Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/2v8Jarxj3LNab98HYdnbh_E1_h8.roa
File: 2v8Jarxj3LNab98HYdnbh_E1_h8.roa (raw, json)
Hash identifier: 5rDpkEAsQr7dxZFWnE7oo9UvhJuxT3RjDAzssBZENaU=
Subject key identifier: DA:FF:09:6A:BC:63:DC:B3:5A:6F:DF:07:61:D9:DB:87:F1:35:FE:1F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 56F9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2v8Jarxj3LNab98HYdnbh_E1_h8.roa
Signing time: Tue 14 May 2024 13:24:09 +0000
ROA not before: Tue 14 May 2024 13:24:09 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22265 (0x56f9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 14 13:24:09 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=DAFF096ABC63DCB35A6FDF0761D9DB87F135FE1F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:1b:79:64:28:66:eb:67:41:6c:79:a0:d3:d8:
05:2b:90:a5:95:aa:1f:f7:05:c0:fe:c8:14:df:6b:
d9:79:d0:c5:1b:1e:ff:77:09:ac:1c:5d:e6:6f:89:
d2:34:30:cd:31:61:5f:f3:85:d5:fe:c7:1f:a3:9d:
0a:25:d7:de:ab:83:56:ac:91:4f:0f:ec:0f:89:c0:
18:86:cc:51:4d:98:a0:52:ad:7a:ff:f8:77:99:80:
58:83:2c:43:fb:8a:f4:a5:d2:bd:a8:26:e8:c7:9a:
0f:be:11:6a:e0:ee:fe:e4:b5:9e:c2:dc:6d:7f:01:
66:92:ed:77:c0:12:72:a4:28:67:b4:08:ab:55:14:
47:65:de:d5:01:1d:0c:0f:65:f7:7e:f8:fe:9b:a5:
77:fa:23:91:10:97:82:5e:8c:aa:64:17:30:34:7c:
f9:a4:48:d1:22:3d:19:45:ef:fa:31:54:08:64:1b:
50:34:fc:05:7f:6b:88:26:21:c3:a3:4a:dd:d9:2f:
b1:b8:ca:fa:dd:4a:25:8a:44:3b:d0:c6:a8:2b:50:
b4:bc:ca:f8:9b:13:a3:68:80:bb:b3:fe:16:ce:8c:
1d:fa:6c:54:2d:7b:6a:8e:6a:ac:f9:b6:d8:85:54:
1a:56:20:8a:3d:be:54:13:65:ae:d3:01:e0:8c:72:
71:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:FF:09:6A:BC:63:DC:B3:5A:6F:DF:07:61:D9:DB:87:F1:35:FE:1F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2v8Jarxj3LNab98HYdnbh_E1_h8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
b3:06:86:a4:03:c9:04:bf:66:9f:b2:09:d3:00:d9:c7:a4:51:
10:33:c9:3e:6e:12:d2:8e:07:46:35:8e:12:07:7d:69:62:60:
08:7b:c1:22:10:b3:db:fd:51:1f:8f:b8:7c:70:b1:8d:12:0e:
26:91:2b:0a:03:d1:ab:24:b2:b9:69:21:59:f1:91:59:11:2c:
b1:a8:a7:42:d0:d8:3c:19:1a:a4:5c:f3:7e:e8:ef:93:b6:3c:
6f:d4:8d:df:da:bb:dc:e9:99:d9:fe:64:20:8e:78:13:27:f6:
d8:68:2e:86:dc:f4:03:99:4e:56:c1:28:03:bd:37:d8:d6:9b:
85:8d:cd:8d:3a:ef:de:c1:21:90:5e:7f:55:b7:bd:fb:03:55:
e9:30:29:b9:f4:0d:95:d7:99:f3:ed:d9:37:dd:24:0e:b4:bf:
92:a4:a0:cf:91:e3:9a:e5:4a:47:47:da:3b:f9:a1:5e:b5:b4:
83:bb:d7:0d:ed:90:62:d5:47:4c:b2:be:fc:ed:f2:d9:61:f3:
85:17:a9:3f:c4:b6:b3:49:7e:34:f8:13:c5:4d:34:d5:7d:11:
4a:50:d3:c9:5b:bc:bf:0c:b5:fa:2d:ae:50:ca:c7:41:c2:8a:
66:6e:d3:a6:9c:ba:7a:cf:d4:c1:52:ce:c4:88:dd:bb:08:28:
18:94:7e:fe
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICVvkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTQx
MzI0MDlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKERBRkYwOTZBQkM2M0RD
QjM1QTZGREYwNzYxRDlEQjg3RjEzNUZFMUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC2G3lkKGbrZ0FseaDT2AUrkKWVqh/3BcD+yBTfa9l50MUbHv93
CawcXeZvidI0MM0xYV/zhdX+xx+jnQol196rg1askU8P7A+JwBiGzFFNmKBSrXr/
+HeZgFiDLEP7ivSl0r2oJujHmg++EWrg7v7ktZ7C3G1/AWaS7XfAEnKkKGe0CKtV
FEdl3tUBHQwPZfd++P6bpXf6I5EQl4JejKpkFzA0fPmkSNEiPRlF7/oxVAhkG1A0
/AV/a4gmIcOjSt3ZL7G4yvrdSiWKRDvQxqgrULS8yvibE6NogLuz/hbOjB36bFQt
e2qOaqz5ttiFVBpWIIo9vlQTZa7TAeCMcnEdAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU2v8Jarxj3LNab98HYdnbh/E1/h8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzJ2OEphcnhqM0xOYWI5
OEhZZG5iaF9FMV9oOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBALMGhqQDyQS/Zp+y
CdMA2cekURAzyT5uEtKOB0Y1jhIHfWliYAh7wSIQs9v9UR+PuHxwsY0SDiaRKwoD
0asksrlpIVnxkVkRLLGop0LQ2DwZGqRc837o75O2PG/Ujd/au9zpmdn+ZCCOeBMn
9thoLobc9AOZTlbBKAO9N9jWm4WNzY06797BIZBef1W3vfsDVekwKbn0DZXXmfPt
2TfdJA60v5KkoM+R45rlSkdH2jv5oV61tIO71w3tkGLVR0yyvvzt8tlh84UXqT/E
trNJfjT4E8VNNNV9EUpQ08lbvL8MtfotrlDKx0HCimZu06acunrP1MFSzsSI3bsI
KBiUfv4=
-----END CERTIFICATE-----
Generated at Sat Jun 21 21:43:23 2025 by rpki-client