Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/I2bHkdRlzwLfzNAmW0l9hnHTtZ8.roa
File: I2bHkdRlzwLfzNAmW0l9hnHTtZ8.roa (raw, json)
Hash identifier: LKuvUhYi5IgmEbQVyYpfvUWpDpHyjmM0cGyV91U7KXo=
Subject key identifier: 23:66:C7:91:D4:65:CF:02:DF:CC:D0:26:5B:49:7D:86:71:D3:B5:9F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 51F9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/I2bHkdRlzwLfzNAmW0l9hnHTtZ8.roa
Signing time: Tue 07 May 2024 21:23:55 +0000
ROA not before: Tue 07 May 2024 21:23:55 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20985 (0x51f9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 7 21:23:55 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=2366C791D465CF02DFCCD0265B497D8671D3B59F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:97:e6:82:91:91:bd:dc:78:13:93:9a:6d:0f:
96:9f:75:65:78:13:03:a3:28:9e:f3:ae:45:ec:20:
d3:58:0f:1b:99:c4:26:2c:7e:24:f8:2a:34:5d:0c:
b3:e8:02:19:d0:85:d8:2f:bd:e9:b6:7c:0f:e0:6d:
91:0e:5d:ab:d1:39:30:12:30:d6:81:0e:d5:50:32:
f1:56:0d:ae:63:14:93:7f:dc:6a:71:00:94:7d:fb:
84:b6:83:48:87:11:d0:26:e7:bc:63:b4:cd:44:af:
76:95:15:8c:c1:4c:39:9a:ab:80:9a:fc:c9:e6:77:
2c:92:57:d2:c7:13:93:fe:ee:ad:40:b2:e2:84:b0:
57:a6:65:9a:11:13:35:c9:94:1f:b2:0f:3d:6c:aa:
89:91:f2:e8:60:5a:18:df:9c:3f:d0:55:70:f1:4a:
42:a5:c4:1d:b3:3f:e5:dd:69:12:2f:e6:7f:1c:84:
43:ba:f8:a1:56:43:1e:6a:54:43:ef:06:2e:67:e0:
45:3b:b6:c6:1b:0e:02:d7:79:f0:7c:4a:3c:55:c8:
0c:1f:3e:e0:b8:8f:dc:19:b7:ba:49:af:af:80:90:
64:10:72:24:2c:80:1c:73:27:e8:6b:32:64:4e:da:
66:9b:d7:e1:55:7f:cc:d3:2e:1d:57:6d:ae:a8:89:
c5:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:66:C7:91:D4:65:CF:02:DF:CC:D0:26:5B:49:7D:86:71:D3:B5:9F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/I2bHkdRlzwLfzNAmW0l9hnHTtZ8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
47:37:a1:9e:20:c4:4a:64:7f:0b:2d:01:4d:36:99:90:79:3a:
5d:50:f6:c1:28:af:b9:d6:ad:79:3a:b4:59:ca:ad:c1:24:d4:
37:b0:03:21:ef:16:a2:f7:e1:c4:1b:2e:07:b9:3e:89:ea:a2:
74:11:c8:85:03:ac:10:fb:52:fa:4a:96:e7:29:a6:3f:db:81:
7b:2c:0f:49:a9:ba:48:94:6d:d7:29:6f:72:1f:7d:ac:7e:57:
66:ca:f3:61:62:57:ae:10:e6:13:e7:c1:0e:3c:13:a0:9a:1f:
5b:6b:69:de:1d:be:6d:b5:52:04:6b:9a:dc:87:35:c8:01:4b:
09:73:2d:f5:ab:5c:d1:ff:cb:6f:3e:aa:69:ad:5b:0c:66:63:
4f:a4:3b:ea:f4:64:6b:7c:31:23:33:d4:a6:d7:3b:45:37:db:
2b:f9:98:13:7b:d6:15:71:1b:b1:4c:e2:75:a1:a2:c3:b7:fb:
5b:f8:10:e1:e7:90:1a:3c:bd:64:6d:2c:54:78:2a:b3:11:8f:
a7:5b:ac:ca:d0:29:74:2d:5b:8b:1b:11:f5:0b:02:ed:7b:b3:
36:fa:3a:4c:21:58:28:de:a2:37:8e:a0:ad:fd:28:e7:ab:15:
52:88:55:68:e1:df:da:ac:33:a4:1b:a2:8b:85:5b:ca:18:4a:
95:1d:31:37
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICUfkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDcy
MTIzNTVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDIzNjZDNzkxRDQ2NUNG
MDJERkNDRDAyNjVCNDk3RDg2NzFEM0I1OUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCl+aCkZG93HgTk5ptD5afdWV4EwOjKJ7zrkXsINNYDxuZxCYs
fiT4KjRdDLPoAhnQhdgvvem2fA/gbZEOXavROTASMNaBDtVQMvFWDa5jFJN/3Gpx
AJR9+4S2g0iHEdAm57xjtM1Er3aVFYzBTDmaq4Ca/MnmdyySV9LHE5P+7q1AsuKE
sFemZZoREzXJlB+yDz1sqomR8uhgWhjfnD/QVXDxSkKlxB2zP+XdaRIv5n8chEO6
+KFWQx5qVEPvBi5n4EU7tsYbDgLXefB8SjxVyAwfPuC4j9wZt7pJr6+AkGQQciQs
gBxzJ+hrMmRO2mab1+FVf8zTLh1Xba6oicWdAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUI2bHkdRlzwLfzNAmW0l9hnHTtZ8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0kyYkhrZFJsendMZnpO
QW1XMGw5aG5IVHRaOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAEc3oZ4gxEpkfwst
AU02mZB5Ol1Q9sEor7nWrXk6tFnKrcEk1DewAyHvFqL34cQbLge5PonqonQRyIUD
rBD7UvpKlucppj/bgXssD0mpukiUbdcpb3Iffax+V2bK82FiV64Q5hPnwQ48E6Ca
H1trad4dvm21UgRrmtyHNcgBSwlzLfWrXNH/y28+qmmtWwxmY0+kO+r0ZGt8MSMz
1KbXO0U32yv5mBN71hVxG7FM4nWhosO3+1v4EOHnkBo8vWRtLFR4KrMRj6dbrMrQ
KXQtW4sbEfULAu17szb6OkwhWCjeojeOoK39KOerFVKIVWjh39qsM6QboouFW8oY
SpUdMTc=
-----END CERTIFICATE-----
Generated at Sat Jun 21 13:20:01 2025 by rpki-client