Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/1xugkMTnavytJn6QGOPrV4Snsh0.roa
File: 1xugkMTnavytJn6QGOPrV4Snsh0.roa (raw, json)
Hash identifier: QJnecHnh+r97qmfd0X8Rv2zsK4KjQzQ5WxoMMouU01A=
Subject key identifier: D7:1B:A0:90:C4:E7:6A:FC:AD:26:7E:90:18:E3:EB:57:84:A7:B2:1D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4169
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1xugkMTnavytJn6QGOPrV4Snsh0.roa
Signing time: Mon 15 Apr 2024 19:22:53 +0000
ROA not before: Mon 15 Apr 2024 19:22:53 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16745 (0x4169)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 15 19:22:53 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D71BA090C4E76AFCAD267E9018E3EB5784A7B21D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:72:a7:ce:be:53:22:34:89:96:7a:83:c6:61:
d1:f4:97:1b:6a:c4:09:02:c2:4f:5f:4e:83:10:09:
82:36:fe:ea:04:a4:4a:7b:1e:55:4b:c7:8a:54:31:
84:17:35:99:45:c5:8d:8f:31:94:be:16:f9:1a:1d:
fa:6d:a5:d0:6a:e5:2d:ed:b0:48:e4:b9:7a:49:1e:
8f:4c:39:3e:b3:95:a3:b1:eb:a8:42:93:2a:fc:87:
2b:a8:dc:4d:a8:8c:b4:cf:0c:25:2c:ab:22:ef:e1:
42:34:64:52:0b:00:b6:33:4e:3c:6a:0f:a8:fc:bc:
7e:f5:1b:ee:84:01:26:58:9e:76:b1:b4:9e:cc:36:
f5:ee:dc:69:78:5a:22:9f:d4:75:af:9b:ac:82:dd:
86:b1:8b:35:45:25:58:9b:ad:53:0b:05:4a:1a:a5:
6a:9b:46:74:bf:82:53:92:37:87:d4:28:0a:34:6a:
19:7d:7e:b9:0d:b5:6b:42:39:30:99:84:49:a2:e4:
2f:13:7d:f4:fa:0b:55:22:59:60:8d:be:e3:19:ec:
74:46:44:f7:7f:bf:7d:95:a8:86:af:6d:91:4d:92:
11:0f:18:67:ce:40:fa:ba:b5:5a:96:24:0d:88:9d:
1f:f7:a0:ae:cd:98:c0:81:4f:f3:1a:79:0a:28:60:
e0:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:1B:A0:90:C4:E7:6A:FC:AD:26:7E:90:18:E3:EB:57:84:A7:B2:1D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/1xugkMTnavytJn6QGOPrV4Snsh0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
a7:69:71:97:51:c4:15:e3:03:d8:5f:48:54:f9:6e:d1:21:ca:
ec:e6:75:db:22:61:69:ee:97:e0:81:70:72:3e:3b:a2:03:c4:
ce:27:8f:98:80:c3:13:9f:10:51:3c:d1:1e:47:27:bb:cc:84:
5f:4c:21:d5:06:4c:c1:dd:d0:8d:6b:7f:f6:86:59:9e:be:bc:
ac:83:3b:3d:4b:61:2d:08:3a:a4:f1:62:2a:d1:10:b9:0e:34:
b0:bb:e1:20:0e:60:59:59:88:13:67:44:69:e2:8f:44:08:07:
9c:4e:1b:08:e3:45:1d:25:69:0c:12:a1:0b:9c:36:d5:12:ba:
e1:5c:3f:67:9e:9e:33:8e:b8:8b:4f:0c:23:d7:17:e3:72:ac:
b3:a7:c0:3f:c9:80:de:46:ba:1b:d7:6a:60:98:e8:16:d0:60:
d0:88:4d:f2:e6:03:c6:7d:a2:41:9e:00:95:ef:42:fb:1c:b5:
e3:1a:fa:2a:70:92:82:57:4a:31:b6:0d:1e:79:37:d7:28:2f:
3a:1d:d0:07:f7:b2:3f:7b:f2:f1:d1:93:ab:57:bb:33:b2:74:
31:4a:ce:1b:2a:89:4e:c7:81:57:c5:16:81:a4:f8:90:14:90:
c6:e6:bc:3e:19:f0:ee:2b:09:84:5b:76:ad:04:f6:3b:04:99:
9b:fc:78:10
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQWkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTUx
OTIyNTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQ3MUJBMDkwQzRFNzZB
RkNBRDI2N0U5MDE4RTNFQjU3ODRBN0IyMUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCkcqfOvlMiNImWeoPGYdH0lxtqxAkCwk9fToMQCYI2/uoEpEp7
HlVLx4pUMYQXNZlFxY2PMZS+FvkaHfptpdBq5S3tsEjkuXpJHo9MOT6zlaOx66hC
kyr8hyuo3E2ojLTPDCUsqyLv4UI0ZFILALYzTjxqD6j8vH71G+6EASZYnnaxtJ7M
NvXu3Gl4WiKf1HWvm6yC3YaxizVFJVibrVMLBUoapWqbRnS/glOSN4fUKAo0ahl9
frkNtWtCOTCZhEmi5C8TffT6C1UiWWCNvuMZ7HRGRPd/v32VqIavbZFNkhEPGGfO
QPq6tVqWJA2InR/3oK7NmMCBT/MaeQooYOA3AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU1xugkMTnavytJn6QGOPrV4Snsh0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzF4dWdrTVRuYXZ5dEpu
NlFHT1ByVjRTbnNoMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAKdpcZdRxBXjA9hf
SFT5btEhyuzmddsiYWnul+CBcHI+O6IDxM4nj5iAwxOfEFE80R5HJ7vMhF9MIdUG
TMHd0I1rf/aGWZ6+vKyDOz1LYS0IOqTxYirRELkONLC74SAOYFlZiBNnRGnij0QI
B5xOGwjjRR0laQwSoQucNtUSuuFcP2eenjOOuItPDCPXF+NyrLOnwD/JgN5GuhvX
amCY6BbQYNCITfLmA8Z9okGeAJXvQvscteMa+ipwkoJXSjG2DR55N9coLzod0Af3
sj978vHRk6tXuzOydDFKzhsqiU7HgVfFFoGk+JAUkMbmvD4Z8O4rCYRbdq0E9jsE
mZv8eBA=
-----END CERTIFICATE-----
Generated at Sun Jun 22 23:58:03 2025 by rpki-client