Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/siMEacVDmjPyhfMo8ocdLuTZP6c.roa
File: siMEacVDmjPyhfMo8ocdLuTZP6c.roa (raw, json)
Hash identifier: Xm1jaJrG/ilvJb2HudFD5x5pm7Q4gN6CpgD4oS57f0c=
Subject key identifier: B2:23:04:69:C5:43:9A:33:F2:85:F3:28:F2:87:1D:2E:E4:D9:3F:A7
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3401
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/siMEacVDmjPyhfMo8ocdLuTZP6c.roa
Signing time: Thu 28 Mar 2024 22:22:04 +0000
ROA not before: Thu 28 Mar 2024 22:22:04 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13313 (0x3401)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 28 22:22:04 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=B2230469C5439A33F285F328F2871D2EE4D93FA7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:ef:77:4c:d4:36:d1:7e:b7:05:64:ed:99:f9:
01:9f:88:44:d3:cf:26:f2:60:80:a5:99:bc:a1:29:
60:66:6c:10:b0:80:db:b1:4c:8d:80:0c:8c:be:9a:
7d:54:56:f3:60:af:a8:e5:ab:29:03:93:19:95:92:
ce:12:8d:57:5c:32:1b:44:1b:d8:85:88:b6:85:95:
66:a0:de:fc:64:37:17:12:d4:7b:31:ab:b2:bf:b0:
f1:6e:40:ac:ab:f8:5b:d4:64:de:16:9f:2a:c9:c3:
7e:2d:ca:be:83:18:86:04:75:ba:3d:c2:8a:ac:9d:
c4:ae:23:8f:c6:d5:ac:7e:5f:29:d4:18:64:ff:6a:
02:25:75:11:c5:e0:09:d9:48:e9:4d:0f:87:80:c0:
35:c3:01:a6:9c:2c:00:9f:ab:a2:6e:6d:56:65:fc:
9a:e9:49:24:f4:4c:5b:e2:d1:b2:6d:ef:d6:1e:bb:
d0:29:05:76:75:7b:bc:1b:78:de:58:91:67:40:81:
ae:3d:ab:2e:70:03:22:a3:8b:5e:87:0d:de:02:22:
73:69:11:ee:ad:0d:bc:4d:de:25:df:88:bc:08:a1:
58:aa:a4:3b:2e:9c:66:72:4f:16:db:7c:ff:70:63:
d5:24:58:8a:d9:84:08:e2:e4:bc:29:dc:da:9e:c3:
14:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:23:04:69:C5:43:9A:33:F2:85:F3:28:F2:87:1D:2E:E4:D9:3F:A7
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/siMEacVDmjPyhfMo8ocdLuTZP6c.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
89:68:fc:b5:71:90:28:ed:03:d9:3b:a3:3c:8e:15:3e:47:26:
00:52:72:8d:37:ca:11:35:5f:7a:c5:4f:b7:be:85:e3:7c:7b:
01:d2:9e:9f:d0:35:37:ec:ad:31:a8:b1:e9:69:0d:ae:ad:c1:
78:80:1e:95:b9:32:42:91:cc:21:07:15:b3:3f:1d:e4:15:a5:
6f:07:b1:d1:97:c8:3c:b9:59:99:bc:c0:e6:63:03:93:fa:00:
53:a5:ce:d3:4f:5c:6c:48:47:62:a3:bb:40:ca:32:4a:95:c7:
70:34:ca:90:94:de:aa:c9:66:e1:9e:d0:7c:c7:70:4e:e0:5e:
e7:e9:64:1b:42:a3:84:d2:d1:b6:f8:47:dd:52:9d:10:e6:1d:
fa:8a:db:65:69:7d:f3:fd:b6:6b:1c:99:08:0c:85:fc:f5:e0:
06:1d:76:f1:b5:68:35:3d:f2:b6:5f:97:24:69:30:1c:12:12:
4a:a3:4e:d9:27:5d:a1:12:84:fd:53:eb:d6:32:a6:ee:ae:31:
d7:45:a2:6b:a8:7d:85:d6:ba:e7:23:e3:e9:df:cd:58:83:9e:
2c:13:41:e2:97:29:1f:99:a4:17:b7:df:5c:7d:1f:83:8a:3f:
6c:af:e3:d6:a5:68:7e:cb:bb:c2:61:65:63:9a:d9:04:5c:45:
b3:b1:17:f0
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICNAEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjgy
MjIyMDRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEIyMjMwNDY5QzU0MzlB
MzNGMjg1RjMyOEYyODcxRDJFRTREOTNGQTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDB73dM1DbRfrcFZO2Z+QGfiETTzybyYIClmbyhKWBmbBCwgNux
TI2ADIy+mn1UVvNgr6jlqykDkxmVks4SjVdcMhtEG9iFiLaFlWag3vxkNxcS1Hsx
q7K/sPFuQKyr+FvUZN4WnyrJw34tyr6DGIYEdbo9woqsncSuI4/G1ax+XynUGGT/
agIldRHF4AnZSOlND4eAwDXDAaacLACfq6JubVZl/JrpSST0TFvi0bJt79Yeu9Ap
BXZ1e7wbeN5YkWdAga49qy5wAyKji16HDd4CInNpEe6tDbxN3iXfiLwIoViqpDsu
nGZyTxbbfP9wY9UkWIrZhAji5Lwp3NqewxRzAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUsiMEacVDmjPyhfMo8ocdLuTZP6cwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3NpTUVhY1ZEbWpQeWhm
TW84b2NkTHVUWlA2Yy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAIlo/LVxkCjtA9k7
ozyOFT5HJgBSco03yhE1X3rFT7e+heN8ewHSnp/QNTfsrTGoselpDa6twXiAHpW5
MkKRzCEHFbM/HeQVpW8HsdGXyDy5WZm8wOZjA5P6AFOlztNPXGxIR2Kju0DKMkqV
x3A0ypCU3qrJZuGe0HzHcE7gXufpZBtCo4TS0bb4R91SnRDmHfqK22VpffP9tmsc
mQgMhfz14AYddvG1aDU98rZflyRpMBwSEkqjTtknXaEShP1T69Yypu6uMddFomuo
fYXWuucj4+nfzViDniwTQeKXKR+ZpBe331x9H4OKP2yv49alaH7Lu8JhZWOa2QRc
RbOxF/A=
-----END CERTIFICATE-----
Generated at Sat May 17 19:32:52 2025 by rpki-client