF82FE6D5A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:13:81:7f:2b:92:5e:3e:d7:52:18:65:28:16:
ff:06:54:cb:c0:fa:aa:4f:3e:ad:71:6b:5d:ba:8e:
af:0e:f4:bb:a3:98:3c:89:e3:96:9e:04:45:3f:d1:
f0:b8:15:47:ca:7d:d5:c2:0c:9a:72:2a:db:c5:bf:
f1:0a:ef:db:66:6c:cc:94:da:68:d9:42:de:34:cb:
2f:d8:83:f6:54:81:aa:71:31:a1:b3:26:81:6c:43:
b5:7d:e7:98:1d:7b:82:cc:bb:a0:34:80:39:fb:a1:
69:c5:f5:f6:6f:75:0b:11:8a:13:a2:b0:b8:3b:36:
a2:34:a3:a1:ed:29:60:fc:5a:ee:7d:f2:82:55:75:
93:1f:9e:1d:0e:c1:e0:3d:03:3f:67:c2:88:df:f9:
1b:5f:1a:14:f7:bd:9b:b0:ef:db:93:fc:54:af:5d:
b5:5a:61:3e:43:05:16:b4:78:4b:02:01:ee:9c:94:
f8:7d:9e:c5:bd:41:22:7b:16:a5:18:ee:87:3f:46:
82:c6:aa:33:7a:14:1d:3c:a3:6c:5a:88:f2:a8:6f:
fb:59:18:b5:8b:86:a0:35:93:fb:95:8b:15:1d:c0:
6b:84:22:15:2a:05:24:24:8b:89:5c:37:ff:c6:43:
bb:6b:ed:a8:3c:dd:8e:1e:cc:30:71:a1:10:e2:29:
d7:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:4F:29:6E:7B:83:F5:3D:A6:58:F9:C0:85:A3:43:EF:82:FE:6D:5A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/bk8pbnuD9T2mWPnAhaND74L-bVo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
b6:94:99:4c:7f:cb:6f:7b:94:b1:51:0f:9e:17:40:f6:03:f6:
06:c9:19:e5:84:3f:76:c6:c0:cb:be:6e:82:d1:aa:ac:10:53:
65:ca:43:6f:d6:ff:50:2e:5e:68:82:ee:a5:d2:0d:38:f9:22:
93:ab:54:fe:d1:3c:d1:af:97:4e:89:db:86:2e:8f:6e:ce:4b:
58:2b:97:ef:f8:a0:13:1b:37:13:cf:e6:73:b4:a0:d3:a5:6f:
77:f6:fa:5d:64:a7:dc:06:6d:3a:ec:65:a2:0f:7a:c1:46:c7:
bc:cb:2b:0c:a3:6e:a7:5c:9a:26:0c:f4:3c:7f:8a:f9:04:c0:
74:4a:b2:70:0b:d0:2e:f3:65:49:02:52:1d:22:f3:c3:48:52:
b9:2a:35:6c:35:cc:00:71:a8:32:fe:b3:78:6c:58:a9:cf:5e:
1b:90:bb:4c:ac:cf:03:c8:a0:1b:80:ab:62:9a:d7:59:2a:84:
61:83:3e:e8:cf:fd:5c:53:74:da:cd:1c:8e:00:fb:07:f3:d0:
de:7a:98:2c:a0:4b:8f:87:59:b7:0f:2b:4e:4c:cd:84:e7:95:
6b:01:5c:3c:ad:08:0a:da:20:7e:34:0e:3a:b5:42:96:76:50:
9f:1c:35:23:03:2a:d7:d1:11:1f:3e:8c:de:df:a0:ea:15:9a:
68:43:b6:e0
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICSPUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjUy
MDUzMTlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDZFNEYyOTZFN0I4M0Y1
M0RBNjU4RjlDMDg1QTM0M0VGODJGRTZENUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDIE4F/K5JePtdSGGUoFv8GVMvA+qpPPq1xa126jq8O9LujmDyJ
45aeBEU/0fC4FUfKfdXCDJpyKtvFv/EK79tmbMyU2mjZQt40yy/Yg/ZUgapxMaGz
JoFsQ7V955gde4LMu6A0gDn7oWnF9fZvdQsRihOisLg7NqI0o6HtKWD8Wu598oJV
dZMfnh0OweA9Az9nwojf+RtfGhT3vZuw79uT/FSvXbVaYT5DBRa0eEsCAe6clPh9
nsW9QSJ7FqUY7oc/RoLGqjN6FB08o2xaiPKob/tZGLWLhqA1k/uVixUdwGuEIhUq
BSQki4lcN//GQ7tr7ag83Y4ezDBxoRDiKdcXAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUbk8pbnuD9T2mWPnAhaND74L+bVowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2JrOHBibnVEOVQybVdQ
bkFoYU5ENzRMLWJWby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBALaUmUx/y297lLFR
D54XQPYD9gbJGeWEP3bGwMu+boLRqqwQU2XKQ2/W/1AuXmiC7qXSDTj5IpOrVP7R
PNGvl06J24Yuj27OS1grl+/4oBMbNxPP5nO0oNOlb3f2+l1kp9wGbTrsZaIPesFG
x7zLKwyjbqdcmiYM9Dx/ivkEwHRKsnAL0C7zZUkCUh0i88NIUrkqNWw1zABxqDL+
s3hsWKnPXhuQu0yszwPIoBuAq2Ka11kqhGGDPujP/VxTdNrNHI4A+wfz0N56mCyg
S4+HWbcPK05MzYTnlWsBXDytCAraIH40Djq1QpZ2UJ8cNSMDKtfRER8+jN7foOoV
mmhDtuA=
-----END CERTIFICATE-----
Generated at Sat May 17 23:49:52 2025 by rpki-client