Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/sqnxFN5oOZ2VVvwdw2yCe1srGKU.roa
File: sqnxFN5oOZ2VVvwdw2yCe1srGKU.roa (raw, json)
Hash identifier: OdBjn6NCSy549nYLFvYij6bItk8YmCxOye9LcW0q04E=
Subject key identifier: B2:A9:F1:14:DE:68:39:9D:95:56:FC:1D:C3:6C:82:7B:5B:2B:18:A5
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4025
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/sqnxFN5oOZ2VVvwdw2yCe1srGKU.roa
Signing time: Sun 14 Apr 2024 02:52:52 +0000
ROA not before: Sun 14 Apr 2024 02:52:52 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16421 (0x4025)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 14 02:52:52 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=B2A9F114DE68399D9556FC1DC36C827B5B2B18A5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:7f:a9:07:fb:04:4a:86:a5:13:f7:68:f1:e4:
38:c9:6d:23:4b:c2:d0:7b:d6:fb:84:d6:a5:ea:b5:
13:88:e9:5b:db:ad:07:21:53:e4:be:ad:5d:8e:3c:
ce:f3:61:7d:88:3b:65:47:ca:8d:c4:9b:13:7b:3d:
54:bf:df:bf:d8:11:59:c2:a7:7d:f9:ef:e0:2e:66:
c9:ce:b3:32:f4:e2:bb:71:d3:cd:a4:ba:21:d4:6e:
61:c5:09:ec:4c:bd:c3:68:eb:ac:ea:61:e3:73:bf:
a5:33:dd:96:a8:3e:67:e5:f6:db:ab:ed:f8:9e:10:
2d:5c:4e:ba:47:fa:9e:6b:9b:14:86:ae:5a:da:ca:
5d:7a:a4:12:93:da:92:9e:56:99:e7:9f:6b:78:41:
c5:a6:a5:0a:39:82:ee:87:01:a1:c1:8a:bf:fc:7f:
10:d2:e2:0b:27:06:9a:5d:95:ce:dc:94:ca:3c:60:
5f:66:23:8f:80:9c:e3:3a:f7:ed:dc:b6:bc:3f:e2:
b3:89:4b:d7:61:ca:87:cd:90:5b:0b:02:f3:f9:76:
82:7d:4a:7f:f1:f7:de:e9:87:f4:61:ae:33:67:93:
5e:c4:5d:5e:c8:c3:52:88:0a:d9:64:69:33:9b:82:
bb:b7:0a:34:58:fb:c0:f4:dd:6d:cf:40:55:be:59:
9e:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:A9:F1:14:DE:68:39:9D:95:56:FC:1D:C3:6C:82:7B:5B:2B:18:A5
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/sqnxFN5oOZ2VVvwdw2yCe1srGKU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
b8:c4:b1:27:3a:d4:f6:29:5b:1d:64:68:a1:d0:9f:a0:1e:c0:
b5:41:55:e1:6a:93:6e:dc:a3:48:df:26:96:55:ba:aa:75:e7:
8e:9d:f2:a8:bd:da:74:f3:32:77:4a:38:92:02:32:33:b5:b1:
fb:9c:23:97:fe:3f:b7:a4:3e:1e:22:66:94:8e:94:de:79:a0:
d8:f5:f7:08:12:a3:45:88:6e:52:2d:a4:07:32:ab:c0:0f:d2:
dd:f7:71:84:6d:a1:6e:7c:78:39:97:70:7c:81:33:5d:74:98:
e3:8e:d6:15:d8:a5:5d:00:d9:f4:f2:b4:00:92:6a:bd:67:65:
7c:f4:f7:3e:7b:92:b6:0b:8d:d9:44:99:f8:97:96:0c:0f:2c:
f8:26:97:bd:33:87:85:80:ff:14:2f:9d:65:de:b9:16:45:4d:
67:a8:fd:e3:b9:2c:51:36:77:ee:f2:22:b7:d8:af:ac:fe:9f:
72:a5:cd:9c:69:f7:f6:b5:25:04:83:c8:dd:64:ce:b2:2d:c8:
57:1c:4e:e7:84:0c:8f:75:23:86:31:53:76:70:09:6d:35:31:
9d:55:aa:fe:f4:e7:91:92:fb:61:29:65:e4:fa:af:a2:4a:f0:
94:fc:8f:24:ab:77:66:87:3a:78:df:61:18:75:61:d7:d0:fe:
81:18:46:44
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQCUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTQw
MjUyNTJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEIyQTlGMTE0REU2ODM5
OUQ5NTU2RkMxREMzNkM4MjdCNUIyQjE4QTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDnf6kH+wRKhqUT92jx5DjJbSNLwtB71vuE1qXqtROI6VvbrQch
U+S+rV2OPM7zYX2IO2VHyo3EmxN7PVS/37/YEVnCp3357+AuZsnOszL04rtx082k
uiHUbmHFCexMvcNo66zqYeNzv6Uz3ZaoPmfl9tur7fieEC1cTrpH+p5rmxSGrlra
yl16pBKT2pKeVpnnn2t4QcWmpQo5gu6HAaHBir/8fxDS4gsnBppdlc7clMo8YF9m
I4+AnOM69+3ctrw/4rOJS9dhyofNkFsLAvP5doJ9Sn/x997ph/RhrjNnk17EXV7I
w1KICtlkaTObgru3CjRY+8D03W3PQFW+WZ7HAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUsqnxFN5oOZ2VVvwdw2yCe1srGKUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3NxbnhGTjVvT1oyVlZ2
d2R3MnlDZTFzckdLVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBALjEsSc61PYpWx1k
aKHQn6AewLVBVeFqk27co0jfJpZVuqp1546d8qi92nTzMndKOJICMjO1sfucI5f+
P7ekPh4iZpSOlN55oNj19wgSo0WIblItpAcyq8AP0t33cYRtoW58eDmXcHyBM110
mOOO1hXYpV0A2fTytACSar1nZXz09z57krYLjdlEmfiXlgwPLPgml70zh4WA/xQv
nWXeuRZFTWeo/eO5LFE2d+7yIrfYr6z+n3KlzZxp9/a1JQSDyN1kzrItyFccTueE
DI91I4YxU3ZwCW01MZ1Vqv7055GS+2EpZeT6r6JK8JT8jySrd2aHOnjfYRh1YdfQ
/oEYRkQ=
-----END CERTIFICATE-----
Generated at Sat May 17 19:34:03 2025 by rpki-client