Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/K861xJsPGOTuBDglpzH2WLSxNKU.roa
File: K861xJsPGOTuBDglpzH2WLSxNKU.roa (raw, json)
Hash identifier: IKp2Lcq+dRKS0YrINpv0p7FDbwEoNMvEOZQbp9Xk9ps=
Subject key identifier: 2B:CE:B5:C4:9B:0F:18:E4:EE:04:38:25:A7:31:F6:58:B4:B1:34:A5
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4C25
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/K861xJsPGOTuBDglpzH2WLSxNKU.roa
Signing time: Tue 30 Apr 2024 02:53:31 +0000
ROA not before: Tue 30 Apr 2024 02:53:31 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19493 (0x4c25)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 30 02:53:31 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=2BCEB5C49B0F18E4EE043825A731F658B4B134A5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:46:a2:d9:89:8d:a0:0b:ff:58:aa:db:35:a5:
b4:53:a2:8f:3f:49:60:7f:a6:5c:2c:c1:c5:8c:fb:
c9:15:17:9d:e1:04:75:81:09:10:f1:91:8b:a2:6e:
08:1b:28:44:35:80:fc:66:02:df:5e:2e:a1:7b:8b:
c2:ff:fe:99:17:6e:2e:1b:d1:b6:58:26:27:cd:c0:
a9:c3:7f:fb:0e:51:a4:3f:1b:4f:27:c9:0e:a6:09:
f5:01:56:21:0b:ff:1e:54:fc:b9:8d:45:1e:23:99:
c3:84:3a:db:3b:41:bb:0e:0c:70:f0:82:0b:bc:b2:
c3:f6:44:31:d7:c2:73:a3:b8:bc:44:de:bb:59:16:
fc:d7:15:73:32:fe:0d:c1:5f:03:8b:90:59:b8:81:
b4:6b:20:ec:91:47:2d:e3:ec:f8:4c:92:fb:bd:4d:
15:0a:34:29:0f:40:34:ad:cf:bc:13:39:15:17:de:
0b:d4:5b:a6:f5:64:e7:b7:3a:35:b9:c9:d4:70:24:
08:68:0a:8c:87:e4:af:c2:6c:fa:52:a7:29:78:30:
dd:cc:79:67:37:75:bb:5b:44:25:10:b4:fd:58:41:
35:01:1e:d1:00:af:c4:2b:7f:9e:9c:0c:36:98:2b:
bf:f8:e7:e5:c0:0a:e5:e0:8e:7c:96:c0:74:eb:ed:
45:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:CE:B5:C4:9B:0F:18:E4:EE:04:38:25:A7:31:F6:58:B4:B1:34:A5
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/K861xJsPGOTuBDglpzH2WLSxNKU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
0a:c1:a6:e7:27:31:d2:46:9d:d1:bc:50:0c:00:2e:f7:b9:40:
32:2f:43:6e:7f:88:77:5c:2c:3a:ec:d7:ed:5a:e2:7e:bd:f1:
14:92:dc:8a:b4:d1:76:bc:a1:ff:a3:14:55:71:1b:84:45:11:
39:88:e3:bb:0d:6d:c3:72:92:fe:fb:7f:57:01:6f:2e:a9:35:
40:f6:ad:30:97:61:7f:79:3b:f7:94:b7:e7:be:04:95:b8:6d:
64:bc:38:dc:92:dc:3f:79:e5:5f:9e:76:c3:37:9a:7b:eb:1e:
0e:8c:61:3c:49:33:a8:70:e1:be:e2:7f:eb:7b:43:de:f2:a4:
df:c5:03:49:cc:f6:d0:63:17:fb:c9:10:51:8d:0a:77:04:3e:
77:be:19:8f:1c:b5:e9:5f:ec:dd:7d:1a:fe:2f:ff:ef:fb:a3:
5d:ed:78:4b:a4:7d:b0:43:80:55:50:26:f9:34:34:99:39:40:
1f:3c:bf:96:9f:6c:fe:a4:b2:62:e2:89:fc:0e:36:00:eb:b5:
33:0b:19:a4:09:8d:e6:5d:c2:f3:8d:0f:25:70:cf:03:dd:86:
31:1a:af:da:5b:b1:ee:70:5b:ca:04:c9:07:e9:1c:2a:f8:08:
8b:8b:a2:3f:9c:3c:41:89:16:3a:04:ec:60:fe:fa:11:b3:ba:
4a:17:5b:52
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICTCUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MzAw
MjUzMzFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDJCQ0VCNUM0OUIwRjE4
RTRFRTA0MzgyNUE3MzFGNjU4QjRCMTM0QTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDPRqLZiY2gC/9Yqts1pbRToo8/SWB/plwswcWM+8kVF53hBHWB
CRDxkYuibggbKEQ1gPxmAt9eLqF7i8L//pkXbi4b0bZYJifNwKnDf/sOUaQ/G08n
yQ6mCfUBViEL/x5U/LmNRR4jmcOEOts7QbsODHDwggu8ssP2RDHXwnOjuLxE3rtZ
FvzXFXMy/g3BXwOLkFm4gbRrIOyRRy3j7PhMkvu9TRUKNCkPQDStz7wTORUX3gvU
W6b1ZOe3OjW5ydRwJAhoCoyH5K/CbPpSpyl4MN3MeWc3dbtbRCUQtP1YQTUBHtEA
r8Qrf56cDDaYK7/45+XACuXgjnyWwHTr7UX/AgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUK861xJsPGOTuBDglpzH2WLSxNKUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0s4NjF4SnNQR09UdUJE
Z2xwekgyV0xTeE5LVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAArBpucnMdJGndG8
UAwALve5QDIvQ25/iHdcLDrs1+1a4n698RSS3Iq00Xa8of+jFFVxG4RFETmI47sN
bcNykv77f1cBby6pNUD2rTCXYX95O/eUt+e+BJW4bWS8ONyS3D955V+edsM3mnvr
Hg6MYTxJM6hw4b7if+t7Q97ypN/FA0nM9tBjF/vJEFGNCncEPne+GY8ctelf7N19
Gv4v/+/7o13teEukfbBDgFVQJvk0NJk5QB88v5afbP6ksmLiifwONgDrtTMLGaQJ
jeZdwvONDyVwzwPdhjEar9pbse5wW8oEyQfpHCr4CIuLoj+cPEGJFjoE7GD++hGz
ukoXW1I=
-----END CERTIFICATE-----
Generated at Sun Jun 22 13:32:54 2025 by rpki-client