Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/DnDb5kjwn7mB5lnpd8CXtPFuQKE.roa
File: DnDb5kjwn7mB5lnpd8CXtPFuQKE.roa (raw, json)
Hash identifier: IPXQE3VdMFHW3gfbcSYy56dXeREX0txcP2ZHP96EVCA=
Subject key identifier: 0E:70:DB:E6:48:F0:9F:B9:81:E6:59:E9:77:C0:97:B4:F1:6E:40:A1
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3E99
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/DnDb5kjwn7mB5lnpd8CXtPFuQKE.roa
Signing time: Fri 12 Apr 2024 01:22:51 +0000
ROA not before: Fri 12 Apr 2024 01:22:51 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16025 (0x3e99)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 12 01:22:51 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=0E70DBE648F09FB981E659E977C097B4F16E40A1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:5f:bd:13:c5:03:b6:50:7c:b9:64:6a:bf:fc:
61:e5:d3:17:34:59:b6:a9:d1:78:7c:b1:43:e4:c1:
bc:f8:41:e1:fb:46:03:5c:16:29:e5:8a:fe:74:a8:
c1:65:ee:72:25:5e:09:6b:cb:a9:a9:33:c6:35:10:
69:1d:ad:c8:34:57:64:7a:15:00:9a:ec:0c:c4:60:
e8:7c:1c:85:45:0e:36:40:be:94:dc:61:ac:ff:48:
19:f2:62:2a:f6:43:d5:eb:9d:b4:5c:45:ac:23:34:
6f:bf:5b:d6:67:b3:ad:53:d9:25:e5:76:b4:c9:61:
51:71:31:53:6d:cb:f1:b0:54:86:a8:61:a7:a3:8b:
0e:ea:48:6a:79:a1:53:50:41:9c:1c:0a:c0:f5:bf:
36:16:57:76:75:12:9d:da:af:5f:5a:6b:bd:22:23:
48:fe:e9:20:18:b2:aa:6f:40:61:b1:07:26:ee:be:
02:df:2c:0d:0a:6c:45:cc:c1:57:46:6c:a5:92:15:
8b:8f:9e:52:38:44:e9:fe:35:63:a7:ca:ee:6a:10:
fb:68:7a:69:c8:69:6f:90:d0:31:0e:a1:93:14:b5:
a2:65:72:b7:94:44:df:c1:32:b7:ad:0e:e4:2d:d8:
9d:9f:9a:0d:a8:a7:ca:e4:a9:d3:bb:23:1e:ab:7a:
9e:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:70:DB:E6:48:F0:9F:B9:81:E6:59:E9:77:C0:97:B4:F1:6E:40:A1
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/DnDb5kjwn7mB5lnpd8CXtPFuQKE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
0f:50:5b:a6:72:29:6f:c1:43:c1:8f:8f:86:ff:17:aa:9f:af:
58:17:b0:e1:a1:c9:a6:f2:84:38:ea:bd:0f:05:db:9a:7e:7f:
82:66:5b:b4:7c:04:1e:6f:8b:81:69:83:25:c6:24:1e:34:c0:
42:9b:ba:4f:67:d3:1e:86:cc:cd:af:5c:50:54:7c:a6:7d:a9:
82:83:5d:9e:e6:c3:84:86:f6:42:27:4c:0d:20:41:cb:25:63:
97:f2:26:14:bd:48:2f:6b:83:50:4e:ba:a8:8c:72:b1:d6:66:
f7:12:b0:ca:9d:95:63:c5:79:f6:0e:3e:6d:28:f8:4c:ce:cb:
d0:b9:b2:80:da:33:d6:32:df:38:8a:74:75:83:41:78:dc:9a:
86:64:d0:14:e8:6e:f2:89:cb:8f:dd:c3:e3:bb:5b:c8:e2:89:
e3:90:ba:e0:b7:52:9f:22:c9:b9:03:d2:84:6d:5c:87:aa:34:
b4:f9:63:9a:84:db:e2:1b:0d:d0:e6:44:18:8e:c9:8f:4e:0c:
28:74:91:aa:0f:ad:7d:29:4d:50:83:e5:2e:aa:cc:dd:34:48:
69:84:c2:db:92:8b:37:ff:65:11:04:30:a2:5b:92:f7:5e:95:
b3:ff:0a:ba:8c:25:e2:2e:73:4b:22:b6:e5:04:e2:28:9b:3b:
b1:7f:ef:85
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICPpkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTIw
MTIyNTFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDBFNzBEQkU2NDhGMDlG
Qjk4MUU2NTlFOTc3QzA5N0I0RjE2RTQwQTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC4X70TxQO2UHy5ZGq//GHl0xc0Wbap0Xh8sUPkwbz4QeH7RgNc
Finliv50qMFl7nIlXglry6mpM8Y1EGkdrcg0V2R6FQCa7AzEYOh8HIVFDjZAvpTc
Yaz/SBnyYir2Q9XrnbRcRawjNG+/W9Zns61T2SXldrTJYVFxMVNty/GwVIaoYaej
iw7qSGp5oVNQQZwcCsD1vzYWV3Z1Ep3ar19aa70iI0j+6SAYsqpvQGGxBybuvgLf
LA0KbEXMwVdGbKWSFYuPnlI4ROn+NWOnyu5qEPtoemnIaW+Q0DEOoZMUtaJlcreU
RN/BMretDuQt2J2fmg2op8rkqdO7Ix6rep4dAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUDnDb5kjwn7mB5lnpd8CXtPFuQKEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0RuRGI1a2p3bjdtQjVs
bnBkOENYdFBGdVFLRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAA9QW6ZyKW/BQ8GP
j4b/F6qfr1gXsOGhyabyhDjqvQ8F25p+f4JmW7R8BB5vi4FpgyXGJB40wEKbuk9n
0x6GzM2vXFBUfKZ9qYKDXZ7mw4SG9kInTA0gQcslY5fyJhS9SC9rg1BOuqiMcrHW
ZvcSsMqdlWPFefYOPm0o+EzOy9C5soDaM9Yy3ziKdHWDQXjcmoZk0BTobvKJy4/d
w+O7W8jiieOQuuC3Up8iybkD0oRtXIeqNLT5Y5qE2+IbDdDmRBiOyY9ODCh0kaoP
rX0pTVCD5S6qzN00SGmEwtuSizf/ZREEMKJbkvdelbP/CrqMJeIuc0situUE4iib
O7F/74U=
-----END CERTIFICATE-----
Generated at Fri Jun 20 14:55:36 2025 by rpki-client