Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/FBqBVuSsf1knZY9H2ObTYWSVxaQ.roa
File: FBqBVuSsf1knZY9H2ObTYWSVxaQ.roa (raw, json)
Hash identifier: bfbjvWaEBkJEygX3kTRYEyH7dGsSFcOpw16sa+aXJxU=
Subject key identifier: 14:1A:81:56:E4:AC:7F:59:27:65:8F:47:D8:E6:D3:61:64:95:C5:A4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4C0D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/FBqBVuSsf1knZY9H2ObTYWSVxaQ.roa
Signing time: Mon 29 Apr 2024 23:53:31 +0000
ROA not before: Mon 29 Apr 2024 23:53:31 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19469 (0x4c0d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 29 23:53:31 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=141A8156E4AC7F5927658F47D8E6D3616495C5A4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:ae:45:62:29:4c:99:bf:ee:23:1a:13:61:ae:
87:31:c8:16:6f:57:73:b5:9c:14:8b:15:bc:29:c6:
aa:66:c8:b4:57:1e:92:30:25:af:7e:0a:68:f4:99:
cd:30:7c:2b:40:9d:99:75:88:4b:52:ff:97:e6:d0:
2f:11:b0:bf:dd:d4:f0:92:f7:75:c9:68:3c:24:d5:
e6:e0:dc:ed:e8:f2:15:00:5b:f6:ba:54:5c:0e:35:
14:82:de:15:07:8d:bf:57:13:71:01:0d:1a:6a:a1:
80:29:2b:27:79:5a:7e:48:1f:4d:b4:1a:a8:b0:77:
64:2c:4d:88:f9:7e:e0:57:b2:45:6b:27:8c:2c:4b:
97:3a:e1:bb:a7:0e:ec:23:35:45:82:ae:2c:d3:13:
1a:0a:39:f4:cd:f1:16:26:3c:f3:b9:dd:0a:f2:de:
1f:f6:cd:1e:58:1f:e4:55:e0:63:58:50:10:9f:dd:
f0:8e:bd:01:fe:2d:7c:17:63:66:0c:77:27:78:d3:
63:25:f0:93:ce:8d:74:9c:3d:36:28:4e:3d:bf:86:
7e:6d:9a:ed:e6:45:4a:5b:81:98:82:e3:11:0c:f3:
81:c8:47:a7:b8:15:5e:fd:a2:e9:c5:3c:30:5b:d0:
c0:4d:47:20:54:c6:fd:7e:7d:53:06:09:23:66:29:
8c:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
14:1A:81:56:E4:AC:7F:59:27:65:8F:47:D8:E6:D3:61:64:95:C5:A4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/FBqBVuSsf1knZY9H2ObTYWSVxaQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
96:d7:d6:6a:e8:f1:42:00:5f:98:9b:73:20:2a:35:32:0e:57:
be:26:61:63:24:fa:21:b3:74:e5:ab:03:3f:91:7a:87:ff:45:
c5:7b:d6:96:90:69:f8:2d:4b:ba:a3:02:b5:2b:bf:be:ca:7a:
8a:41:05:b5:85:bc:84:ba:10:77:ef:13:96:84:ba:c5:ba:e0:
3b:01:c2:77:8b:eb:5b:46:17:af:ca:75:49:89:7a:66:15:7f:
25:35:b9:a2:47:aa:96:b3:43:3b:d7:eb:60:11:81:9f:67:c6:
33:f2:bb:20:e7:96:77:62:00:e9:d2:43:38:94:e7:7c:dd:44:
a4:39:84:d5:d8:78:72:d5:b0:ff:f0:ae:d8:2b:5c:95:0a:50:
03:ce:ac:8e:2e:55:d4:d8:da:49:1f:85:67:a6:af:a1:92:78:
c4:2e:a6:1c:0a:26:5f:c5:34:06:c2:4d:0d:e1:4c:6f:29:4b:
e6:f5:c0:01:71:91:3b:da:2e:f5:5d:5f:5a:f8:7e:7e:f9:c8:
c9:4f:4f:eb:b2:20:b5:8c:6b:04:13:4c:dd:45:52:84:9a:e4:
a9:4f:16:e2:e5:bb:c8:d4:d0:b9:27:58:1c:6a:c0:ed:07:12:
25:0a:0c:12:97:d4:9e:4c:c4:4a:b9:86:d9:b3:58:96:e4:d0:
bd:93:2f:a5
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICTA0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjky
MzUzMzFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDE0MUE4MTU2RTRBQzdG
NTkyNzY1OEY0N0Q4RTZEMzYxNjQ5NUM1QTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDErkViKUyZv+4jGhNhrocxyBZvV3O1nBSLFbwpxqpmyLRXHpIw
Ja9+Cmj0mc0wfCtAnZl1iEtS/5fm0C8RsL/d1PCS93XJaDwk1ebg3O3o8hUAW/a6
VFwONRSC3hUHjb9XE3EBDRpqoYApKyd5Wn5IH020Gqiwd2QsTYj5fuBXskVrJ4ws
S5c64bunDuwjNUWCrizTExoKOfTN8RYmPPO53Qry3h/2zR5YH+RV4GNYUBCf3fCO
vQH+LXwXY2YMdyd402Ml8JPOjXScPTYoTj2/hn5tmu3mRUpbgZiC4xEM84HIR6e4
FV79ounFPDBb0MBNRyBUxv1+fVMGCSNmKYyrAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUFBqBVuSsf1knZY9H2ObTYWSVxaQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0ZCcUJWdVNzZjFrblpZ
OUgyT2JUWVdTVnhhUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJbX1mro8UIAX5ib
cyAqNTIOV74mYWMk+iGzdOWrAz+Reof/RcV71paQafgtS7qjArUrv77KeopBBbWF
vIS6EHfvE5aEusW64DsBwneL61tGF6/KdUmJemYVfyU1uaJHqpazQzvX62ARgZ9n
xjPyuyDnlndiAOnSQziU53zdRKQ5hNXYeHLVsP/wrtgrXJUKUAPOrI4uVdTY2kkf
hWemr6GSeMQuphwKJl/FNAbCTQ3hTG8pS+b1wAFxkTvaLvVdX1r4fn75yMlPT+uy
ILWMawQTTN1FUoSa5KlPFuLlu8jU0LknWBxqwO0HEiUKDBKX1J5MxEq5htmzWJbk
0L2TL6U=
-----END CERTIFICATE-----
Generated at Fri Jun 20 19:16:45 2025 by rpki-client