Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/BoOXAhPP4O36EKcCSo8EqnQNaWs.roa
File: BoOXAhPP4O36EKcCSo8EqnQNaWs.roa (raw, json)
Hash identifier: IW9XbVjEcA9nAszfrNrFpXAV8MdeRpyRnAd3FZiJW5U=
Subject key identifier: 06:83:97:02:13:CF:E0:ED:FA:10:A7:02:4A:8F:04:AA:74:0D:69:6B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 42ED
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/BoOXAhPP4O36EKcCSo8EqnQNaWs.roa
Signing time: Wed 17 Apr 2024 19:53:00 +0000
ROA not before: Wed 17 Apr 2024 19:53:00 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17133 (0x42ed)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 17 19:53:00 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=0683970213CFE0EDFA10A7024A8F04AA740D696B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:ff:b2:8e:5b:26:71:3b:e1:d9:01:a4:a2:81:
69:00:61:49:0b:a4:93:79:21:b3:13:96:27:e0:41:
6c:fd:df:b3:0b:f3:50:10:4f:32:7f:aa:1e:1e:19:
3c:04:da:c0:09:eb:11:22:2d:b5:4c:53:c6:fa:47:
00:f4:61:65:93:90:84:78:ec:9f:f9:f0:01:8d:0a:
1b:d3:db:8f:70:1b:ce:c7:f5:89:31:2f:a0:28:2c:
a9:c8:f0:81:b6:bf:43:83:a7:f0:cf:a5:7f:79:f4:
5c:2a:35:a3:7c:0f:73:a0:6c:ff:b2:28:c5:80:66:
db:6f:69:98:ec:1a:e3:4b:3c:51:e4:5d:20:64:21:
2c:b5:29:b1:ba:2f:e0:dd:f1:85:ee:a1:e3:b3:3c:
cb:88:7d:4f:1f:be:17:5c:57:e6:6e:49:0d:ba:fc:
8f:15:f0:10:64:b7:fe:5f:a0:8c:c9:9c:d1:f2:f7:
86:81:fd:47:93:93:5f:af:aa:f8:72:d9:af:f2:a6:
5a:1e:e9:d5:0e:b7:5d:7e:a0:a4:ab:9a:f2:5e:7a:
55:0f:9d:67:f1:b6:fe:53:79:68:ba:ab:2c:cd:3b:
3a:25:65:e1:42:51:4f:37:3e:39:68:9b:ae:77:1a:
d4:c9:5c:ac:80:0d:6b:b5:3d:49:7c:fe:b0:a9:6a:
23:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:83:97:02:13:CF:E0:ED:FA:10:A7:02:4A:8F:04:AA:74:0D:69:6B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/BoOXAhPP4O36EKcCSo8EqnQNaWs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
06:de:0f:11:b5:55:8b:60:cc:6b:1b:8f:8b:43:74:3c:8c:e0:
9f:60:af:cd:59:56:e2:ff:62:4a:92:76:55:62:51:2d:8b:85:
c3:60:49:16:48:6d:6a:a2:a7:b7:d1:f9:04:75:51:d0:f7:48:
2f:3c:cd:44:d8:c9:57:23:f2:ec:bb:b0:68:6e:9d:db:c9:8c:
d6:9f:b3:b6:e0:2e:a1:4f:7c:43:ef:f1:4b:e7:c4:9a:3b:d9:
4a:87:e6:32:e8:f6:5c:ba:3d:11:d5:89:51:2d:85:08:bb:db:
f6:e5:88:4d:ae:f9:9b:b4:c8:f2:fc:80:62:0b:5e:fc:6d:97:
5d:19:5f:87:25:e1:1e:24:3d:80:0d:bf:32:05:6a:c4:86:d9:
ca:6b:5e:5f:7a:aa:99:34:9e:28:09:d5:ae:ed:fb:57:ee:23:
25:5d:70:e4:66:41:8f:f7:ee:f4:52:f7:81:a5:f4:15:42:b3:
bf:7e:06:08:20:55:16:fd:53:f1:3c:a5:7e:25:a7:4a:fc:fc:
9c:b9:92:24:2a:ff:5c:57:e9:96:5f:c8:53:7b:72:29:d1:74:
ff:06:fd:89:a2:ce:2d:53:f5:d0:0f:be:60:85:2a:a6:03:b3:
2c:d3:15:38:fa:45:f7:f2:0e:25:35:8b:d1:a2:f9:5c:b8:d8:
2a:f2:da:8e
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQu0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTcx
OTUzMDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDA2ODM5NzAyMTNDRkUw
RURGQTEwQTcwMjRBOEYwNEFBNzQwRDY5NkIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6/7KOWyZxO+HZAaSigWkAYUkLpJN5IbMTlifgQWz937ML81AQ
TzJ/qh4eGTwE2sAJ6xEiLbVMU8b6RwD0YWWTkIR47J/58AGNChvT249wG87H9Ykx
L6AoLKnI8IG2v0ODp/DPpX959FwqNaN8D3OgbP+yKMWAZttvaZjsGuNLPFHkXSBk
ISy1KbG6L+Dd8YXuoeOzPMuIfU8fvhdcV+ZuSQ26/I8V8BBkt/5foIzJnNHy94aB
/UeTk1+vqvhy2a/yploe6dUOt11+oKSrmvJeelUPnWfxtv5TeWi6qyzNOzolZeFC
UU83Pjlom653GtTJXKyADWu1PUl8/rCpaiPvAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUBoOXAhPP4O36EKcCSo8EqnQNaWswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0JvT1hBaFBQNE8zNkVL
Y0NTbzhFcW5RTmFXcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAAbeDxG1VYtgzGsb
j4tDdDyM4J9gr81ZVuL/YkqSdlViUS2LhcNgSRZIbWqip7fR+QR1UdD3SC88zUTY
yVcj8uy7sGhundvJjNafs7bgLqFPfEPv8UvnxJo72UqH5jLo9ly6PRHViVEthQi7
2/bliE2u+Zu0yPL8gGILXvxtl10ZX4cl4R4kPYANvzIFasSG2cprXl96qpk0nigJ
1a7t+1fuIyVdcORmQY/37vRS94Gl9BVCs79+BgggVRb9U/E8pX4lp0r8/Jy5kiQq
/1xX6ZZfyFN7cinRdP8G/Ymizi1T9dAPvmCFKqYDsyzTFTj6RffyDiU1i9Gi+Vy4
2Cry2o4=
-----END CERTIFICATE-----
Generated at Sun Jun 22 10:56:26 2025 by rpki-client