Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/4xvf6tENvjJu9b4bwkEbbJqypRE.roa
File: 4xvf6tENvjJu9b4bwkEbbJqypRE.roa (raw, json)
Hash identifier: i7KBH52sXRVVPuGm/uAQ3txmz64hZ4tKaotl1+g+pI4=
Subject key identifier: E3:1B:DF:EA:D1:0D:BE:32:6E:F5:BE:1B:C2:41:1B:6C:9A:B2:A5:11
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 48AD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4xvf6tENvjJu9b4bwkEbbJqypRE.roa
Signing time: Thu 25 Apr 2024 11:53:40 +0000
ROA not before: Thu 25 Apr 2024 11:53:40 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18605 (0x48ad)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 25 11:53:40 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E31BDFEAD10DBE326EF5BE1BC2411B6C9AB2A511
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:a4:f5:68:24:2f:1d:4a:af:55:41:44:5e:cd:
b4:95:34:38:d9:75:4a:b2:f3:9d:42:a7:59:d0:03:
e0:c5:99:25:79:ae:f2:2f:9a:73:b4:9d:56:ec:91:
2d:e6:55:cd:f9:a7:24:78:c3:6c:0b:dd:6d:e6:db:
d9:d4:a5:a3:18:13:48:b9:bc:be:41:f5:66:73:11:
ae:90:73:eb:82:39:e2:f8:c2:41:0e:d5:de:bd:62:
07:9c:e4:bf:09:bd:d6:70:8e:c4:9e:80:8e:27:c8:
93:0c:44:4d:8c:8d:30:85:fb:0b:05:14:a1:bd:b2:
e8:b1:54:90:43:c8:59:78:b3:c2:f9:d0:c2:b0:d7:
93:cd:02:2b:41:95:5b:05:6b:68:22:6d:9b:a3:f3:
05:e8:38:75:88:ab:72:48:93:c0:32:0a:60:7f:d3:
45:c3:16:e5:de:82:03:73:24:7a:25:01:f2:3b:8b:
9a:b9:c5:ad:f5:e2:09:42:d8:bc:ff:bd:66:4d:f7:
b7:b7:47:0b:a1:b6:ab:4a:25:99:61:14:14:dc:ce:
d7:b9:99:7f:04:1f:6b:35:2f:ea:56:12:02:8c:97:
44:a6:1c:93:45:71:9d:0c:67:89:e6:88:b4:8c:14:
1a:1d:ca:85:4a:a3:66:5b:b2:82:06:32:b4:48:ea:
bc:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:1B:DF:EA:D1:0D:BE:32:6E:F5:BE:1B:C2:41:1B:6C:9A:B2:A5:11
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4xvf6tENvjJu9b4bwkEbbJqypRE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
70:0e:ae:e3:8a:eb:d7:b2:ea:6b:d0:3f:6f:98:53:de:73:24:
c2:f8:e7:6f:99:ba:bb:2b:d7:ec:8e:99:56:71:85:70:d4:36:
15:b3:f1:bf:c7:d2:c5:dd:f4:13:a0:0d:22:b5:d5:be:25:f0:
f9:30:8a:aa:c6:04:63:2e:9b:18:09:15:e9:ec:ff:4a:5d:26:
59:fd:ca:14:66:ba:c1:85:0e:bb:02:41:14:5a:e5:15:ef:d4:
4f:86:6b:fb:e1:79:53:9f:46:ad:20:51:ac:ad:a7:d0:86:cf:
46:53:37:f1:83:0c:9f:0e:83:94:09:de:91:a6:c0:de:7d:97:
74:95:49:78:3d:19:4d:a0:dd:21:60:f5:98:ab:e6:d1:05:e2:
33:e0:98:90:0f:42:3e:de:69:88:47:d4:32:b8:f8:43:ff:d6:
76:7b:57:7b:fc:8e:af:40:39:20:b4:3b:52:a8:70:c0:07:66:
1b:45:70:92:ac:26:5b:be:d3:d4:b4:59:34:a0:9d:0e:53:2f:
34:c0:c5:cb:54:95:b4:18:36:d0:de:02:20:67:c2:dc:79:b8:
2a:44:46:d1:cd:83:23:c9:08:39:e5:cb:0d:75:aa:78:9e:f3:
d4:85:85:a3:87:5b:2b:d5:5b:64:38:2f:e3:81:26:e5:2e:82:
86:26:37:cf
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICSK0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjUx
MTUzNDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEUzMUJERkVBRDEwREJF
MzI2RUY1QkUxQkMyNDExQjZDOUFCMkE1MTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDnpPVoJC8dSq9VQURezbSVNDjZdUqy851Cp1nQA+DFmSV5rvIv
mnO0nVbskS3mVc35pyR4w2wL3W3m29nUpaMYE0i5vL5B9WZzEa6Qc+uCOeL4wkEO
1d69Ygec5L8JvdZwjsSegI4nyJMMRE2MjTCF+wsFFKG9suixVJBDyFl4s8L50MKw
15PNAitBlVsFa2gibZuj8wXoOHWIq3JIk8AyCmB/00XDFuXeggNzJHolAfI7i5q5
xa314glC2Lz/vWZN97e3RwuhtqtKJZlhFBTczte5mX8EH2s1L+pWEgKMl0SmHJNF
cZ0MZ4nmiLSMFBodyoVKo2ZbsoIGMrRI6rwzAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU4xvf6tENvjJu9b4bwkEbbJqypREwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzR4dmY2dEVOdmpKdTli
NGJ3a0ViYkpxeXBSRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAHAOruOK69ey6mvQ
P2+YU95zJML452+Zursr1+yOmVZxhXDUNhWz8b/H0sXd9BOgDSK11b4l8PkwiqrG
BGMumxgJFens/0pdJln9yhRmusGFDrsCQRRa5RXv1E+Ga/vheVOfRq0gUaytp9CG
z0ZTN/GDDJ8Og5QJ3pGmwN59l3SVSXg9GU2g3SFg9Zir5tEF4jPgmJAPQj7eaYhH
1DK4+EP/1nZ7V3v8jq9AOSC0O1KocMAHZhtFcJKsJlu+09S0WTSgnQ5TLzTAxctU
lbQYNtDeAiBnwtx5uCpERtHNgyPJCDnlyw11qnie89SFhaOHWyvVW2Q4L+OBJuUu
goYmN88=
-----END CERTIFICATE-----
Generated at Tue Jun 17 13:58:39 2025 by rpki-client