Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/H5JRiFqd2pEIw8hFBLvPrN9VbgI.roa
File: H5JRiFqd2pEIw8hFBLvPrN9VbgI.roa (raw, json)
Hash identifier: OV3G5WilOfFIpLhM7jj2sp9Jx+TA1V6VqLYeBwU2fPY=
Subject key identifier: 1F:92:51:88:5A:9D:DA:91:08:C3:C8:45:04:BB:CF:AC:DF:55:6E:02
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 477D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/H5JRiFqd2pEIw8hFBLvPrN9VbgI.roa
Signing time: Tue 23 Apr 2024 21:53:14 +0000
ROA not before: Tue 23 Apr 2024 21:53:14 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18301 (0x477d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 23 21:53:14 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=1F9251885A9DDA9108C3C84504BBCFACDF556E02
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:0e:1d:97:2f:40:11:7a:9a:50:2e:2f:b0:44:
7f:2a:bb:8a:8d:dd:40:cf:25:9f:b0:82:27:f1:6f:
e7:06:8e:c8:27:b2:62:5b:e1:9e:30:76:fe:bd:3b:
ef:b6:7f:fd:f9:9e:bc:90:62:54:e3:8e:4f:46:b3:
98:e8:2a:56:9a:be:37:84:02:2b:04:a8:0e:7a:6c:
29:1e:55:d1:10:d1:00:48:6c:6e:02:24:7e:e4:de:
85:a3:d8:4e:bd:a5:15:af:5e:77:8a:26:c0:41:fc:
ff:a9:6b:1d:ed:a5:7c:1a:f1:33:9a:75:5c:af:d1:
d7:3e:d3:dc:71:18:7a:09:54:1c:6c:65:98:85:1d:
a6:6d:e2:56:87:e1:b8:27:68:a0:f8:1c:0d:e8:2a:
e3:5c:e9:05:7e:0f:f5:82:6a:ee:c9:7d:fe:09:8e:
b4:c4:ff:b2:92:ae:40:b2:e1:3d:97:d3:5e:d3:78:
45:c3:36:5d:ef:f9:1e:c1:07:ef:67:2e:80:9b:a2:
6d:4f:53:09:31:2c:85:ae:5e:53:09:39:89:74:bf:
a9:41:09:f3:71:59:78:a5:0f:8b:42:ca:ab:b3:dc:
ba:57:cb:55:c9:01:ac:16:b2:af:11:73:89:a5:97:
6c:ca:e7:4a:61:6d:af:a2:6b:c1:99:95:26:ce:4b:
cb:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:92:51:88:5A:9D:DA:91:08:C3:C8:45:04:BB:CF:AC:DF:55:6E:02
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/H5JRiFqd2pEIw8hFBLvPrN9VbgI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
1b:86:b2:1c:dc:ed:04:29:09:d1:d3:f3:d5:df:a2:66:0f:bd:
39:d8:30:20:f0:c5:ed:a7:46:fa:b5:cf:4d:58:b8:8a:52:83:
84:04:02:6a:61:02:91:3f:a2:9c:55:ab:e1:f0:2d:79:84:35:
57:70:98:61:42:1c:3d:15:96:b7:20:67:32:2d:a1:e5:7b:5b:
57:88:d8:fd:60:4c:71:03:65:48:b0:4c:ff:72:e0:34:6e:ad:
55:7a:da:b4:64:78:28:9b:4a:be:50:18:50:c8:18:77:05:04:
be:f4:89:fe:8d:0d:e7:11:9c:89:dd:f7:39:46:d0:71:d0:25:
2e:e8:7e:5b:d4:02:1f:5c:1b:10:99:90:66:4f:66:ac:b9:8c:
b8:57:2a:20:95:30:b1:5c:59:0e:51:dd:3e:1c:e0:a1:8e:0f:
62:52:ff:ce:be:18:ba:fe:c2:ab:1f:fe:ce:d4:17:20:e3:5c:
1d:89:5a:a4:c3:cc:8a:01:59:59:b8:11:f9:55:12:14:dc:1d:
a4:1b:8c:fe:ee:ab:fe:fe:3d:0c:bd:a6:ea:80:de:7d:5a:80:
2a:b3:47:86:d5:f8:14:83:ee:58:41:a5:b4:fb:ef:86:54:31:
ef:fc:d7:33:56:90:a3:e6:73:3c:9d:22:52:55:ee:8a:6f:9b:
26:cf:1b:7c
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICR30wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjMy
MTUzMTRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDFGOTI1MTg4NUE5RERB
OTEwOEMzQzg0NTA0QkJDRkFDREY1NTZFMDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6Dh2XL0AReppQLi+wRH8qu4qN3UDPJZ+wgifxb+cGjsgnsmJb
4Z4wdv69O++2f/35nryQYlTjjk9Gs5joKlaavjeEAisEqA56bCkeVdEQ0QBIbG4C
JH7k3oWj2E69pRWvXneKJsBB/P+pax3tpXwa8TOadVyv0dc+09xxGHoJVBxsZZiF
HaZt4laH4bgnaKD4HA3oKuNc6QV+D/WCau7Jff4JjrTE/7KSrkCy4T2X017TeEXD
Nl3v+R7BB+9nLoCbom1PUwkxLIWuXlMJOYl0v6lBCfNxWXilD4tCyquz3LpXy1XJ
AawWsq8Rc4mll2zK50phba+ia8GZlSbOS8t9AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUH5JRiFqd2pEIw8hFBLvPrN9VbgIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0g1SlJpRnFkMnBFSXc4
aEZCTHZQck45VmJnSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBABuGshzc7QQpCdHT
89XfomYPvTnYMCDwxe2nRvq1z01YuIpSg4QEAmphApE/opxVq+HwLXmENVdwmGFC
HD0VlrcgZzItoeV7W1eI2P1gTHEDZUiwTP9y4DRurVV62rRkeCibSr5QGFDIGHcF
BL70if6NDecRnInd9zlG0HHQJS7oflvUAh9cGxCZkGZPZqy5jLhXKiCVMLFcWQ5R
3T4c4KGOD2JS/86+GLr+wqsf/s7UFyDjXB2JWqTDzIoBWVm4EflVEhTcHaQbjP7u
q/7+PQy9puqA3n1agCqzR4bV+BSD7lhBpbT774ZUMe/81zNWkKPmczydIlJV7opv
mybPG3w=
-----END CERTIFICATE-----
Generated at Sat Jun 21 07:08:03 2025 by rpki-client