Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/0PvIgFik6jh1Ajj9muO7UxaWMHE.roa
File: 0PvIgFik6jh1Ajj9muO7UxaWMHE.roa (raw, json)
Hash identifier: FovY94ZUo7Rw/LVeuK9NoKpXGMscj3IfM+a/j1DJh8Q=
Subject key identifier: D0:FB:C8:80:58:A4:EA:38:75:02:38:FD:9A:E3:BB:53:16:96:30:71
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 37AD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0PvIgFik6jh1Ajj9muO7UxaWMHE.roa
Signing time: Tue 02 Apr 2024 19:52:18 +0000
ROA not before: Tue 02 Apr 2024 19:52:18 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14253 (0x37ad)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 2 19:52:18 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D0FBC88058A4EA38750238FD9AE3BB5316963071
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:d4:dc:c6:4d:65:56:d4:c8:80:ea:30:31:43:
10:e5:2b:f0:83:df:4d:83:26:65:71:ab:fe:d1:ba:
50:bc:ff:b4:a3:b9:07:ea:4a:d5:0d:08:79:ba:9e:
c6:a0:13:79:fe:e8:ad:73:4b:e4:e5:6a:3b:82:82:
78:91:b1:6e:14:22:26:c6:11:10:66:95:c8:57:0c:
0a:79:24:8d:a8:09:76:50:b5:83:fe:35:b2:80:71:
2c:5f:9c:fe:69:07:7d:84:c7:80:48:1f:5a:d3:45:
e2:44:0f:b7:05:96:f5:c1:b4:f5:e2:34:f8:e6:1e:
f2:94:0b:27:84:04:72:49:55:b9:81:b6:99:cb:e5:
78:cc:51:0e:08:33:81:ce:68:18:a1:74:92:3a:9e:
18:80:1f:8c:6c:a8:9f:69:09:15:3b:f9:5b:e2:df:
eb:ac:a9:b1:8b:dd:5a:57:86:54:46:6a:cb:65:b8:
98:15:ac:ab:42:28:97:17:8d:b9:de:60:ae:97:8f:
f5:d7:cd:9f:c3:f4:0a:8d:09:3d:69:2b:58:7c:79:
35:44:d5:68:58:eb:39:a7:32:6e:69:4f:53:ba:03:
8a:f9:61:94:d0:77:fa:9d:e5:98:ec:af:5b:34:3f:
f6:3c:89:f0:8c:f1:06:84:b6:db:1b:d3:b6:a9:cc:
93:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:FB:C8:80:58:A4:EA:38:75:02:38:FD:9A:E3:BB:53:16:96:30:71
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0PvIgFik6jh1Ajj9muO7UxaWMHE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
48:3a:4b:e5:78:db:95:04:e9:c1:b0:9a:12:1f:a2:62:bd:9b:
27:16:37:6f:92:08:2c:b7:fc:6c:11:b2:a3:31:7e:6d:1d:fe:
82:81:52:98:82:a9:3e:43:e8:0f:1a:c9:1a:40:c5:f6:f1:da:
d8:ba:d0:6b:55:62:e9:5b:7d:0e:8e:a7:e0:1a:86:26:a1:04:
69:6c:10:79:e8:46:93:f9:f5:da:42:4d:9c:65:7b:04:9e:e9:
52:42:a2:94:23:65:00:fe:e8:a7:1a:38:ae:98:30:ba:8d:c8:
28:e8:e0:ae:84:60:bc:7e:41:a3:5c:57:1b:5a:4e:25:dd:f9:
64:48:cf:af:e8:a7:75:63:e4:2d:5a:8c:2a:46:cb:e4:31:d9:
41:1e:8c:95:7c:52:67:d4:9c:7e:60:8d:52:0d:62:9c:32:3b:
78:73:14:2e:82:d3:6e:28:7b:ff:d1:5c:d1:29:60:9e:dd:02:
3e:6c:21:f7:e1:ad:01:b1:99:55:e7:de:9c:d8:cb:f9:3e:14:
dd:5c:ec:5f:9d:b2:a9:36:6c:7b:a1:75:cd:0b:54:11:84:24:
65:ff:15:b1:57:9d:8c:91:7b:ff:20:ed:73:1c:cb:d8:1c:eb:
fa:85:44:7e:e9:e0:7a:f8:ea:0f:b8:00:fb:30:c9:ab:5a:08:
7f:52:ad:a9
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICN60wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDIx
OTUyMThaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQwRkJDODgwNThBNEVB
Mzg3NTAyMzhGRDlBRTNCQjUzMTY5NjMwNzEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCr1NzGTWVW1MiA6jAxQxDlK/CD302DJmVxq/7RulC8/7SjuQfq
StUNCHm6nsagE3n+6K1zS+TlajuCgniRsW4UIibGERBmlchXDAp5JI2oCXZQtYP+
NbKAcSxfnP5pB32Ex4BIH1rTReJED7cFlvXBtPXiNPjmHvKUCyeEBHJJVbmBtpnL
5XjMUQ4IM4HOaBihdJI6nhiAH4xsqJ9pCRU7+Vvi3+usqbGL3VpXhlRGastluJgV
rKtCKJcXjbneYK6Xj/XXzZ/D9AqNCT1pK1h8eTVE1WhY6zmnMm5pT1O6A4r5YZTQ
d/qd5Zjsr1s0P/Y8ifCM8QaEttsb07apzJNNAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU0PvIgFik6jh1Ajj9muO7UxaWMHEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzBQdklnRmlrNmpoMUFq
ajltdU83VXhhV01IRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAEg6S+V425UE6cGw
mhIfomK9mycWN2+SCCy3/GwRsqMxfm0d/oKBUpiCqT5D6A8ayRpAxfbx2ti60GtV
YulbfQ6Op+AahiahBGlsEHnoRpP59dpCTZxlewSe6VJCopQjZQD+6KcaOK6YMLqN
yCjo4K6EYLx+QaNcVxtaTiXd+WRIz6/op3Vj5C1ajCpGy+Qx2UEejJV8UmfUnH5g
jVINYpwyO3hzFC6C024oe//RXNEpYJ7dAj5sIffhrQGxmVXn3pzYy/k+FN1c7F+d
sqk2bHuhdc0LVBGEJGX/FbFXnYyRe/8g7XMcy9gc6/qFRH7p4Hr46g+4APswyata
CH9Srak=
-----END CERTIFICATE-----
Generated at Sat Jun 21 22:47:44 2025 by rpki-client