Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/D84LQ539na4euDV9fAkptQ77-JI.roa
File: D84LQ539na4euDV9fAkptQ77-JI.roa (raw, json)
Hash identifier: 2JXMBjstYXrumSE+ym3t3FqBLs9R+J+oy9QtPlW5m80=
Subject key identifier: 0F:CE:0B:43:9D:FD:9D:AE:1E:B8:35:7D:7C:09:29:B5:0E:FB:F8:92
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4489
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/D84LQ539na4euDV9fAkptQ77-JI.roa
Signing time: Fri 19 Apr 2024 23:23:02 +0000
ROA not before: Fri 19 Apr 2024 23:23:02 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17545 (0x4489)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 19 23:23:02 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=0FCE0B439DFD9DAE1EB8357D7C0929B50EFBF892
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:5b:45:44:56:40:54:28:7a:26:ea:f7:17:6d:
99:ab:01:91:26:83:5d:ed:e1:43:f2:3a:f2:df:1a:
c4:43:95:98:d8:29:41:fd:2e:79:64:02:c5:7f:bb:
8d:51:14:25:f0:17:1a:a1:3d:3d:21:df:a6:3c:9c:
3d:a2:8c:2d:21:bf:53:45:88:17:20:ef:77:d7:f6:
db:43:85:cd:1e:cb:33:6a:28:28:b0:c0:56:f3:16:
f0:eb:17:2e:58:b4:a0:61:35:3b:0a:ee:41:8a:aa:
21:74:42:47:cc:38:15:d1:99:c6:93:de:c2:e6:84:
5f:b9:74:36:d1:dd:71:d7:71:35:5c:50:12:cd:c0:
5e:e0:16:a1:84:44:24:35:e8:e5:db:fb:c5:56:48:
22:d6:95:19:47:e4:45:00:95:6b:d8:7e:6a:7f:1d:
c6:d5:65:59:13:92:6f:fb:9b:bf:e6:d2:93:83:c3:
9e:66:f3:2d:3e:c5:d5:e4:f7:9f:9e:4a:47:17:bf:
42:82:5a:81:f2:78:1e:59:b0:10:4c:9e:4e:26:01:
44:69:8a:ff:49:2e:d6:7a:7b:75:de:c8:c5:4d:a8:
52:a7:6d:98:38:26:56:ef:d0:ec:4c:4a:d6:60:7e:
6d:7b:06:50:29:ea:ba:ab:00:dd:41:bf:23:ea:61:
3c:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:CE:0B:43:9D:FD:9D:AE:1E:B8:35:7D:7C:09:29:B5:0E:FB:F8:92
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/D84LQ539na4euDV9fAkptQ77-JI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
a7:0d:d4:f4:58:b3:42:de:35:15:7d:04:00:1f:2e:e0:b5:3e:
5b:70:03:39:66:19:e9:61:04:48:2b:c3:d4:74:ad:a2:95:17:
80:aa:77:e7:ed:28:a7:a1:da:db:ad:13:da:62:3c:c7:f7:b7:
66:54:a5:ea:e2:fe:b6:6d:e1:68:a9:99:b2:c5:e0:c7:21:01:
92:b6:70:4f:6b:f4:e8:91:17:24:be:8c:0d:ed:5a:7d:6d:ff:
8b:2f:65:b3:10:e9:f1:53:af:c7:0c:34:fa:a6:b2:e1:5a:0b:
8b:88:f9:c6:f3:ee:89:e3:85:5c:6b:3b:02:53:26:aa:2b:c8:
1f:78:18:06:1f:02:27:a5:ca:31:9c:0f:7b:8d:3e:a8:29:4d:
a5:db:87:e2:3a:79:5b:52:f3:5c:73:f6:d0:ff:f8:4c:84:ac:
6a:9e:48:01:db:49:c6:0f:04:dc:97:2b:4e:cd:6d:54:ee:25:
88:1c:14:28:2d:9e:95:c2:b7:24:b9:fa:31:6c:99:4a:1b:69:
6c:19:28:cf:f8:71:58:2d:1f:d8:74:35:0e:47:4c:5d:cb:58:
08:d6:09:24:fc:df:50:88:71:dc:d2:ca:20:84:1c:1b:6c:03:
49:19:09:f1:1c:75:c9:bd:57:c1:46:18:03:d6:cc:aa:7a:27:
1e:3d:67:f4
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICRIkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTky
MzIzMDJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDBGQ0UwQjQzOURGRDlE
QUUxRUI4MzU3RDdDMDkyOUI1MEVGQkY4OTIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCxW0VEVkBUKHom6vcXbZmrAZEmg13t4UPyOvLfGsRDlZjYKUH9
LnlkAsV/u41RFCXwFxqhPT0h36Y8nD2ijC0hv1NFiBcg73fX9ttDhc0eyzNqKCiw
wFbzFvDrFy5YtKBhNTsK7kGKqiF0QkfMOBXRmcaT3sLmhF+5dDbR3XHXcTVcUBLN
wF7gFqGERCQ16OXb+8VWSCLWlRlH5EUAlWvYfmp/HcbVZVkTkm/7m7/m0pODw55m
8y0+xdXk95+eSkcXv0KCWoHyeB5ZsBBMnk4mAURpiv9JLtZ6e3XeyMVNqFKnbZg4
Jlbv0OxMStZgfm17BlAp6rqrAN1BvyPqYTz1AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUD84LQ539na4euDV9fAkptQ77+JIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0Q4NExRNTM5bmE0ZXVE
VjlmQWtwdFE3Ny1KSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAKcN1PRYs0LeNRV9
BAAfLuC1PltwAzlmGelhBEgrw9R0raKVF4Cqd+ftKKeh2tutE9piPMf3t2ZUperi
/rZt4WipmbLF4MchAZK2cE9r9OiRFyS+jA3tWn1t/4svZbMQ6fFTr8cMNPqmsuFa
C4uI+cbz7onjhVxrOwJTJqoryB94GAYfAielyjGcD3uNPqgpTaXbh+I6eVtS81xz
9tD/+EyErGqeSAHbScYPBNyXK07NbVTuJYgcFCgtnpXCtyS5+jFsmUobaWwZKM/4
cVgtH9h0NQ5HTF3LWAjWCST831CIcdzSyiCEHBtsA0kZCfEcdcm9V8FGGAPWzKp6
Jx49Z/Q=
-----END CERTIFICATE-----
Generated at Sat Jun 21 05:52:07 2025 by rpki-client