Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/5lOFtn9y9riRblJwqoWT6sJbgZo.roa
File: 5lOFtn9y9riRblJwqoWT6sJbgZo.roa (raw, json)
Hash identifier: jLVAT+F6QarPwck9kgubZZCpvdZAucq9II19BbLAPjo=
Subject key identifier: E6:53:85:B6:7F:72:F6:B8:91:6E:52:70:AA:85:93:EA:C2:5B:81:9A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 402D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/5lOFtn9y9riRblJwqoWT6sJbgZo.roa
Signing time: Sun 14 Apr 2024 03:52:55 +0000
ROA not before: Sun 14 Apr 2024 03:52:55 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16429 (0x402d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 14 03:52:55 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=E65385B67F72F6B8916E5270AA8593EAC25B819A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:48:81:1c:05:c1:79:53:53:df:24:44:ea:e1:
6d:ac:68:12:80:f6:1e:a3:3c:2a:71:3b:e3:19:21:
37:5f:12:54:1a:7d:f5:b8:8d:2e:e8:e3:50:28:08:
6e:cb:d1:dc:a2:67:fe:4d:12:f6:c9:fa:2f:06:26:
cd:87:f6:fb:a0:6e:50:38:26:3e:fa:78:31:15:a9:
5e:15:ba:55:18:5c:98:4a:5d:a2:0e:c4:19:e3:30:
79:fa:39:42:86:5e:56:ab:f1:d3:23:17:ff:37:e2:
fa:6d:71:af:26:43:3a:5b:be:f0:eb:1e:70:55:dc:
82:0e:2b:78:61:03:b6:95:ee:15:10:2c:40:a8:ac:
c8:32:6f:48:ca:5b:35:c0:67:ce:ed:51:47:e9:cb:
62:ca:4f:62:62:0d:ec:ca:be:32:b6:9c:71:79:72:
7b:07:e6:f2:79:9e:1a:91:fd:c9:f0:17:31:4b:95:
53:57:70:a9:52:0c:00:2e:40:51:7e:51:ec:a0:d2:
87:00:57:61:85:95:ae:4d:f4:54:4b:3c:da:0f:4b:
6b:cf:6f:d8:53:93:c5:ab:32:84:3a:8c:4c:ce:d2:
15:03:56:23:49:b2:00:47:a3:0d:4f:24:bc:e8:a1:
80:f2:a9:f8:75:50:ba:d7:75:fc:be:18:97:fb:05:
bf:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:53:85:B6:7F:72:F6:B8:91:6E:52:70:AA:85:93:EA:C2:5B:81:9A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/5lOFtn9y9riRblJwqoWT6sJbgZo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
79:f6:f3:3a:70:11:9f:fc:15:60:a4:53:f0:af:5c:f1:3f:7d:
93:bd:aa:61:58:68:46:40:58:5c:81:ab:03:31:ac:5b:a2:d1:
36:e3:a9:5b:21:70:a5:5a:a6:11:36:93:72:41:33:e0:4f:f4:
3f:55:6d:55:b0:86:66:dc:cd:12:95:3d:38:07:80:29:a4:c1:
bd:bf:d8:0d:b5:78:e0:8a:18:87:b1:c6:cf:57:5d:9a:5b:c5:
d7:69:26:8d:1c:44:1c:b6:e6:67:7b:e2:71:50:2d:45:da:fc:
ea:81:c3:65:9f:85:25:6a:16:32:bd:45:7e:dd:20:b5:2f:bc:
b8:d8:e5:e5:56:49:5d:2d:1c:2b:6e:fe:28:17:fb:4f:43:94:
04:97:ee:5c:1b:6c:a5:8a:df:52:38:72:41:4f:6a:2d:f1:76:
37:e2:2d:a6:e0:f5:7b:3a:eb:9b:8c:0b:78:01:e0:a3:e6:e6:
f0:24:df:41:f5:02:a8:64:59:8e:3a:79:33:76:d1:0a:93:c3:
a8:9f:98:e6:34:9b:39:c5:fe:23:20:f0:a3:55:3f:d2:bd:29:
a5:e1:8c:30:33:24:a3:0d:71:c7:f3:38:c4:1a:37:65:ed:0b:
22:1a:9c:dc:20:25:f9:62:84:d7:79:a1:d1:4c:d2:be:9b:60:
ba:d4:8a:82
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQC0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTQw
MzUyNTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEU2NTM4NUI2N0Y3MkY2
Qjg5MTZFNTI3MEFBODU5M0VBQzI1QjgxOUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDUSIEcBcF5U1PfJETq4W2saBKA9h6jPCpxO+MZITdfElQaffW4
jS7o41AoCG7L0dyiZ/5NEvbJ+i8GJs2H9vugblA4Jj76eDEVqV4VulUYXJhKXaIO
xBnjMHn6OUKGXlar8dMjF/834vptca8mQzpbvvDrHnBV3IIOK3hhA7aV7hUQLECo
rMgyb0jKWzXAZ87tUUfpy2LKT2JiDezKvjK2nHF5cnsH5vJ5nhqR/cnwFzFLlVNX
cKlSDAAuQFF+Ueyg0ocAV2GFla5N9FRLPNoPS2vPb9hTk8WrMoQ6jEzO0hUDViNJ
sgBHow1PJLzooYDyqfh1ULrXdfy+GJf7Bb8tAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU5lOFtn9y9riRblJwqoWT6sJbgZowHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzVsT0Z0bjl5OXJpUmJs
Sndxb1dUNnNKYmdaby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAHn28zpwEZ/8FWCk
U/CvXPE/fZO9qmFYaEZAWFyBqwMxrFui0TbjqVshcKVaphE2k3JBM+BP9D9VbVWw
hmbczRKVPTgHgCmkwb2/2A21eOCKGIexxs9XXZpbxddpJo0cRBy25md74nFQLUXa
/OqBw2WfhSVqFjK9RX7dILUvvLjY5eVWSV0tHCtu/igX+09DlASX7lwbbKWK31I4
ckFPai3xdjfiLabg9Xs665uMC3gB4KPm5vAk30H1AqhkWY46eTN20QqTw6ifmOY0
mznF/iMg8KNVP9K9KaXhjDAzJKMNccfzOMQaN2XtCyIanNwgJflihNd5odFM0r6b
YLrUioI=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:54:23 2025 by rpki-client