Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/53liYboMG9KPbF1Qd7wM5C__8lQ.roa
File: 53liYboMG9KPbF1Qd7wM5C__8lQ.roa (raw, json)
Hash identifier: 7oRs8a1HcKVHGlVLCg3+hh0EV42cnXODIzQDQQQVm+g=
Subject key identifier: E7:79:62:61:BA:0C:1B:D2:8F:6C:5D:50:77:BC:0C:E4:2F:FF:F2:54
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4451
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/53liYboMG9KPbF1Qd7wM5C__8lQ.roa
Signing time: Fri 19 Apr 2024 16:23:01 +0000
ROA not before: Fri 19 Apr 2024 16:23:01 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17489 (0x4451)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 19 16:23:01 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E7796261BA0C1BD28F6C5D5077BC0CE42FFFF254
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:20:47:e3:77:e5:9a:ca:5e:40:fb:87:f7:58:
ae:a2:ae:9e:92:a5:63:dc:e7:69:e7:0b:5f:15:fc:
e5:9e:ff:7c:97:1f:17:74:89:77:91:3b:6a:e5:fc:
bc:18:d6:9b:95:56:eb:93:90:3c:b2:78:50:c3:1f:
8f:e0:11:b8:53:37:68:c8:38:ec:33:de:52:3d:07:
2e:f2:cb:fd:ee:62:ba:66:47:b0:c4:87:37:5d:61:
68:07:55:a9:25:8f:a6:61:5e:ae:44:32:5f:5f:d7:
8f:50:91:e0:c1:67:7f:e0:19:70:02:53:10:a9:fb:
4a:6e:d1:f7:26:e7:41:4d:81:8d:81:cc:de:66:68:
09:ce:ea:fd:b4:15:7a:cc:b4:f3:d2:59:9b:1f:a7:
3b:2b:b5:1c:7a:5d:45:a7:e3:9e:d6:da:d0:21:a4:
0c:4d:df:8d:c5:dc:97:8a:3f:97:ac:be:bd:a7:59:
5d:58:8c:ac:23:65:a3:d2:5f:9d:a0:c0:9e:60:e7:
e1:28:58:10:62:aa:10:e6:fd:c7:83:a4:65:8d:84:
36:1a:2c:1e:fe:01:77:37:36:7b:0f:c5:4e:9a:68:
5b:eb:1b:09:a5:b7:37:5f:7f:26:3a:a5:92:18:cf:
d0:a5:d4:b8:ac:34:b1:79:8d:2d:f3:a3:a3:bb:81:
e8:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E7:79:62:61:BA:0C:1B:D2:8F:6C:5D:50:77:BC:0C:E4:2F:FF:F2:54
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/53liYboMG9KPbF1Qd7wM5C__8lQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
43:00:31:f3:1c:3a:82:fe:00:d0:1c:6c:95:65:72:98:56:34:
ef:af:bb:92:12:36:0c:bf:aa:52:2f:f3:51:d6:38:a6:1f:10:
c0:e9:8f:4f:6d:d2:1d:85:91:56:8e:03:ed:1b:d7:d1:7a:22:
09:c1:86:4b:9a:c1:25:e6:54:2a:96:9a:d2:fa:9b:d5:89:fa:
52:8d:aa:80:dd:e3:03:4c:09:30:ef:b7:69:a3:43:e9:ab:31:
f3:72:6a:28:22:ea:f9:fd:20:0f:c7:9a:f6:03:4d:12:57:a1:
87:cf:35:0d:14:ac:b2:b5:92:8f:f0:dd:7e:95:ab:1f:d4:04:
7d:89:1f:a6:20:08:bf:22:b8:5e:23:9e:bc:aa:f9:34:9d:bf:
af:33:36:d6:aa:9b:b4:af:d6:6f:52:9b:0e:53:20:56:21:72:
40:54:f4:0c:05:a4:81:59:8a:de:5a:b7:da:75:08:95:59:c4:
55:5d:41:c3:91:2f:bf:3f:0e:d3:85:72:9f:46:d5:82:14:22:
e3:5a:4f:43:b3:99:f1:e0:2a:56:0f:86:49:31:df:ce:4e:af:
77:cb:d5:a2:db:55:29:6b:7f:c4:e6:c0:e3:34:e8:f4:99:49:
21:62:55:b9:e7:ab:87:ec:e9:c8:b3:98:a2:ed:c4:dd:ba:c4:
1c:fc:34:dd
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICRFEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTkx
NjIzMDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEU3Nzk2MjYxQkEwQzFC
RDI4RjZDNUQ1MDc3QkMwQ0U0MkZGRkYyNTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDjIEfjd+Wayl5A+4f3WK6irp6SpWPc52nnC18V/OWe/3yXHxd0
iXeRO2rl/LwY1puVVuuTkDyyeFDDH4/gEbhTN2jIOOwz3lI9By7yy/3uYrpmR7DE
hzddYWgHVaklj6ZhXq5EMl9f149QkeDBZ3/gGXACUxCp+0pu0fcm50FNgY2BzN5m
aAnO6v20FXrMtPPSWZsfpzsrtRx6XUWn457W2tAhpAxN343F3JeKP5esvr2nWV1Y
jKwjZaPSX52gwJ5g5+EoWBBiqhDm/ceDpGWNhDYaLB7+AXc3NnsPxU6aaFvrGwml
tzdffyY6pZIYz9Cl1LisNLF5jS3zo6O7gejDAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU53liYboMG9KPbF1Qd7wM5C//8lQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzUzbGlZYm9NRzlLUGJG
MVFkN3dNNUNfXzhsUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAEMAMfMcOoL+ANAc
bJVlcphWNO+vu5ISNgy/qlIv81HWOKYfEMDpj09t0h2FkVaOA+0b19F6IgnBhkua
wSXmVCqWmtL6m9WJ+lKNqoDd4wNMCTDvt2mjQ+mrMfNyaigi6vn9IA/HmvYDTRJX
oYfPNQ0UrLK1ko/w3X6Vqx/UBH2JH6YgCL8iuF4jnryq+TSdv68zNtaqm7Sv1m9S
mw5TIFYhckBU9AwFpIFZit5at9p1CJVZxFVdQcORL78/DtOFcp9G1YIUIuNaT0Oz
mfHgKlYPhkkx385Or3fL1aLbVSlrf8TmwOM06PSZSSFiVbnnq4fs6cizmKLtxN26
xBz8NN0=
-----END CERTIFICATE-----
Generated at Sun Jun 22 11:05:16 2025 by rpki-client