Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/B0oRhu4SJz2ws_hkCIJtTjrLEsE.roa
File: B0oRhu4SJz2ws_hkCIJtTjrLEsE.roa (raw, json)
Hash identifier: /71tn/T/+U9a2btKl/JwIze7rX3yy3nswlqO5hU0010=
Subject key identifier: 07:4A:11:86:EE:12:27:3D:B0:B3:F8:64:08:82:6D:4E:3A:CB:12:C1
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 407D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/B0oRhu4SJz2ws_hkCIJtTjrLEsE.roa
Signing time: Sun 14 Apr 2024 13:52:55 +0000
ROA not before: Sun 14 Apr 2024 13:52:55 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16509 (0x407d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 14 13:52:55 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=074A1186EE12273DB0B3F86408826D4E3ACB12C1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f4:ff:75:6d:01:0a:1c:53:9f:c9:c3:b5:f2:44:
6e:51:ab:51:a5:36:45:b4:3d:16:44:9d:c8:eb:b0:
6c:b5:6b:22:69:da:3e:de:d2:83:cb:f0:f8:37:95:
86:5a:54:51:5d:aa:4e:6c:39:1f:da:e9:54:af:95:
64:e1:e6:7a:64:5a:1e:f0:a2:45:39:cc:8a:3e:7d:
ab:b8:b7:23:bd:22:79:8a:79:ef:51:6b:85:26:ad:
95:cb:74:86:25:40:dd:e5:cc:67:ab:d8:c5:6c:52:
09:dd:92:54:76:f0:53:55:d2:47:75:b9:ad:b0:6d:
98:71:43:44:a2:6e:ba:f8:17:cb:32:72:7d:41:28:
e9:85:bc:13:ed:e6:c5:02:99:61:86:e3:06:6b:5a:
15:2d:ee:d7:4a:6a:6d:9b:9b:12:15:48:3a:61:1b:
ad:ac:ac:23:30:e6:5c:07:aa:e3:3f:1a:54:b1:47:
6e:9e:37:d0:f1:2a:bb:3e:43:80:14:03:7e:e8:8c:
fe:0a:cf:28:03:23:76:18:23:14:90:4f:8e:4c:12:
af:95:8d:2f:cb:0f:3d:82:df:1b:24:a4:3f:0d:ed:
d5:db:f3:fd:ba:9a:32:f1:0a:64:cb:ed:08:f9:36:
0b:ae:aa:b6:54:96:64:05:0a:c4:f6:18:f6:cd:c3:
2c:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
07:4A:11:86:EE:12:27:3D:B0:B3:F8:64:08:82:6D:4E:3A:CB:12:C1
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/B0oRhu4SJz2ws_hkCIJtTjrLEsE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
74:fa:c0:b3:f1:f6:d2:e4:e3:61:1c:a2:a7:2b:e4:ed:3f:f1:
01:de:78:f0:04:65:3c:63:a1:f5:e9:5b:50:98:30:1c:e5:7d:
fe:1b:01:e3:01:47:01:e7:2f:33:de:a5:ec:d5:fc:7b:41:e4:
01:82:f9:af:c3:08:2c:08:a1:78:ae:0f:ec:69:31:cb:21:13:
60:64:a8:3b:76:01:ab:bf:e0:3a:59:19:d5:e9:f7:77:7a:96:
1c:c7:1a:f1:70:a8:c3:1f:db:04:44:3f:70:b1:c5:86:ec:eb:
ad:4d:b4:7f:f8:0d:11:24:45:f8:a3:15:dd:c3:5c:a6:92:e6:
c1:a6:71:39:34:5d:21:54:b9:3e:e0:03:f9:85:b6:26:11:29:
cf:ed:c8:1d:83:8f:ee:1d:42:06:de:ac:04:5e:79:eb:18:bd:
cd:f7:cf:41:d9:73:b2:a0:ae:a6:b7:ec:47:ca:3e:ad:d6:aa:
25:a7:8e:82:a3:20:40:3c:82:e9:d8:2c:e6:7e:2f:27:27:98:
af:9f:36:71:d8:d1:50:2d:14:10:d5:44:e9:a5:4e:9a:2e:2e:
07:7c:46:cd:aa:f8:e5:56:3b:ff:33:6f:2d:68:a9:f0:a7:7c:
2f:3e:61:87:f2:5c:5c:3c:b2:8d:f3:59:7a:77:5e:58:00:70:
e1:7b:9f:dd
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQH0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTQx
MzUyNTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDA3NEExMTg2RUUxMjI3
M0RCMEIzRjg2NDA4ODI2RDRFM0FDQjEyQzEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD0/3VtAQocU5/Jw7XyRG5Rq1GlNkW0PRZEncjrsGy1ayJp2j7e
0oPL8Pg3lYZaVFFdqk5sOR/a6VSvlWTh5npkWh7wokU5zIo+fau4tyO9InmKee9R
a4UmrZXLdIYlQN3lzGer2MVsUgndklR28FNV0kd1ua2wbZhxQ0Sibrr4F8sycn1B
KOmFvBPt5sUCmWGG4wZrWhUt7tdKam2bmxIVSDphG62srCMw5lwHquM/GlSxR26e
N9DxKrs+Q4AUA37ojP4KzygDI3YYIxSQT45MEq+VjS/LDz2C3xskpD8N7dXb8/26
mjLxCmTL7Qj5NguuqrZUlmQFCsT2GPbNwyzZAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUB0oRhu4SJz2ws/hkCIJtTjrLEsEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0Iwb1JodTRTSnoyd3Nf
aGtDSUp0VGpyTEVzRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAHT6wLPx9tLk42Ec
oqcr5O0/8QHeePAEZTxjofXpW1CYMBzlff4bAeMBRwHnLzPepezV/HtB5AGC+a/D
CCwIoXiuD+xpMcshE2BkqDt2Aau/4DpZGdXp93d6lhzHGvFwqMMf2wREP3CxxYbs
661NtH/4DREkRfijFd3DXKaS5sGmcTk0XSFUuT7gA/mFtiYRKc/tyB2Dj+4dQgbe
rAReeesYvc33z0HZc7Kgrqa37EfKPq3WqiWnjoKjIEA8gunYLOZ+LycnmK+fNnHY
0VAtFBDVROmlTpouLgd8Rs2q+OVWO/8zby1oqfCnfC8+YYfyXFw8so3zWXp3XlgA
cOF7n90=
-----END CERTIFICATE-----
Generated at Fri Jun 20 23:03:51 2025 by rpki-client