Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/4tEMpSNdCjMNX42BlPhN4I6Rifc.roa
File: 4tEMpSNdCjMNX42BlPhN4I6Rifc.roa (raw, json)
Hash identifier: AGB5IwTVQF1JHfmqbfxjwbbuHZluh8dY9Q9r+paSiU8=
Subject key identifier: E2:D1:0C:A5:23:5D:0A:33:0D:5F:8D:81:94:F8:4D:E0:8E:91:89:F7
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 55D9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4tEMpSNdCjMNX42BlPhN4I6Rifc.roa
Signing time: Mon 13 May 2024 01:24:06 +0000
ROA not before: Mon 13 May 2024 01:24:06 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21977 (0x55d9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 13 01:24:06 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E2D10CA5235D0A330D5F8D8194F84DE08E9189F7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:7d:26:3e:e1:79:57:4e:77:1b:0e:84:54:20:
c5:f7:f3:38:e5:a5:42:c9:9a:b7:5a:07:9b:ce:a2:
d4:1d:2d:bf:88:f4:59:88:15:37:de:e0:bf:09:72:
9d:77:d9:89:4b:96:25:79:45:5c:53:1f:85:42:f1:
c9:55:77:35:ca:b2:29:00:f1:5c:33:16:40:6b:13:
8a:87:05:68:94:f3:6a:b5:9c:67:c5:60:c8:39:fc:
8e:7d:4e:9e:99:75:0b:b8:fb:d5:b3:01:49:d3:71:
79:1e:7e:9c:94:03:8f:33:3a:08:5b:21:69:44:ca:
39:70:26:1d:cb:d4:6f:bf:25:37:eb:98:33:e1:f2:
9b:c5:b3:e8:95:e3:19:4f:19:15:26:29:b9:b9:b8:
d9:ad:32:93:38:96:e7:9e:57:05:45:c4:55:39:8a:
4a:38:64:95:12:7d:69:f7:81:4a:bb:0d:3d:e1:1f:
7e:94:3b:d9:51:fc:91:04:9d:12:f4:bd:da:ba:d8:
40:e1:ad:68:4e:8e:ac:0f:9f:9a:96:1a:d2:4c:92:
22:ea:00:0f:ec:f8:c2:3c:b5:2f:16:9b:84:df:11:
6e:67:9b:3f:83:2b:6d:d7:fa:45:28:11:39:7c:f5:
ec:bf:96:de:02:dc:b2:be:58:e2:6a:3f:43:3c:c9:
dc:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:D1:0C:A5:23:5D:0A:33:0D:5F:8D:81:94:F8:4D:E0:8E:91:89:F7
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4tEMpSNdCjMNX42BlPhN4I6Rifc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
69:12:56:c0:8a:42:21:02:5e:93:ee:52:f6:d3:b8:a6:d0:d3:
c1:e4:0c:8e:22:17:5e:b1:60:0e:4c:ff:2e:82:07:8f:c7:b1:
9e:38:f1:96:1e:3b:c3:a3:ed:eb:a8:86:0e:03:c5:2f:26:6b:
4e:c7:fa:b6:9e:19:2a:b4:ab:9b:a1:fc:a3:24:e9:a0:99:8c:
34:45:fa:34:9a:4a:3a:40:ff:9a:d7:b6:7a:f2:b7:e9:10:8c:
86:97:fd:2f:a4:09:00:34:51:5b:a9:28:c6:5c:49:a0:55:e2:
ff:ef:47:9f:91:23:26:2f:e9:1c:04:d2:d8:95:b9:b0:df:12:
2f:e8:3a:e0:74:99:13:f6:af:2e:0a:12:19:56:a6:aa:9a:4d:
4b:55:10:5e:7f:f3:e7:88:e8:41:02:66:0a:52:dc:37:e5:43:
45:3d:95:a2:fb:24:23:c8:b2:53:0c:61:cf:f1:7d:14:68:14:
49:f0:4c:4b:01:72:32:75:54:b5:4f:32:59:65:e7:5c:95:a4:
99:01:3e:1c:0d:1e:5a:6f:6a:04:0c:95:31:7b:fe:b9:f6:e0:
2a:ef:22:a1:a2:b7:b3:6e:5c:4c:5a:49:de:8c:27:ec:16:8c:
8c:5e:7c:ac:a6:66:5b:5b:fc:39:fb:ec:13:17:54:65:3f:d5:
b2:e5:bb:6e
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICVdkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTMw
MTI0MDZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEUyRDEwQ0E1MjM1RDBB
MzMwRDVGOEQ4MTk0Rjg0REUwOEU5MTg5RjcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC8fSY+4XlXTncbDoRUIMX38zjlpULJmrdaB5vOotQdLb+I9FmI
FTfe4L8Jcp132YlLliV5RVxTH4VC8clVdzXKsikA8VwzFkBrE4qHBWiU82q1nGfF
YMg5/I59Tp6ZdQu4+9WzAUnTcXkefpyUA48zOghbIWlEyjlwJh3L1G+/JTfrmDPh
8pvFs+iV4xlPGRUmKbm5uNmtMpM4lueeVwVFxFU5iko4ZJUSfWn3gUq7DT3hH36U
O9lR/JEEnRL0vdq62EDhrWhOjqwPn5qWGtJMkiLqAA/s+MI8tS8Wm4TfEW5nmz+D
K23X+kUoETl89ey/lt4C3LK+WOJqP0M8ydxdAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU4tEMpSNdCjMNX42BlPhN4I6RifcwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzR0RU1wU05kQ2pNTlg0
MkJsUGhONEk2UmlmYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAGkSVsCKQiECXpPu
UvbTuKbQ08HkDI4iF16xYA5M/y6CB4/HsZ448ZYeO8Oj7euohg4DxS8ma07H+rae
GSq0q5uh/KMk6aCZjDRF+jSaSjpA/5rXtnryt+kQjIaX/S+kCQA0UVupKMZcSaBV
4v/vR5+RIyYv6RwE0tiVubDfEi/oOuB0mRP2ry4KEhlWpqqaTUtVEF5/8+eI6EEC
ZgpS3DflQ0U9laL7JCPIslMMYc/xfRRoFEnwTEsBcjJ1VLVPMlll51yVpJkBPhwN
HlpvagQMlTF7/rn24CrvIqGit7NuXExaSd6MJ+wWjIxefKymZltb/Dn77BMXVGU/
1bLlu24=
-----END CERTIFICATE-----
Generated at Fri Jun 20 18:09:37 2025 by rpki-client