Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/2d0oB9TlxiYN83q6jksImjjCWs0.roa
File: 2d0oB9TlxiYN83q6jksImjjCWs0.roa (raw, json)
Hash identifier: bP3KgxXMbQZszrNaf2wKeYXK/5N8kyT9I0D20L8qcoo=
Subject key identifier: D9:DD:28:07:D4:E5:C6:26:0D:F3:7A:BA:8E:4B:08:9A:38:C2:5A:CD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 53A5
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2d0oB9TlxiYN83q6jksImjjCWs0.roa
Signing time: Fri 10 May 2024 02:54:27 +0000
ROA not before: Fri 10 May 2024 02:54:27 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21413 (0x53a5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 10 02:54:27 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=D9DD2807D4E5C6260DF37ABA8E4B089A38C25ACD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f1:d4:98:6d:ba:a6:08:f8:a9:7f:dd:ff:54:92:
ce:c0:b2:69:6f:a7:f4:b5:36:24:83:17:bb:cb:85:
7f:5c:80:6a:d7:ff:f9:8f:80:2a:41:3a:2d:9f:f9:
5d:6b:68:28:06:d8:e9:fa:14:8f:46:55:f3:0a:a6:
72:aa:9d:e7:a4:ca:1b:c6:89:9c:6a:96:06:2a:22:
96:b6:0e:4f:78:61:f4:ff:4d:20:17:0c:a7:2e:22:
a5:bc:1a:da:60:ab:1a:20:b1:6b:43:80:c9:09:7a:
60:ef:a7:b9:3c:0e:b6:1a:43:49:ac:30:f6:60:2a:
63:4d:3e:fe:08:a4:33:4e:c5:f1:99:97:41:14:6d:
9b:15:b2:3c:09:67:5a:95:7e:bb:1e:62:04:86:15:
ee:27:8d:e3:c9:a6:a6:41:5d:f1:a9:67:8b:a1:70:
4a:e8:b1:f7:64:ae:db:79:11:be:52:de:8b:cc:5d:
f7:65:1c:4b:b5:04:37:0a:15:5f:19:89:d6:e6:fc:
02:95:d3:f7:2f:22:74:4c:82:8b:e8:d9:6c:b6:bb:
14:bf:32:a6:b7:1f:6b:2d:73:f7:23:b8:30:25:8d:
db:cd:c8:b8:4c:15:4a:22:42:bc:8d:b7:da:75:ca:
24:72:64:6b:88:0c:2d:23:4c:46:41:84:45:9d:05:
3b:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:DD:28:07:D4:E5:C6:26:0D:F3:7A:BA:8E:4B:08:9A:38:C2:5A:CD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2d0oB9TlxiYN83q6jksImjjCWs0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
b2:04:62:f1:7f:f1:d6:83:5b:65:2d:a1:09:64:e1:5b:97:21:
a8:dd:34:e7:a1:78:a9:56:35:32:cd:c9:9d:87:5c:dc:b1:d2:
21:2e:74:5c:f4:15:20:4d:2f:58:4c:96:cc:e4:2e:94:37:59:
1e:23:69:61:ed:c9:b8:99:bb:e7:7b:93:42:0f:bd:20:21:d5:
90:30:f5:81:1a:6d:f1:ed:22:3b:df:12:6e:a0:68:a6:ac:24:
b5:fb:9d:46:0d:fe:c7:fb:c1:75:4e:d7:41:8e:93:2b:34:54:
03:c0:d3:71:8d:8c:f7:09:35:0b:ec:fa:d3:2f:60:0e:f5:57:
78:4d:cf:68:8c:de:81:53:d6:fc:fd:0e:25:a5:51:97:9b:ba:
7a:06:05:26:f1:a8:55:84:55:13:b4:d5:60:fe:df:c3:b6:0b:
d1:49:6f:cf:c5:b0:b3:04:d3:15:ed:57:0f:47:df:28:1f:84:
af:7c:e3:53:35:7c:42:a9:fa:6c:65:5f:14:40:02:ae:a7:ca:
4c:31:dd:3b:15:1f:74:c3:c1:31:8d:47:d8:d5:39:32:8c:6f:
2c:8f:50:d0:ed:07:91:16:d6:bf:a1:82:be:0f:70:69:9a:e7:
fa:a1:9f:84:06:14:04:d1:bb:5d:f8:e2:75:ff:f8:7e:c2:4f:
62:39:a9:f9
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICU6UwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTAw
MjU0MjdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEQ5REQyODA3RDRFNUM2
MjYwREYzN0FCQThFNEIwODlBMzhDMjVBQ0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDx1JhtuqYI+Kl/3f9Uks7Asmlvp/S1NiSDF7vLhX9cgGrX//mP
gCpBOi2f+V1raCgG2On6FI9GVfMKpnKqneekyhvGiZxqlgYqIpa2Dk94YfT/TSAX
DKcuIqW8GtpgqxogsWtDgMkJemDvp7k8DrYaQ0msMPZgKmNNPv4IpDNOxfGZl0EU
bZsVsjwJZ1qVfrseYgSGFe4njePJpqZBXfGpZ4uhcErosfdkrtt5Eb5S3ovMXfdl
HEu1BDcKFV8Zidbm/AKV0/cvInRMgovo2Wy2uxS/Mqa3H2stc/cjuDAljdvNyLhM
FUoiQryNt9p1yiRyZGuIDC0jTEZBhEWdBTtfAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU2d0oB9TlxiYN83q6jksImjjCWs0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzJkMG9COVRseGlZTjgz
cTZqa3NJbWpqQ1dzMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBALIEYvF/8daDW2Ut
oQlk4VuXIajdNOeheKlWNTLNyZ2HXNyx0iEudFz0FSBNL1hMlszkLpQ3WR4jaWHt
ybiZu+d7k0IPvSAh1ZAw9YEabfHtIjvfEm6gaKasJLX7nUYN/sf7wXVO10GOkys0
VAPA03GNjPcJNQvs+tMvYA71V3hNz2iM3oFT1vz9DiWlUZebunoGBSbxqFWEVRO0
1WD+38O2C9FJb8/FsLME0xXtVw9H3ygfhK9841M1fEKp+mxlXxRAAq6nykwx3TsV
H3TDwTGNR9jVOTKMbyyPUNDtB5EW1r+hgr4PcGma5/qhn4QGFATRu1344nX/+H7C
T2I5qfk=
-----END CERTIFICATE-----
Generated at Sun Jun 22 08:19:42 2025 by rpki-client