Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/DL8Y2QIrwsXDbnJdS1mQ6gkj8i0.roa
File: DL8Y2QIrwsXDbnJdS1mQ6gkj8i0.roa (raw, json)
Hash identifier: XBSwLkXgEn2JzMf2jgeitTEzBNb2Kcowx2lASBpSjdc=
Subject key identifier: 0C:BF:18:D9:02:2B:C2:C5:C3:6E:72:5D:4B:59:90:EA:09:23:F2:2D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3645
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/DL8Y2QIrwsXDbnJdS1mQ6gkj8i0.roa
Signing time: Sun 31 Mar 2024 22:52:10 +0000
ROA not before: Sun 31 Mar 2024 22:52:10 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13893 (0x3645)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 31 22:52:10 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=0CBF18D9022BC2C5C36E725D4B5990EA0923F22D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:70:05:a7:5f:09:53:43:40:2d:df:e0:d9:b6:
d2:d3:4e:4f:49:81:c1:1c:c7:d7:6c:5a:ea:16:d5:
6c:2b:af:83:c2:4b:50:67:00:a3:91:a4:2f:92:32:
8f:d1:7e:4d:3a:c0:b4:24:8c:0c:f2:97:94:f1:89:
2b:8e:10:9b:b7:97:83:bf:bb:86:50:fc:5d:b5:00:
81:dc:13:58:82:dc:15:9c:09:ff:39:2f:bc:d2:a6:
8b:89:48:78:f0:7c:9f:2b:e9:47:29:43:da:c7:9b:
8c:33:a8:75:70:65:72:7c:72:1f:86:bd:8c:22:e6:
8b:78:4b:1f:19:b1:69:3f:e9:ec:ab:09:14:fe:73:
bb:8d:38:59:5e:16:5a:df:38:6a:7d:6e:d1:58:0f:
6d:f7:53:c9:f9:32:8f:61:aa:8a:c9:44:71:26:ac:
97:bb:84:73:f5:64:cf:c1:d5:cb:ed:c4:00:a2:f5:
66:2e:75:11:43:b7:ef:0d:a7:85:06:79:e2:fd:d9:
2f:da:b6:b2:4b:0d:d0:76:18:7d:65:7d:b4:01:04:
a3:12:d1:03:fa:ed:d7:e8:ad:2e:01:ec:ad:ab:37:
8c:d1:a3:1e:c5:05:e9:a4:32:86:4f:b5:15:9f:7a:
f6:68:c4:c8:d2:57:17:3a:6a:a7:11:4e:26:40:54:
5b:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:BF:18:D9:02:2B:C2:C5:C3:6E:72:5D:4B:59:90:EA:09:23:F2:2D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/DL8Y2QIrwsXDbnJdS1mQ6gkj8i0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
65:46:72:3f:27:79:04:34:ac:36:41:90:f8:66:c2:f1:b4:b5:
20:37:cd:2e:12:d6:c4:85:d4:10:db:fb:44:be:b9:5f:15:b5:
3b:17:e1:dd:90:a2:b3:ef:38:a5:ce:5d:49:a7:71:87:5f:85:
75:fd:85:06:66:3f:49:a4:55:e3:78:cf:a3:e7:27:a1:66:53:
36:b2:cd:21:98:e3:0d:21:52:6c:8a:38:cd:9e:12:c0:aa:0c:
94:6c:49:68:d6:5d:46:ff:43:90:ec:72:d6:bd:89:1c:9a:62:
c1:6a:d2:c6:7d:b3:da:16:b2:ac:53:fd:e4:d4:ff:55:b9:90:
da:21:05:46:dc:de:e5:75:81:70:8b:09:39:6b:72:01:3c:b8:
83:72:7e:78:77:51:3b:1e:47:4f:d3:8a:52:8a:0b:21:ea:e0:
4d:4f:b0:db:10:ff:77:05:7e:7a:87:96:4b:89:fc:34:d6:ea:
3c:a3:5c:d8:04:f7:6e:25:63:b0:00:96:d2:12:57:90:b5:9a:
a5:fa:39:a8:35:bc:b9:9b:be:9e:71:da:14:e9:88:39:78:8e:
36:83:ed:78:ce:bb:fe:a1:da:a4:85:e3:d9:7a:02:6d:3a:7a:
9c:68:f4:9f:6a:49:43:c8:eb:8c:ee:ef:53:7e:a5:af:54:1a:
ac:e5:21:ac
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICNkUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzEy
MjUyMTBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDBDQkYxOEQ5MDIyQkMy
QzVDMzZFNzI1RDRCNTk5MEVBMDkyM0YyMkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDBcAWnXwlTQ0At3+DZttLTTk9JgcEcx9dsWuoW1Wwrr4PCS1Bn
AKORpC+SMo/Rfk06wLQkjAzyl5TxiSuOEJu3l4O/u4ZQ/F21AIHcE1iC3BWcCf85
L7zSpouJSHjwfJ8r6UcpQ9rHm4wzqHVwZXJ8ch+GvYwi5ot4Sx8ZsWk/6eyrCRT+
c7uNOFleFlrfOGp9btFYD233U8n5Mo9hqorJRHEmrJe7hHP1ZM/B1cvtxACi9WYu
dRFDt+8Np4UGeeL92S/atrJLDdB2GH1lfbQBBKMS0QP67dforS4B7K2rN4zRox7F
BemkMoZPtRWfevZoxMjSVxc6aqcRTiZAVFvVAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUDL8Y2QIrwsXDbnJdS1mQ6gkj8i0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0RMOFkyUUlyd3NYRGJu
SmRTMW1RNmdrajhpMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAGVGcj8neQQ0rDZB
kPhmwvG0tSA3zS4S1sSF1BDb+0S+uV8VtTsX4d2QorPvOKXOXUmncYdfhXX9hQZm
P0mkVeN4z6PnJ6FmUzayzSGY4w0hUmyKOM2eEsCqDJRsSWjWXUb/Q5Dscta9iRya
YsFq0sZ9s9oWsqxT/eTU/1W5kNohBUbc3uV1gXCLCTlrcgE8uINyfnh3UTseR0/T
ilKKCyHq4E1PsNsQ/3cFfnqHlkuJ/DTW6jyjXNgE924lY7AAltISV5C1mqX6Oag1
vLmbvp5x2hTpiDl4jjaD7XjOu/6h2qSF49l6Am06epxo9J9qSUPI64zu71N+pa9U
GqzlIaw=
-----END CERTIFICATE-----
Generated at Sun Jun 22 22:46:07 2025 by rpki-client