Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/HpYGZ_6Et5c0hmYXcC3yWjsKp8k.roa
File: HpYGZ_6Et5c0hmYXcC3yWjsKp8k.roa (raw, json)
Hash identifier: vhpqjCYBW7YmcS+8bOYscdh10ABObRzyj8zpyN5dtIQ=
Subject key identifier: 1E:96:06:67:FE:84:B7:97:34:86:66:17:70:2D:F2:5A:3B:0A:A7:C9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 40F1
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/HpYGZ_6Et5c0hmYXcC3yWjsKp8k.roa
Signing time: Mon 15 Apr 2024 04:22:52 +0000
ROA not before: Mon 15 Apr 2024 04:22:52 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16625 (0x40f1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 15 04:22:52 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=1E960667FE84B79734866617702DF25A3B0AA7C9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:5c:f9:0f:4d:0a:40:98:46:5d:64:03:1e:00:
a6:98:c0:c4:b5:1b:a6:0c:d9:36:00:db:d4:c3:11:
a1:30:b0:cc:36:5d:a1:c9:15:87:2a:b2:59:4c:72:
09:59:ab:ab:f8:b8:9a:63:d0:ef:49:98:e0:1c:cb:
ba:4b:90:9a:17:49:ce:fc:37:8f:c0:65:a3:f0:43:
99:29:15:d9:03:fb:20:7a:7b:66:f5:1e:1b:f0:ba:
7f:25:e8:80:f3:4a:e7:38:39:56:5e:15:16:85:6e:
16:4d:2d:ad:85:17:3f:50:1b:39:76:29:74:59:c7:
0d:05:b1:7c:15:12:68:9b:28:b7:5e:8c:76:bb:3a:
7b:50:70:fd:33:b7:e3:fa:f3:dc:d3:d5:8c:73:6d:
41:d8:dd:bd:d3:82:10:56:5d:38:51:6d:fa:05:68:
38:f7:3a:db:1b:01:79:ea:cf:7f:ac:f0:f0:54:17:
3d:78:03:57:83:7e:0c:78:6a:b7:39:74:c6:4a:94:
e8:83:67:b1:a6:09:83:8b:a2:99:22:d4:39:9c:bd:
9b:36:f1:c7:31:6f:50:30:aa:b0:1c:e4:08:2b:f8:
4d:0d:db:b5:80:00:6c:0d:3e:44:70:ca:75:3a:bf:
16:48:ba:65:b4:61:b1:e3:7f:7e:e5:21:60:2d:92:
06:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:96:06:67:FE:84:B7:97:34:86:66:17:70:2D:F2:5A:3B:0A:A7:C9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/HpYGZ_6Et5c0hmYXcC3yWjsKp8k.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
72:76:26:3e:54:16:73:80:23:46:8b:62:7f:fa:36:d2:41:7b:
83:2e:18:54:aa:d8:22:81:81:72:60:c7:9f:53:31:e5:9c:77:
50:60:3f:fe:8c:d8:2b:9b:55:91:d3:ee:11:5e:68:7a:6b:a6:
05:2c:c2:80:b4:a0:6a:5e:0d:66:f3:7b:24:bd:fd:29:3e:42:
50:ce:9f:2c:bf:ba:72:cd:69:66:fd:a7:b7:f9:dc:2c:ea:ed:
2d:6e:ac:61:fe:53:b2:eb:c6:24:ae:29:a7:b8:0b:fd:27:3a:
c6:28:d2:dd:db:28:e6:66:6c:ee:b0:61:26:03:05:00:5d:24:
e9:23:4b:2e:59:64:c8:7f:a2:85:c8:f1:47:e8:69:21:3d:b3:
f4:9e:b1:15:94:e3:5c:11:48:71:2f:7f:2d:a7:52:cf:22:7e:
e0:a4:37:9e:0a:99:77:ed:d9:56:41:87:6b:47:96:11:0b:85:
e0:6a:26:a5:bb:8c:4a:6a:a5:88:3e:62:94:c9:5f:66:8a:d6:
56:56:92:7e:d2:46:b4:04:14:b7:a9:dd:26:30:d0:3c:dc:be:
22:50:66:f0:12:bd:0f:83:50:03:2b:22:c4:dd:ad:c6:b8:d8:
0f:49:aa:4f:bb:16:14:fe:96:f5:75:4f:cf:b2:b9:82:29:97:
8b:0e:72:1d
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQPEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTUw
NDIyNTJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDFFOTYwNjY3RkU4NEI3
OTczNDg2NjYxNzcwMkRGMjVBM0IwQUE3QzkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDUXPkPTQpAmEZdZAMeAKaYwMS1G6YM2TYA29TDEaEwsMw2XaHJ
FYcqsllMcglZq6v4uJpj0O9JmOAcy7pLkJoXSc78N4/AZaPwQ5kpFdkD+yB6e2b1
Hhvwun8l6IDzSuc4OVZeFRaFbhZNLa2FFz9QGzl2KXRZxw0FsXwVEmibKLdejHa7
OntQcP0zt+P689zT1YxzbUHY3b3TghBWXThRbfoFaDj3OtsbAXnqz3+s8PBUFz14
A1eDfgx4arc5dMZKlOiDZ7GmCYOLopki1DmcvZs28ccxb1AwqrAc5Agr+E0N27WA
AGwNPkRwynU6vxZIumW0YbHjf37lIWAtkgZXAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUHpYGZ/6Et5c0hmYXcC3yWjsKp8kwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0hwWUdaXzZFdDVjMGht
WVhjQzN5V2pzS3A4ay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAHJ2Jj5UFnOAI0aL
Yn/6NtJBe4MuGFSq2CKBgXJgx59TMeWcd1BgP/6M2CubVZHT7hFeaHprpgUswoC0
oGpeDWbzeyS9/Sk+QlDOnyy/unLNaWb9p7f53Czq7S1urGH+U7LrxiSuKae4C/0n
OsYo0t3bKOZmbO6wYSYDBQBdJOkjSy5ZZMh/ooXI8UfoaSE9s/SesRWU41wRSHEv
fy2nUs8ifuCkN54KmXft2VZBh2tHlhELheBqJqW7jEpqpYg+YpTJX2aK1lZWkn7S
RrQEFLep3SYw0DzcviJQZvASvQ+DUAMrIsTdrca42A9Jqk+7FhT+lvV1T8+yuYIp
l4sOch0=
-----END CERTIFICATE-----
Generated at Fri Jun 20 23:06:58 2025 by rpki-client