Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/CD4yytbGzo4D3wp0DmeiSip6iiQ.roa
File: CD4yytbGzo4D3wp0DmeiSip6iiQ.roa (raw, json)
Hash identifier: MZLqDRfrjwy7pjVPMTPRRc9JWbWLHDUHgX3p/+MmG8Y=
Subject key identifier: 08:3E:32:CA:D6:C6:CE:8E:03:DF:0A:74:0E:67:A2:4A:2A:7A:8A:24
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 483D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/CD4yytbGzo4D3wp0DmeiSip6iiQ.roa
Signing time: Wed 24 Apr 2024 21:53:19 +0000
ROA not before: Wed 24 Apr 2024 21:53:19 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18493 (0x483d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 24 21:53:19 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=083E32CAD6C6CE8E03DF0A740E67A24A2A7A8A24
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:dc:3c:d0:52:ec:50:8c:9a:7e:0f:53:77:48:
63:03:a6:18:0a:37:bb:45:48:7d:87:45:7d:36:56:
b2:30:2e:42:12:41:c6:c9:68:5a:26:33:04:43:26:
88:ff:e9:8d:60:ac:3a:26:47:f0:57:3c:ed:6d:2e:
9b:8a:ba:05:00:cf:4b:d7:83:f7:48:cc:37:94:38:
85:19:3f:c9:e9:56:46:a4:bf:71:10:21:1a:79:41:
e7:18:64:bc:be:8d:b8:33:15:c7:59:86:5b:b8:61:
2b:1e:56:a5:52:33:56:19:ad:9a:6f:a0:4d:12:87:
16:b4:4b:03:fa:41:a1:bb:46:34:6a:87:8e:80:bb:
32:d9:0c:1c:a7:74:85:ed:72:04:a0:a3:b1:e7:0d:
6c:36:2b:e7:c5:e2:bc:0b:b9:54:96:c3:45:71:10:
27:e3:6f:d7:9d:e5:fe:89:34:fe:4a:46:18:00:a0:
2a:8a:dc:15:42:43:9d:4f:bb:1a:ce:fe:4f:c1:f7:
c9:34:a2:b4:00:f0:5c:db:88:64:0e:31:6d:58:ab:
4c:b0:5c:8d:5e:e8:5e:9d:a8:b7:57:24:82:fe:ad:
1a:9f:a5:e6:46:dc:5d:73:60:31:0f:fa:bd:7a:3f:
52:30:93:ff:b7:47:09:0e:5c:89:e1:8c:33:79:62:
c4:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:3E:32:CA:D6:C6:CE:8E:03:DF:0A:74:0E:67:A2:4A:2A:7A:8A:24
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/CD4yytbGzo4D3wp0DmeiSip6iiQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
43:b4:25:4d:90:ff:20:be:69:e9:5a:9b:f6:ec:46:a4:af:35:
61:17:86:c1:1c:19:0f:ac:dc:e0:7a:3a:82:ee:0b:af:4d:5e:
bc:14:71:1e:f1:32:55:05:54:76:c7:ec:34:eb:ec:1c:17:c0:
61:c9:ec:28:cd:71:05:99:0c:e8:71:c9:1f:56:34:e8:bb:b2:
fa:f7:52:eb:62:7c:ce:e4:d3:48:04:11:61:2f:44:10:e0:96:
1f:83:53:57:eb:8b:03:c3:bf:28:ec:32:88:71:0a:2b:da:ee:
90:ce:a2:c9:41:32:57:e4:99:48:95:d9:00:ec:ac:77:3b:37:
89:fa:3a:9a:b8:9a:a2:00:c9:e9:96:85:c4:11:d9:c7:f7:36:
7e:c6:68:c3:4d:2a:05:ee:00:c1:af:c0:a9:e8:8a:4b:5d:47:
0c:23:7c:45:22:58:8d:eb:5c:2c:c0:91:1b:d2:fa:e4:67:9c:
a4:ce:d5:7f:d2:76:50:1c:ca:68:40:f6:41:c4:de:2a:42:95:
7c:a1:f7:26:37:26:01:35:bd:52:d0:1e:e9:71:9a:25:e1:06:
94:c8:35:ed:61:63:fa:8d:e5:d3:5f:91:90:f5:41:5d:ca:12:
9a:ca:de:30:68:1a:a4:86:a4:9a:42:29:13:15:4d:76:d8:6d:
f1:65:54:a4
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICSD0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjQy
MTUzMTlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDA4M0UzMkNBRDZDNkNF
OEUwM0RGMEE3NDBFNjdBMjRBMkE3QThBMjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCu3DzQUuxQjJp+D1N3SGMDphgKN7tFSH2HRX02VrIwLkISQcbJ
aFomMwRDJoj/6Y1grDomR/BXPO1tLpuKugUAz0vXg/dIzDeUOIUZP8npVkakv3EQ
IRp5QecYZLy+jbgzFcdZhlu4YSseVqVSM1YZrZpvoE0Shxa0SwP6QaG7RjRqh46A
uzLZDByndIXtcgSgo7HnDWw2K+fF4rwLuVSWw0VxECfjb9ed5f6JNP5KRhgAoCqK
3BVCQ51PuxrO/k/B98k0orQA8FzbiGQOMW1Yq0ywXI1e6F6dqLdXJIL+rRqfpeZG
3F1zYDEP+r16P1Iwk/+3RwkOXInhjDN5YsSfAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUCD4yytbGzo4D3wp0DmeiSip6iiQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0NENHl5dGJHem80RDN3
cDBEbWVpU2lwNmlpUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAEO0JU2Q/yC+aela
m/bsRqSvNWEXhsEcGQ+s3OB6OoLuC69NXrwUcR7xMlUFVHbH7DTr7BwXwGHJ7CjN
cQWZDOhxyR9WNOi7svr3UutifM7k00gEEWEvRBDglh+DU1friwPDvyjsMohxCiva
7pDOoslBMlfkmUiV2QDsrHc7N4n6Opq4mqIAyemWhcQR2cf3Nn7GaMNNKgXuAMGv
wKnoiktdRwwjfEUiWI3rXCzAkRvS+uRnnKTO1X/SdlAcymhA9kHE3ipClXyh9yY3
JgE1vVLQHulxmiXhBpTINe1hY/qN5dNfkZD1QV3KEprK3jBoGqSGpJpCKRMVTXbY
bfFlVKQ=
-----END CERTIFICATE-----
Generated at Sat Jun 21 22:46:15 2025 by rpki-client