Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/676uzhobTZfwwHnqvbEcfYbH9M8.roa
File: 676uzhobTZfwwHnqvbEcfYbH9M8.roa (raw, json)
Hash identifier: cln463Rtik6477VxZ/srYhs/zeNEAYzNoJ8WRnNrnRA=
Subject key identifier: EB:BE:AE:CE:1A:1B:4D:97:F0:C0:79:EA:BD:B1:1C:7D:86:C7:F4:CF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 47B9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/676uzhobTZfwwHnqvbEcfYbH9M8.roa
Signing time: Wed 24 Apr 2024 05:23:13 +0000
ROA not before: Wed 24 Apr 2024 05:23:13 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18361 (0x47b9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 24 05:23:13 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=EBBEAECE1A1B4D97F0C079EABDB11C7D86C7F4CF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:a1:0e:6b:50:0a:7d:6d:ea:f1:36:63:d2:5c:
fc:b0:cd:dd:88:7e:fc:53:29:87:66:99:00:bd:59:
6f:39:e4:58:6b:75:f6:60:b8:d0:bd:3b:e0:ee:ea:
95:af:34:2d:70:40:03:00:e8:5f:be:6f:14:71:e8:
85:20:40:5d:c1:24:78:8b:59:17:9b:e6:b8:3e:1e:
76:60:ce:0c:34:26:55:83:4e:20:ac:ac:4a:e7:59:
1a:bf:6f:70:83:17:52:86:94:ba:ba:c0:6e:b9:d8:
eb:5e:4b:12:c2:41:34:8f:99:79:85:f4:62:e9:1f:
91:8e:87:5b:96:bb:ac:49:08:5e:73:7f:e0:39:c4:
85:50:43:62:f2:e5:49:2f:f9:f0:22:54:4a:45:09:
08:c3:ad:e7:bd:ea:28:42:3a:ea:e5:80:96:4f:6f:
99:d0:03:38:63:1a:de:a8:d4:e4:36:1c:0b:55:9a:
e6:2e:0b:3f:fd:25:d5:46:9a:ad:24:bb:62:b7:d4:
17:5c:9a:83:eb:a2:d2:03:f6:20:f3:8f:11:da:32:
19:68:b9:95:7b:c3:bb:01:31:f7:8a:96:7f:65:a8:
34:59:e1:32:d6:23:c8:09:41:28:d9:cc:81:01:fd:
c2:5d:73:4e:35:97:c8:e6:75:12:cc:f8:50:5d:78:
fd:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EB:BE:AE:CE:1A:1B:4D:97:F0:C0:79:EA:BD:B1:1C:7D:86:C7:F4:CF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/676uzhobTZfwwHnqvbEcfYbH9M8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
22:b1:08:3a:b2:9e:d6:8c:54:0b:44:20:ce:b6:f8:73:e3:69:
53:9e:f2:b3:d1:d8:01:fd:97:e8:45:6f:94:b3:d3:55:2d:07:
89:48:e4:01:99:39:fe:14:0a:b2:2e:59:7f:cd:9d:56:51:07:
89:81:3f:9d:b2:a5:3d:83:3f:68:70:0d:8f:f1:b2:e6:f8:99:
1e:7b:4f:ef:d7:da:f0:de:14:26:bb:1c:48:db:39:29:04:05:
f3:a4:77:f3:1a:76:53:51:fa:51:10:56:62:f5:db:73:bf:4f:
66:fb:f5:31:31:d3:61:5b:d4:8f:78:d8:d5:74:c1:bc:81:5e:
fe:e1:b9:42:1a:de:0c:e2:e3:aa:a7:53:9f:b8:7c:93:9b:fb:
d6:83:69:f0:59:e4:7d:10:77:94:b5:9f:46:a3:52:87:20:e9:
ea:fc:03:92:59:57:c3:30:0a:8a:0a:f3:dc:cf:92:65:43:d9:
4a:f6:b4:0e:71:9b:73:70:fa:4f:f5:1a:37:55:0e:52:b9:5b:
4e:19:5e:16:b9:88:22:d0:a8:2d:4d:c8:0d:58:00:47:5e:84:
ca:28:5b:9d:0c:07:5d:5b:9c:1d:11:5f:12:07:85:bc:73:69:
f8:55:7e:de:8e:61:91:e3:91:e9:1b:a0:a1:19:61:27:30:c5:
26:d4:bf:ab
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICR7kwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjQw
NTIzMTNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEVCQkVBRUNFMUExQjRE
OTdGMEMwNzlFQUJEQjExQzdEODZDN0Y0Q0YwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDNoQ5rUAp9berxNmPSXPywzd2IfvxTKYdmmQC9WW855FhrdfZg
uNC9O+Du6pWvNC1wQAMA6F++bxRx6IUgQF3BJHiLWReb5rg+HnZgzgw0JlWDTiCs
rErnWRq/b3CDF1KGlLq6wG652OteSxLCQTSPmXmF9GLpH5GOh1uWu6xJCF5zf+A5
xIVQQ2Ly5Ukv+fAiVEpFCQjDree96ihCOurlgJZPb5nQAzhjGt6o1OQ2HAtVmuYu
Cz/9JdVGmq0ku2K31BdcmoProtID9iDzjxHaMhlouZV7w7sBMfeKln9lqDRZ4TLW
I8gJQSjZzIEB/cJdc041l8jmdRLM+FBdeP31AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU676uzhobTZfwwHnqvbEcfYbH9M8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzY3NnV6aG9iVFpmd3dI
bnF2YkVjZlliSDlNOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBACKxCDqyntaMVAtE
IM62+HPjaVOe8rPR2AH9l+hFb5Sz01UtB4lI5AGZOf4UCrIuWX/NnVZRB4mBP52y
pT2DP2hwDY/xsub4mR57T+/X2vDeFCa7HEjbOSkEBfOkd/MadlNR+lEQVmL123O/
T2b79TEx02Fb1I942NV0wbyBXv7huUIa3gzi46qnU5+4fJOb+9aDafBZ5H0Qd5S1
n0ajUocg6er8A5JZV8MwCooK89zPkmVD2Ur2tA5xm3Nw+k/1GjdVDlK5W04ZXha5
iCLQqC1NyA1YAEdehMooW50MB11bnB0RXxIHhbxzafhVft6OYZHjkekboKEZYScw
xSbUv6s=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:57:08 2025 by rpki-client