Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/iKioKC3EMCohnoEchGq4oJ5_An8.roa
File: iKioKC3EMCohnoEchGq4oJ5_An8.roa (raw, json)
Hash identifier: c0uAtXSXsIiJW0U2QKeOS02LRWFqCnMX3r7ZhucXdXA=
Subject key identifier: 88:A8:A8:28:2D:C4:30:2A:21:9E:81:1C:84:6A:B8:A0:9E:7F:02:7F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4241
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/iKioKC3EMCohnoEchGq4oJ5_An8.roa
Signing time: Tue 16 Apr 2024 22:22:57 +0000
ROA not before: Tue 16 Apr 2024 22:22:57 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16961 (0x4241)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 16 22:22:57 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=88A8A8282DC4302A219E811C846AB8A09E7F027F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f2:33:e9:4a:94:8a:26:cd:4e:22:23:ca:2e:5d:
bc:0c:58:18:0b:8a:17:ca:93:fa:e2:a8:4b:ce:64:
03:37:6b:51:b6:3c:65:74:87:83:0b:28:01:62:29:
97:80:ed:8a:1a:5f:8b:a3:18:16:9d:73:13:6b:2f:
dd:02:da:b7:0d:2a:6e:c1:4d:c0:01:b7:30:8f:51:
e5:be:61:38:cf:95:f8:d2:15:7b:3d:67:b5:f3:5e:
30:54:4e:3e:6f:67:a8:b9:1b:6a:04:e6:8f:48:a2:
20:17:e8:ad:73:aa:50:a9:13:96:aa:a1:8a:54:61:
e9:7d:04:ae:f2:37:ea:f9:1d:e2:a1:fa:9f:62:03:
1b:1e:ed:31:71:42:97:b8:96:91:35:ef:28:26:3a:
dc:87:bb:14:4c:7e:19:c7:12:67:03:e9:dd:3b:be:
71:aa:0c:79:2e:10:3c:93:09:46:a3:20:15:75:a9:
40:25:e8:c4:91:bd:9f:35:3a:2d:12:a4:a8:ce:86:
7e:9c:79:4a:8b:29:0b:92:a9:cd:09:4c:16:4b:9e:
9c:c4:7d:8d:ff:b7:d8:68:45:3a:e4:4e:82:07:e1:
e6:fa:28:80:55:97:ac:9f:07:1d:1d:7a:39:0f:0d:
c9:10:0f:e7:85:c8:21:fd:a1:44:dc:89:11:ca:e4:
c1:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:A8:A8:28:2D:C4:30:2A:21:9E:81:1C:84:6A:B8:A0:9E:7F:02:7F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/iKioKC3EMCohnoEchGq4oJ5_An8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
30:22:b3:e8:44:1c:12:2f:7c:75:f4:8a:2c:1a:03:5e:2e:22:
a7:6a:79:b6:eb:57:d7:95:7a:d3:00:7a:da:d2:53:b1:b9:80:
49:b9:8b:48:bf:d7:54:ae:4e:ac:01:d7:44:35:aa:63:5a:72:
65:81:21:3d:09:83:8f:39:80:5a:32:5c:ff:50:a7:d3:ec:42:
a9:1a:d2:63:c2:4b:fb:c9:61:45:53:c6:93:32:cf:9e:25:0d:
4a:e9:6e:7a:63:3a:3f:c3:a3:0e:c0:50:8b:d6:38:35:61:0c:
76:f4:81:1b:e0:b3:12:29:42:56:30:ec:78:b6:31:fa:6d:fd:
be:84:d1:38:4b:8a:09:dd:a5:f0:b9:57:c9:97:40:7b:b7:88:
83:7a:c6:d7:18:9b:38:2d:77:6a:74:91:de:34:df:ec:f5:fc:
6f:6e:a8:18:cd:1d:c1:a4:9e:1e:41:58:31:07:9a:8e:ff:9b:
d6:e1:8f:76:80:14:d3:cf:a3:76:ca:11:c0:eb:47:e5:fe:f5:
c1:3f:6e:f0:f2:b0:40:04:57:47:bc:d0:a8:a8:e4:dc:d5:67:
8e:7e:a0:c8:a5:d9:f5:40:97:fe:c5:ff:a1:42:9d:cc:b7:74:
d0:93:72:27:ae:c0:6c:10:eb:f3:06:0b:c0:03:dd:02:9e:f1:
ee:43:61:74
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQkEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTYy
MjIyNTdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDg4QThBODI4MkRDNDMw
MkEyMTlFODExQzg0NkFCOEEwOUU3RjAyN0YwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDyM+lKlIomzU4iI8ouXbwMWBgLihfKk/riqEvOZAM3a1G2PGV0
h4MLKAFiKZeA7YoaX4ujGBadcxNrL90C2rcNKm7BTcABtzCPUeW+YTjPlfjSFXs9
Z7XzXjBUTj5vZ6i5G2oE5o9IoiAX6K1zqlCpE5aqoYpUYel9BK7yN+r5HeKh+p9i
Axse7TFxQpe4lpE17ygmOtyHuxRMfhnHEmcD6d07vnGqDHkuEDyTCUajIBV1qUAl
6MSRvZ81Oi0SpKjOhn6ceUqLKQuSqc0JTBZLnpzEfY3/t9hoRTrkToIH4eb6KIBV
l6yfBx0dejkPDckQD+eFyCH9oUTciRHK5MFjAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUiKioKC3EMCohnoEchGq4oJ5/An8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2lLaW9LQzNFTUNvaG5v
RWNoR3E0b0o1X0FuOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBADAis+hEHBIvfHX0
iiwaA14uIqdqebbrV9eVetMAetrSU7G5gEm5i0i/11SuTqwB10Q1qmNacmWBIT0J
g485gFoyXP9Qp9PsQqka0mPCS/vJYUVTxpMyz54lDUrpbnpjOj/Dow7AUIvWODVh
DHb0gRvgsxIpQlYw7Hi2Mfpt/b6E0ThLigndpfC5V8mXQHu3iIN6xtcYmzgtd2p0
kd403+z1/G9uqBjNHcGknh5BWDEHmo7/m9bhj3aAFNPPo3bKEcDrR+X+9cE/bvDy
sEAEV0e80Kio5NzVZ45+oMil2fVAl/7F/6FCncy3dNCTcieuwGwQ6/MGC8AD3QKe
8e5DYXQ=
-----END CERTIFICATE-----
Generated at Sat May 17 22:41:25 2025 by rpki-client