Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/fxL4r51YME7sT3EpWaDDVb1B5jA.roa
File: fxL4r51YME7sT3EpWaDDVb1B5jA.roa (raw, json)
Hash identifier: lzv48YReaFyF6y7fKcqO+oPrEWg8iIv6lNON1tMjP1g=
Subject key identifier: 7F:12:F8:AF:9D:58:30:4E:EC:4F:71:29:59:A0:C3:55:BD:41:E6:30
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4061
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fxL4r51YME7sT3EpWaDDVb1B5jA.roa
Signing time: Sun 14 Apr 2024 10:22:56 +0000
ROA not before: Sun 14 Apr 2024 10:22:56 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16481 (0x4061)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 14 10:22:56 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=7F12F8AF9D58304EEC4F712959A0C355BD41E630
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:d3:ad:34:64:12:f3:ee:f6:fc:62:82:86:8e:
0f:bb:12:b3:f5:2e:86:e3:da:55:86:3d:9a:65:56:
7b:78:6d:47:5c:80:c9:5a:21:cb:63:1e:8f:53:0c:
4e:ba:05:42:9b:0d:30:2a:34:1a:6b:48:89:46:6d:
5d:b6:2a:86:9e:f2:21:55:56:f2:d4:c0:12:fe:bb:
cd:d8:10:be:6f:17:93:7e:2e:1d:9c:d6:63:07:b0:
22:69:12:87:4b:c0:87:e9:1f:89:f8:c4:d2:93:f7:
46:97:c1:c7:ef:34:70:dd:76:53:df:0a:bb:00:18:
e8:25:e4:6d:94:64:7a:88:e7:53:d6:35:be:40:e5:
00:84:e8:50:03:69:ac:5a:4e:1b:ae:2a:7b:71:7f:
17:ec:1b:43:a9:47:49:1d:86:5e:dc:aa:e8:79:21:
da:7f:73:d2:d0:d3:a6:00:86:a5:e2:fd:ea:67:36:
78:1b:65:02:d3:93:79:d9:4f:f9:bd:87:64:99:c9:
60:ab:44:6b:e2:37:76:28:19:af:ee:b6:6e:56:02:
23:bd:f7:de:6d:68:ba:47:da:57:d8:8b:8f:b9:cc:
66:2c:ac:19:4f:e2:09:7c:64:81:f6:27:d7:f5:e4:
d8:7a:be:d9:09:72:4a:11:e7:e2:f2:69:3a:5e:ea:
75:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:12:F8:AF:9D:58:30:4E:EC:4F:71:29:59:A0:C3:55:BD:41:E6:30
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fxL4r51YME7sT3EpWaDDVb1B5jA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
94:60:66:56:30:ca:b4:96:83:39:bc:c5:1e:5a:a2:4e:1c:e7:
37:fa:55:a4:d9:58:6a:4d:04:b8:2e:3d:e4:9b:81:18:13:fd:
e6:5a:32:f5:47:62:22:33:4c:d3:87:3f:98:41:82:76:76:06:
de:1e:f4:9e:be:53:5c:a2:d5:5d:7c:e6:46:c6:91:21:24:96:
54:bb:11:d0:93:08:a8:5c:cd:b0:33:be:91:18:a0:cd:9b:ea:
f7:79:90:34:4e:47:fe:0b:35:73:cb:34:87:53:85:bf:e2:20:
a2:08:06:49:08:26:15:36:d8:c6:fc:7c:bf:ec:43:5d:9a:bb:
88:b9:3c:06:ee:2a:ea:ce:1f:97:f6:30:70:63:6b:0e:33:f0:
da:3d:1a:69:db:47:04:2c:15:cb:0f:cf:de:e6:75:b7:05:fe:
3d:0c:a5:d0:37:03:30:16:55:87:d2:00:74:a9:7e:58:48:12:
ba:c1:d3:5e:db:9b:ac:fa:e8:eb:3c:6d:18:6c:53:fa:bc:f1:
7e:00:c1:cc:23:3a:ce:a3:18:f2:c0:35:ab:ee:40:3a:5c:aa:
ae:6e:60:f8:72:a2:43:54:41:fd:05:85:3a:25:4d:a6:7e:b2:
b0:a0:00:33:bd:65:bb:db:c1:3c:1b:35:16:94:26:31:0d:c4:
09:23:e5:6c
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQGEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTQx
MDIyNTZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDdGMTJGOEFGOUQ1ODMw
NEVFQzRGNzEyOTU5QTBDMzU1QkQ0MUU2MzAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDG0600ZBLz7vb8YoKGjg+7ErP1Lobj2lWGPZplVnt4bUdcgMla
IctjHo9TDE66BUKbDTAqNBprSIlGbV22Koae8iFVVvLUwBL+u83YEL5vF5N+Lh2c
1mMHsCJpEodLwIfpH4n4xNKT90aXwcfvNHDddlPfCrsAGOgl5G2UZHqI51PWNb5A
5QCE6FADaaxaThuuKntxfxfsG0OpR0kdhl7cquh5Idp/c9LQ06YAhqXi/epnNngb
ZQLTk3nZT/m9h2SZyWCrRGviN3YoGa/utm5WAiO9995taLpH2lfYi4+5zGYsrBlP
4gl8ZIH2J9f15Nh6vtkJckoR5+LyaTpe6nWZAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUfxL4r51YME7sT3EpWaDDVb1B5jAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2Z4TDRyNTFZTUU3c1Qz
RXBXYUREVmIxQjVqQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJRgZlYwyrSWgzm8
xR5aok4c5zf6VaTZWGpNBLguPeSbgRgT/eZaMvVHYiIzTNOHP5hBgnZ2Bt4e9J6+
U1yi1V185kbGkSEkllS7EdCTCKhczbAzvpEYoM2b6vd5kDROR/4LNXPLNIdThb/i
IKIIBkkIJhU22Mb8fL/sQ12au4i5PAbuKurOH5f2MHBjaw4z8No9GmnbRwQsFcsP
z97mdbcF/j0MpdA3AzAWVYfSAHSpflhIErrB017bm6z66Os8bRhsU/q88X4Awcwj
Os6jGPLANavuQDpcqq5uYPhyokNUQf0FhTolTaZ+srCgADO9ZbvbwTwbNRaUJjEN
xAkj5Ww=
-----END CERTIFICATE-----
Generated at Sun May 18 04:53:07 2025 by rpki-client