Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/FSO9I8_IQZ3J0M-pY0f3F8c3fQs.roa
File: FSO9I8_IQZ3J0M-pY0f3F8c3fQs.roa (raw, json)
Hash identifier: mJYEr8DsKUS/qUOmpRuiAiu7h8cHUGrb9ngU28DXSTA=
Subject key identifier: 15:23:BD:23:CF:C8:41:9D:C9:D0:CF:A9:63:47:F7:17:C7:37:7D:0B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4789
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/FSO9I8_IQZ3J0M-pY0f3F8c3fQs.roa
Signing time: Tue 23 Apr 2024 23:23:16 +0000
ROA not before: Tue 23 Apr 2024 23:23:16 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18313 (0x4789)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 23 23:23:16 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=1523BD23CFC8419DC9D0CFA96347F717C7377D0B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:28:6f:ec:d0:3b:6b:5a:33:71:ea:72:e2:88:
2b:f2:f9:81:26:fc:a3:54:31:1d:9f:ff:32:73:21:
95:dc:db:90:bd:15:59:39:2a:41:5c:b4:ea:6a:76:
89:07:3c:90:18:99:5c:78:7f:58:58:e1:ad:2c:26:
34:76:4e:1b:75:8a:e8:65:f3:2f:49:e3:c2:1c:3f:
6b:3c:50:84:00:62:0d:c0:dc:41:b7:ac:36:5a:27:
cc:0a:f8:9d:cb:78:7c:c7:95:f5:24:27:d2:c9:bb:
a8:ce:30:ba:bf:c2:db:9c:1e:24:26:aa:e1:73:47:
29:57:e6:ff:a1:55:f3:8a:e5:5f:29:b9:a8:d6:0f:
c5:70:83:93:ba:79:6e:9a:04:e5:bb:f0:e7:2b:9f:
a5:95:8f:53:4c:bc:30:fa:d3:91:98:c3:4f:0c:1f:
e8:95:30:7b:b8:49:b1:8f:dc:fa:2b:57:8f:8d:15:
c8:a7:cb:38:2c:f2:bc:cf:0e:d4:18:fd:67:94:41:
f1:24:9b:b6:f8:d4:2c:4b:2e:40:63:95:49:46:8e:
c6:d0:db:70:0e:95:b9:c2:6d:51:4f:96:4e:36:01:
f3:e9:0d:ee:04:61:fa:80:6b:f9:ef:26:c5:4e:68:
f3:7d:40:bc:d3:10:ac:d9:c2:1d:5c:04:16:62:5e:
e6:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
15:23:BD:23:CF:C8:41:9D:C9:D0:CF:A9:63:47:F7:17:C7:37:7D:0B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/FSO9I8_IQZ3J0M-pY0f3F8c3fQs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
40:0c:81:eb:68:4c:f0:47:8f:b1:35:16:f4:01:4e:39:91:02:
77:2d:f1:63:93:df:3a:82:b8:47:ee:88:c9:7f:d8:fe:3c:fc:
a5:fb:0c:84:3c:9c:ba:9f:54:f9:ec:64:89:16:3e:84:bb:bc:
bb:94:14:9e:87:dd:6b:e4:f5:2d:af:9b:60:78:85:d8:c4:39:
c2:8f:11:ce:0d:2d:3c:24:cd:6f:27:36:c9:cf:e7:6e:03:73:
38:41:5d:20:4b:bb:3b:4e:00:bf:0e:e9:f7:83:88:ae:3d:99:
70:f5:1b:56:61:b1:3b:2f:b0:f1:89:c7:cd:4f:ca:0f:19:c3:
da:ce:34:7a:a7:39:b4:6c:b1:7e:03:8e:39:4e:bd:be:fb:e8:
8f:2a:35:ca:aa:e8:92:67:8f:be:19:a1:8c:9f:ef:bf:d4:13:
34:73:f4:0a:8e:fd:87:8c:9c:39:69:1d:39:09:6c:61:1a:f5:
0d:18:82:99:c7:ac:2b:00:bf:b4:29:c8:02:fc:91:16:d1:a4:
ce:32:ae:28:8e:69:87:b4:9e:df:64:c2:07:bb:60:be:d1:8b:
3a:51:83:93:31:41:3b:2a:05:c8:2f:1f:df:cd:01:c7:d3:ad:
88:ad:02:ab:5f:5f:a7:69:53:59:36:5a:e4:4a:9b:59:ff:6f:
0f:8d:de:71
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICR4kwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjMy
MzIzMTZaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDE1MjNCRDIzQ0ZDODQx
OURDOUQwQ0ZBOTYzNDdGNzE3QzczNzdEMEIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDFKG/s0DtrWjNx6nLiiCvy+YEm/KNUMR2f/zJzIZXc25C9FVk5
KkFctOpqdokHPJAYmVx4f1hY4a0sJjR2Tht1iuhl8y9J48IcP2s8UIQAYg3A3EG3
rDZaJ8wK+J3LeHzHlfUkJ9LJu6jOMLq/wtucHiQmquFzRylX5v+hVfOK5V8puajW
D8Vwg5O6eW6aBOW78Ocrn6WVj1NMvDD605GYw08MH+iVMHu4SbGP3PorV4+NFcin
yzgs8rzPDtQY/WeUQfEkm7b41CxLLkBjlUlGjsbQ23AOlbnCbVFPlk42AfPpDe4E
YfqAa/nvJsVOaPN9QLzTEKzZwh1cBBZiXuY3AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUFSO9I8/IQZ3J0M+pY0f3F8c3fQswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0ZTTzlJOF9JUVozSjBN
LXBZMGYzRjhjM2ZRcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAEAMgetoTPBHj7E1
FvQBTjmRAnct8WOT3zqCuEfuiMl/2P48/KX7DIQ8nLqfVPnsZIkWPoS7vLuUFJ6H
3Wvk9S2vm2B4hdjEOcKPEc4NLTwkzW8nNsnP524DczhBXSBLuztOAL8O6feDiK49
mXD1G1ZhsTsvsPGJx81Pyg8Zw9rONHqnObRssX4DjjlOvb776I8qNcqq6JJnj74Z
oYyf77/UEzRz9AqO/YeMnDlpHTkJbGEa9Q0YgpnHrCsAv7QpyAL8kRbRpM4yriiO
aYe0nt9kwge7YL7RizpRg5MxQTsqBcgvH9/NAcfTrYitAqtfX6dpU1k2WuRKm1n/
bw+N3nE=
-----END CERTIFICATE-----
Generated at Fri Jun 20 10:02:53 2025 by rpki-client