Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/6r0T4DakJBYOi7uHe0QRxMue_x8.roa
File: 6r0T4DakJBYOi7uHe0QRxMue_x8.roa (raw, json)
Hash identifier: j85XXtfHZ1N0wHR63DTMQZ8+C8q7urvJVzcZd9ORozg=
Subject key identifier: EA:BD:13:E0:36:A4:24:16:0E:8B:BB:87:7B:44:11:C4:CB:9E:FF:1F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 55A5
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/6r0T4DakJBYOi7uHe0QRxMue_x8.roa
Signing time: Sun 12 May 2024 18:54:05 +0000
ROA not before: Sun 12 May 2024 18:54:05 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21925 (0x55a5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 12 18:54:05 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=EABD13E036A424160E8BBB877B4411C4CB9EFF1F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:28:4c:a5:dd:d5:58:47:d6:f7:15:69:78:26:
be:21:70:8f:4c:ac:dc:4a:f6:f7:d8:08:ef:88:50:
a4:c0:22:73:a9:2a:65:b1:e7:9b:ee:22:6a:a7:65:
22:60:5f:9b:08:ad:99:2d:5b:0d:31:9d:29:3e:6d:
42:9b:69:f9:32:a3:0d:99:ae:75:77:1e:05:fb:09:
da:fb:f8:7e:c4:37:f1:11:f2:a9:00:d9:54:d8:2a:
4e:bd:c4:48:be:50:1d:bc:93:a7:b8:07:bd:42:a7:
d3:45:7b:12:24:92:4d:38:8b:da:0b:7b:4c:23:84:
c8:ea:6b:99:ec:5b:e2:56:db:dd:d1:fd:80:55:0a:
e9:2f:1f:5f:cb:f4:bc:2b:f5:d5:0d:1f:31:8a:df:
6a:35:13:8a:dd:50:2c:fa:65:d6:9f:1f:1d:93:9d:
ea:3d:5a:2e:02:bd:82:32:13:0d:7f:e2:5d:f6:11:
34:18:87:e5:4a:cd:07:f1:ba:cf:83:13:dc:31:78:
55:58:19:b6:ec:b0:66:93:69:d6:4b:b3:2e:72:03:
84:0c:ac:08:a1:a6:4b:62:82:92:b5:e6:f3:dc:e7:
39:09:d4:70:fc:7f:31:45:52:7e:a6:61:98:65:d6:
a4:e8:27:68:d9:10:0c:e6:a8:20:34:2c:4f:2e:7d:
ee:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EA:BD:13:E0:36:A4:24:16:0E:8B:BB:87:7B:44:11:C4:CB:9E:FF:1F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/6r0T4DakJBYOi7uHe0QRxMue_x8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
4d:ff:c6:71:c7:69:6e:44:ad:c7:a1:9e:70:d1:39:8d:50:c4:
56:71:cf:92:14:53:ac:45:91:7b:7e:da:c1:81:44:9b:65:a9:
a4:de:dc:65:7e:37:27:79:0d:26:12:a4:72:d1:b9:02:47:1a:
f7:2c:10:c2:3b:55:f9:2d:10:82:a3:96:c4:15:d4:71:44:07:
c4:40:f4:0e:73:8c:57:a9:fc:05:2f:56:dc:1f:43:d8:da:62:
9a:9a:f7:e7:44:48:fd:e2:b5:b8:eb:69:b4:91:72:67:0d:2c:
2e:b7:58:3e:9e:f5:75:ba:d5:70:ef:d6:74:27:0e:c4:db:2f:
b8:31:62:0b:71:38:0d:09:32:9f:85:c7:17:c9:ad:f4:09:b5:
fd:f5:9c:70:e1:7e:14:5c:74:48:3e:41:b9:6d:ac:11:ba:95:
ba:c7:5b:03:eb:24:ec:17:6a:27:f5:e5:33:eb:b4:49:82:f1:
32:10:d7:c8:dc:a3:4d:ea:f9:95:ba:90:71:1d:ab:47:1c:30:
c3:b5:6d:0d:49:70:db:b2:09:7d:b4:93:da:da:c5:0e:85:9a:
30:47:9d:20:97:b0:07:e5:cb:f3:a3:9a:57:54:fe:96:7b:20:
7c:f6:1d:fc:67:95:12:d1:a8:9b:44:1a:6d:72:cb:d9:97:bb:
8a:a2:5c:98
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICVaUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTIx
ODU0MDVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKEVBQkQxM0UwMzZBNDI0
MTYwRThCQkI4NzdCNDQxMUM0Q0I5RUZGMUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC5KEyl3dVYR9b3FWl4Jr4hcI9MrNxK9vfYCO+IUKTAInOpKmWx
55vuImqnZSJgX5sIrZktWw0xnSk+bUKbafkyow2ZrnV3HgX7Cdr7+H7EN/ER8qkA
2VTYKk69xEi+UB28k6e4B71Cp9NFexIkkk04i9oLe0wjhMjqa5nsW+JW293R/YBV
CukvH1/L9Lwr9dUNHzGK32o1E4rdUCz6ZdafHx2Tneo9Wi4CvYIyEw1/4l32ETQY
h+VKzQfxus+DE9wxeFVYGbbssGaTadZLsy5yA4QMrAihpktigpK15vPc5zkJ1HD8
fzFFUn6mYZhl1qToJ2jZEAzmqCA0LE8ufe5PAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQU6r0T4DakJBYOi7uHe0QRxMue/x8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzZyMFQ0RGFrSkJZT2k3
dUhlMFFSeE11ZV94OC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAE3/xnHHaW5Erceh
nnDROY1QxFZxz5IUU6xFkXt+2sGBRJtlqaTe3GV+Nyd5DSYSpHLRuQJHGvcsEMI7
VfktEIKjlsQV1HFEB8RA9A5zjFep/AUvVtwfQ9jaYpqa9+dESP3itbjrabSRcmcN
LC63WD6e9XW61XDv1nQnDsTbL7gxYgtxOA0JMp+FxxfJrfQJtf31nHDhfhRcdEg+
QbltrBG6lbrHWwPrJOwXaif15TPrtEmC8TIQ18jco03q+ZW6kHEdq0ccMMO1bQ1J
cNuyCX20k9raxQ6FmjBHnSCXsAfly/OjmldU/pZ7IHz2HfxnlRLRqJtEGm1yy9mX
u4qiXJg=
-----END CERTIFICATE-----
Generated at Sun Jun 22 01:08:46 2025 by rpki-client