Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/EtkdlTjzWUPbxkKNfev4j_Ldods.roa
File: EtkdlTjzWUPbxkKNfev4j_Ldods.roa (raw, json)
Hash identifier: FBdnnE4M0BiIp8TVdrhTmPvm7qnAonU9/kBUPMsETBk=
Subject key identifier: 12:D9:1D:95:38:F3:59:43:DB:C6:42:8D:7D:EB:F8:8F:F2:DD:A1:DB
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4389
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/EtkdlTjzWUPbxkKNfev4j_Ldods.roa
Signing time: Thu 18 Apr 2024 15:23:01 +0000
ROA not before: Thu 18 Apr 2024 15:23:01 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17289 (0x4389)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 18 15:23:01 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=12D91D9538F35943DBC6428D7DEBF88FF2DDA1DB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:9b:9d:7f:85:87:8b:9a:a2:4d:09:be:04:0b:
3c:6e:dc:b1:0c:a5:e0:cf:a3:c3:97:77:09:aa:e6:
57:32:4d:12:a7:50:03:1b:34:11:f8:6f:d3:58:5c:
8d:f9:0e:ee:6d:0f:69:18:ee:3c:81:9b:85:e7:8f:
b3:18:4e:2f:f3:92:a3:14:ec:07:1d:02:c5:2b:e8:
cf:35:ac:d8:53:5a:5e:61:d6:9a:71:14:a6:c2:44:
9c:ee:25:b1:ef:41:50:38:80:31:5f:0b:24:3c:f4:
2e:d1:f5:d3:88:3d:b2:c9:00:79:20:54:6a:94:f5:
17:b4:cf:cb:14:c1:a6:85:e2:f6:bd:a4:ca:a0:3f:
af:e7:1f:3a:fa:4e:47:f4:40:d7:31:8a:ff:39:38:
f1:27:97:81:c0:c4:96:9b:f5:d3:1f:33:d0:37:b1:
23:b7:62:5b:16:75:9b:d8:3d:62:f9:c0:7c:0b:05:
08:ce:4d:38:ad:8a:7c:fe:c9:a5:2d:8a:e4:c9:63:
db:20:91:8d:c1:c5:ed:cc:26:fc:32:96:74:fa:48:
a2:67:7d:87:69:40:3e:ba:28:60:0c:31:9e:11:2f:
00:14:07:f4:c7:ed:a7:f5:32:b9:1c:a4:e2:5f:eb:
6e:75:a1:23:82:54:c9:1b:f3:d0:ad:b4:5b:08:e1:
e1:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
12:D9:1D:95:38:F3:59:43:DB:C6:42:8D:7D:EB:F8:8F:F2:DD:A1:DB
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/EtkdlTjzWUPbxkKNfev4j_Ldods.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
55:76:6a:6c:16:4b:7e:c0:a5:fa:3b:cf:6c:20:1a:fd:a8:17:
70:42:b3:ba:ed:e9:f3:9a:d1:7d:08:6e:0c:3f:3d:0c:2b:c2:
73:b0:1a:e0:95:f5:fe:ae:af:46:55:8b:e9:9e:aa:f3:2e:82:
1f:e4:11:98:56:a3:3f:49:5a:f9:bb:18:c7:7a:a7:3c:f1:8f:
68:26:e3:20:65:a2:14:9e:64:c5:6c:f8:db:7c:3f:7d:9a:ec:
c4:97:fb:29:a4:0a:ac:89:83:de:18:c8:54:12:bf:a8:38:72:
8f:fc:9d:0f:9b:24:17:f3:34:65:0c:43:11:9e:7d:95:ec:4b:
ac:8a:38:03:17:92:27:25:00:bf:b8:d9:09:f4:25:d1:07:86:
fb:f0:45:7d:33:ee:2c:4f:9c:7b:2a:15:79:6a:d4:de:17:1d:
64:5e:d0:4e:9d:31:da:13:b2:03:00:11:46:da:44:7d:f0:31:
a8:85:dd:5d:a0:93:13:02:f1:a1:23:1d:7e:ec:fb:cd:c5:fd:
e0:32:f9:fd:c9:fd:da:51:5f:87:29:56:98:0d:fd:45:c9:c3:
ab:5d:71:77:3c:d2:bf:5d:20:8c:57:5a:ad:4c:22:01:7d:71:
c8:1c:48:d1:a1:a7:c2:8d:f2:4a:ff:87:0f:58:4d:2d:c7:0f:
1a:65:a2:26
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQ4kwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTgx
NTIzMDFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDEyRDkxRDk1MzhGMzU5
NDNEQkM2NDI4RDdERUJGODhGRjJEREExREIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC2m51/hYeLmqJNCb4ECzxu3LEMpeDPo8OXdwmq5lcyTRKnUAMb
NBH4b9NYXI35Du5tD2kY7jyBm4Xnj7MYTi/zkqMU7AcdAsUr6M81rNhTWl5h1ppx
FKbCRJzuJbHvQVA4gDFfCyQ89C7R9dOIPbLJAHkgVGqU9Re0z8sUwaaF4va9pMqg
P6/nHzr6Tkf0QNcxiv85OPEnl4HAxJab9dMfM9A3sSO3YlsWdZvYPWL5wHwLBQjO
TTitinz+yaUtiuTJY9sgkY3Bxe3MJvwylnT6SKJnfYdpQD66KGAMMZ4RLwAUB/TH
7af1MrkcpOJf6251oSOCVMkb89CttFsI4eGPAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUEtkdlTjzWUPbxkKNfev4j/LdodswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0V0a2RsVGp6V1VQYnhr
S05mZXY0al9MZG9kcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAFV2amwWS37Apfo7
z2wgGv2oF3BCs7rt6fOa0X0Ibgw/PQwrwnOwGuCV9f6ur0ZVi+meqvMugh/kEZhW
oz9JWvm7GMd6pzzxj2gm4yBlohSeZMVs+Nt8P32a7MSX+ymkCqyJg94YyFQSv6g4
co/8nQ+bJBfzNGUMQxGefZXsS6yKOAMXkiclAL+42Qn0JdEHhvvwRX0z7ixPnHsq
FXlq1N4XHWRe0E6dMdoTsgMAEUbaRH3wMaiF3V2gkxMC8aEjHX7s+83F/eAy+f3J
/dpRX4cpVpgN/UXJw6tdcXc80r9dIIxXWq1MIgF9ccgcSNGhp8KN8kr/hw9YTS3H
DxploiY=
-----END CERTIFICATE-----
Generated at Fri Jun 20 16:28:13 2025 by rpki-client