Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/36nF7UcS_1VA0amnqph3kC-KEfM.roa
File: 36nF7UcS_1VA0amnqph3kC-KEfM.roa (raw, json)
Hash identifier: JUVQe7q2qppvEtvhD/OLbGeOK35QQtLTCYRlwUcGRt8=
Subject key identifier: DF:A9:C5:ED:47:12:FF:55:40:D1:A9:A7:AA:98:77:90:2F:8A:11:F3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 40E5
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/36nF7UcS_1VA0amnqph3kC-KEfM.roa
Signing time: Mon 15 Apr 2024 02:52:53 +0000
ROA not before: Mon 15 Apr 2024 02:52:53 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16613 (0x40e5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 15 02:52:53 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=DFA9C5ED4712FF5540D1A9A7AA9877902F8A11F3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:47:e7:47:f9:c8:08:19:7d:34:bd:14:bc:08:
8f:3b:96:25:ea:6d:1f:a5:f6:1d:fa:51:68:9c:c9:
aa:8b:7f:8a:13:df:84:56:c3:bc:a4:d5:ca:38:ef:
9f:95:2b:92:71:cd:d4:99:ef:4d:e0:d6:dd:41:68:
ff:a4:9a:4d:b4:be:5f:cb:6b:22:8e:d8:9b:dd:6b:
bf:e3:d6:98:f4:39:49:1b:90:7c:eb:ee:9a:77:96:
30:c0:58:d8:88:32:22:8b:e3:9d:63:1a:ee:d6:b0:
36:4c:03:9d:a8:36:58:84:66:44:b1:f8:50:2e:a9:
61:86:16:6d:89:11:d6:ad:f2:22:a5:ef:b7:7e:e1:
84:e4:48:62:e0:12:ee:8c:10:94:54:64:c9:b9:3f:
5e:25:6d:9c:d5:46:24:04:1f:98:ef:36:b5:3f:56:
5b:fb:b8:68:42:f0:b0:0d:8b:bd:e3:89:f6:f3:91:
c4:26:84:8f:42:d7:86:8e:8e:cd:5a:39:35:de:e0:
8a:9b:ab:c1:ea:f6:ef:5a:02:8e:3b:cf:3d:72:dc:
3e:05:13:c4:c0:19:e5:82:0b:7a:3a:2f:14:ea:5b:
38:32:22:e6:d6:0f:91:85:b3:2c:22:e7:84:7a:d5:
94:66:9e:af:31:3d:62:1a:06:d3:36:a4:33:e6:6d:
76:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:A9:C5:ED:47:12:FF:55:40:D1:A9:A7:AA:98:77:90:2F:8A:11:F3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/36nF7UcS_1VA0amnqph3kC-KEfM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
b3:70:30:fb:39:f6:da:d3:25:db:b8:c1:92:dd:06:f0:82:1b:
a7:bd:86:cb:ba:4d:59:47:ab:1a:65:fb:ae:53:01:c4:bf:c8:
9f:16:ef:3f:56:21:ef:43:51:6f:1b:d7:50:43:4d:01:59:71:
db:7f:80:ed:2f:a7:89:5b:04:36:81:01:f3:dc:27:bd:6e:d0:
ec:3b:10:96:d7:5c:b1:fa:5f:3c:b6:b6:3d:b5:d7:da:14:53:
6a:dc:e0:50:c3:c6:29:67:38:70:fb:65:4c:c8:c2:b8:95:be:
c3:58:fd:2a:e4:a6:64:92:fe:e6:43:80:b9:9d:9f:57:53:39:
b3:87:7d:d1:e8:52:c2:22:a2:c1:d1:7e:a4:c6:e4:97:82:50:
fd:11:1d:19:60:68:3a:b2:31:64:ae:a3:b3:46:69:28:d4:9d:
2b:24:3a:93:ba:e3:8c:27:6b:28:67:17:0e:84:4d:03:8b:f6:
cc:24:c8:27:5f:9a:a0:64:79:06:c1:f1:c4:7c:d8:63:ce:de:
ac:42:ce:d3:6e:d7:45:6f:2a:c8:03:f6:c5:68:76:3e:f7:b7:
9b:ab:d4:54:58:13:ee:b4:d1:8b:c9:e4:c4:23:d7:6d:61:a9:
29:75:23:29:65:35:a5:7c:cd:48:b7:f4:21:72:eb:24:67:df:
22:dc:6e:50
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQOUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTUw
MjUyNTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKERGQTlDNUVENDcxMkZG
NTU0MEQxQTlBN0FBOTg3NzkwMkY4QTExRjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQChR+dH+cgIGX00vRS8CI87liXqbR+l9h36UWicyaqLf4oT34RW
w7yk1co475+VK5JxzdSZ703g1t1BaP+kmk20vl/LayKO2Jvda7/j1pj0OUkbkHzr
7pp3ljDAWNiIMiKL451jGu7WsDZMA52oNliEZkSx+FAuqWGGFm2JEdat8iKl77d+
4YTkSGLgEu6MEJRUZMm5P14lbZzVRiQEH5jvNrU/Vlv7uGhC8LANi73jifbzkcQm
hI9C14aOjs1aOTXe4Iqbq8Hq9u9aAo47zz1y3D4FE8TAGeWCC3o6LxTqWzgyIubW
D5GFsywi54R61ZRmnq8xPWIaBtM2pDPmbXb5AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU36nF7UcS/1VA0amnqph3kC+KEfMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzM2bkY3VWNTXzFWQTBh
bW5xcGgza0MtS0VmTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBALNwMPs59trTJdu4
wZLdBvCCG6e9hsu6TVlHqxpl+65TAcS/yJ8W7z9WIe9DUW8b11BDTQFZcdt/gO0v
p4lbBDaBAfPcJ71u0Ow7EJbXXLH6Xzy2tj2119oUU2rc4FDDxilnOHD7ZUzIwriV
vsNY/SrkpmSS/uZDgLmdn1dTObOHfdHoUsIiosHRfqTG5JeCUP0RHRlgaDqyMWSu
o7NGaSjUnSskOpO644wnayhnFw6ETQOL9swkyCdfmqBkeQbB8cR82GPO3qxCztNu
10VvKsgD9sVodj73t5ur1FRYE+600YvJ5MQj121hqSl1IyllNaV8zUi39CFy6yRn
3yLcblA=
-----END CERTIFICATE-----
Generated at Fri Jun 20 21:30:03 2025 by rpki-client