Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/AyjRlViPZjdRr68rS6pCLCXMiGU.roa
File: AyjRlViPZjdRr68rS6pCLCXMiGU.roa (raw, json)
Hash identifier: sy8tBoNo93GWCSgr+8xc2C/W1GTgdEjCxoap7daevAM=
Subject key identifier: 03:28:D1:95:58:8F:66:37:51:AF:AF:2B:4B:AA:42:2C:25:CC:88:65
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3465
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/AyjRlViPZjdRr68rS6pCLCXMiGU.roa
Signing time: Fri 29 Mar 2024 10:52:04 +0000
ROA not before: Fri 29 Mar 2024 10:52:04 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13413 (0x3465)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 29 10:52:04 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=0328D195588F663751AFAF2B4BAA422C25CC8865
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:0a:b0:ab:a1:72:fb:17:e1:3b:fb:c0:f4:d6:
35:fa:0b:d1:a2:bd:07:02:91:5b:fb:60:fd:f8:83:
92:30:07:8d:16:02:05:1e:cc:2e:71:65:aa:be:35:
e4:78:85:82:aa:a6:9b:88:61:fd:6f:b0:95:da:5c:
52:7d:9b:dd:de:0f:f3:5c:09:0f:49:f7:4f:41:27:
7c:a1:a9:63:aa:18:ec:f7:3b:b2:a5:fd:d3:c0:a7:
e1:a8:27:92:05:3d:b8:7d:11:3f:2f:e0:58:db:8a:
eb:f9:01:02:9e:91:b6:0f:3e:f3:ad:fc:c3:85:65:
cf:3c:5e:22:33:23:07:14:74:35:04:51:90:f5:18:
51:03:1f:c6:77:96:61:16:36:9e:be:e8:0f:5c:a2:
60:5d:e7:6e:d3:ef:82:22:cd:d2:0a:7a:47:92:b6:
e7:be:f1:70:90:62:e6:cb:18:3a:08:ee:ef:c0:aa:
92:7f:3c:1e:60:b3:8f:49:47:a4:63:8d:b2:dc:16:
fa:a5:38:84:2d:e2:2a:4b:e4:f0:37:e2:dc:b8:e3:
5c:fb:7a:d4:c3:b2:93:9b:12:d8:bb:dc:67:8d:38:
1e:a3:9b:40:da:75:96:99:61:8f:a3:d0:7c:ed:7f:
e5:a6:10:ee:1d:ad:13:91:8e:1f:a8:92:62:42:11:
31:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:28:D1:95:58:8F:66:37:51:AF:AF:2B:4B:AA:42:2C:25:CC:88:65
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/AyjRlViPZjdRr68rS6pCLCXMiGU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
6b:9a:4c:ca:a1:40:85:31:29:64:9d:a7:f2:bd:0d:6c:55:fc:
b3:7b:d2:8d:5c:ba:8b:1a:21:21:f3:a2:a2:b9:b9:3c:c1:66:
cc:a7:76:5d:df:2e:94:73:65:e5:6c:a1:5f:43:b9:91:00:f4:
86:36:f1:7d:8b:c2:b4:61:04:0d:33:d5:97:37:66:5d:fe:e4:
c8:99:63:5e:74:35:3b:4f:62:a3:4c:fd:67:c8:22:f4:42:43:
e6:18:e5:32:96:32:77:65:be:e2:93:be:84:97:d3:47:18:f4:
6c:5c:1c:86:30:bc:59:df:0c:22:54:26:8f:09:a7:04:09:ac:
62:26:f9:29:42:65:78:36:93:a0:3b:60:69:4d:38:40:59:bf:
29:99:fa:70:61:9a:27:2c:1c:9d:83:11:21:b8:45:dd:21:53:
33:0e:48:c1:30:e6:dd:ed:21:c4:27:44:9d:3c:6d:ae:a4:de:
8b:96:95:54:a5:fc:56:8f:eb:9f:7f:0a:32:bf:38:1a:9d:2f:
49:98:da:78:cb:b5:ea:77:5c:45:70:83:a5:21:b4:62:1c:13:
15:cc:6d:dd:05:7f:b5:6b:e2:7e:0c:6d:e2:b8:1a:bf:e6:9e:
ad:bd:90:70:54:ed:5d:a3:47:bc:e1:0d:41:37:33:1b:ed:bc:
17:57:ce:d4
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICNGUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMjkx
MDUyMDRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDAzMjhEMTk1NTg4RjY2
Mzc1MUFGQUYyQjRCQUE0MjJDMjVDQzg4NjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDOCrCroXL7F+E7+8D01jX6C9GivQcCkVv7YP34g5IwB40WAgUe
zC5xZaq+NeR4hYKqppuIYf1vsJXaXFJ9m93eD/NcCQ9J909BJ3yhqWOqGOz3O7Kl
/dPAp+GoJ5IFPbh9ET8v4Fjbiuv5AQKekbYPPvOt/MOFZc88XiIzIwcUdDUEUZD1
GFEDH8Z3lmEWNp6+6A9comBd527T74IizdIKekeStue+8XCQYubLGDoI7u/AqpJ/
PB5gs49JR6RjjbLcFvqlOIQt4ipL5PA34ty441z7etTDspObEti73GeNOB6jm0Da
dZaZYY+j0Hztf+WmEO4drRORjh+okmJCETEDAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUAyjRlViPZjdRr68rS6pCLCXMiGUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0F5alJsVmlQWmpkUnI2
OHJTNnBDTENYTWlHVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAGuaTMqhQIUxKWSd
p/K9DWxV/LN70o1cuosaISHzoqK5uTzBZsyndl3fLpRzZeVsoV9DuZEA9IY28X2L
wrRhBA0z1Zc3Zl3+5MiZY150NTtPYqNM/WfIIvRCQ+YY5TKWMndlvuKTvoSX00cY
9GxcHIYwvFnfDCJUJo8JpwQJrGIm+SlCZXg2k6A7YGlNOEBZvymZ+nBhmicsHJ2D
ESG4Rd0hUzMOSMEw5t3tIcQnRJ08ba6k3ouWlVSl/FaP659/CjK/OBqdL0mY2njL
tep3XEVwg6UhtGIcExXMbd0Ff7Vr4n4MbeK4Gr/mnq29kHBU7V2jR7zhDUE3Mxvt
vBdXztQ=
-----END CERTIFICATE-----
Generated at Sat Jun 21 08:31:10 2025 by rpki-client