Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/KY4K2vt_iLyi7RWI1hmhNwDMfwI.roa
File: KY4K2vt_iLyi7RWI1hmhNwDMfwI.roa (raw, json)
Hash identifier: pn9O+bwDI4fF2V7ng8CslPa5Qwwu/vvcXrucyHn/s0E=
Subject key identifier: 29:8E:0A:DA:FB:7F:88:BC:A2:ED:15:88:D6:19:A1:37:00:CC:7F:02
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3B45
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/KY4K2vt_iLyi7RWI1hmhNwDMfwI.roa
Signing time: Sun 07 Apr 2024 14:52:31 +0000
ROA not before: Sun 07 Apr 2024 14:52:31 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15173 (0x3b45)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 7 14:52:31 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=298E0ADAFB7F88BCA2ED1588D619A13700CC7F02
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:5c:a9:d5:aa:6d:b3:a7:b8:f7:d4:6d:08:3d:
d8:2b:a3:36:d2:e9:fe:f0:ac:67:30:13:32:f1:d4:
0b:2b:31:a3:a0:1c:44:62:43:96:9c:ff:6d:cf:33:
49:cf:40:89:d3:4f:ec:fc:c6:47:8e:14:6d:a4:ad:
61:bd:e0:c2:88:b0:5c:42:ba:04:70:9b:a8:b5:76:
ca:2e:55:d1:22:fe:cd:fd:63:00:fa:7f:e2:3c:74:
92:ec:10:ae:d8:75:26:92:b4:d0:4a:b2:b3:ce:0a:
b1:a9:38:3e:9b:1c:c2:be:61:e5:03:52:84:8e:e6:
17:ec:3a:9d:bf:a4:63:15:cb:f8:17:bf:85:0f:ce:
38:22:73:90:74:33:07:d2:2a:c4:15:90:e7:5b:ec:
5f:11:8a:e0:e7:40:96:36:3f:54:98:42:d6:66:15:
d5:bf:6f:fc:10:66:0d:91:5d:ee:69:61:96:f6:d9:
40:96:87:bd:5d:19:48:9d:44:2d:1b:8d:65:bb:bc:
a5:15:e7:db:09:46:3c:cc:03:82:a3:44:44:25:69:
69:64:68:0d:ef:c4:97:5f:30:5f:10:aa:19:95:35:
94:ed:f4:06:fa:3f:0a:57:81:5c:49:6a:b0:fc:f0:
a1:a2:b2:40:8c:4d:22:4f:ae:5e:39:52:05:fb:80:
8b:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:8E:0A:DA:FB:7F:88:BC:A2:ED:15:88:D6:19:A1:37:00:CC:7F:02
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/KY4K2vt_iLyi7RWI1hmhNwDMfwI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
15:7f:9a:c5:c1:1d:62:12:8c:2c:c2:e7:57:35:9f:56:51:53:
7e:45:0a:b0:94:57:d7:d0:8d:a2:f6:e4:56:97:84:3a:ab:bb:
2f:98:e7:ab:98:83:93:1e:0b:d7:62:03:9a:00:e4:c1:bf:fc:
59:d0:bf:69:b3:28:6a:fc:b0:83:33:d8:2b:4d:4b:71:da:79:
86:35:51:1a:a8:7d:99:49:d7:c1:23:8d:c0:8b:69:4d:f5:10:
df:44:c7:cd:15:b9:8a:0a:7c:fc:ee:51:f9:52:e2:af:c8:92:
a6:aa:90:1c:9a:e8:ae:4a:7f:44:e0:0c:af:f9:28:d8:73:b6:
3c:86:fa:71:5b:c5:5a:7e:ca:1c:27:3d:08:60:17:a2:32:a9:
21:72:9f:fa:09:35:c5:ab:9c:52:e2:dc:ed:d2:2d:0b:f5:f1:
c9:79:ec:f6:c9:a1:d1:5f:37:46:c0:61:00:65:32:7b:08:bd:
cc:3a:59:76:b1:b3:d2:d4:b2:4a:86:6f:00:60:f3:08:e5:db:
6c:3a:fb:46:dc:4c:f8:89:f9:ca:41:d7:9c:60:ee:aa:e2:a4:
a2:e4:32:a7:bf:19:f9:6f:80:3b:63:da:ab:a2:be:fe:81:01:
e1:1c:a2:0d:de:d1:66:01:8d:c7:4a:9d:58:87:56:63:22:2b:
44:10:20:d2
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICO0UwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDcx
NDUyMzFaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDI5OEUwQURBRkI3Rjg4
QkNBMkVEMTU4OEQ2MTlBMTM3MDBDQzdGMDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJXKnVqm2zp7j31G0IPdgrozbS6f7wrGcwEzLx1AsrMaOgHERi
Q5ac/23PM0nPQInTT+z8xkeOFG2krWG94MKIsFxCugRwm6i1dsouVdEi/s39YwD6
f+I8dJLsEK7YdSaStNBKsrPOCrGpOD6bHMK+YeUDUoSO5hfsOp2/pGMVy/gXv4UP
zjgic5B0MwfSKsQVkOdb7F8RiuDnQJY2P1SYQtZmFdW/b/wQZg2RXe5pYZb22UCW
h71dGUidRC0bjWW7vKUV59sJRjzMA4KjREQlaWlkaA3vxJdfMF8QqhmVNZTt9Ab6
PwpXgVxJarD88KGiskCMTSJPrl45UgX7gIudAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUKY4K2vt/iLyi7RWI1hmhNwDMfwIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L0tZNEsydnRfaUx5aTdS
V0kxaG1oTndETWZ3SS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBABV/msXBHWISjCzC
51c1n1ZRU35FCrCUV9fQjaL25FaXhDqruy+Y56uYg5MeC9diA5oA5MG//FnQv2mz
KGr8sIMz2CtNS3HaeYY1URqofZlJ18EjjcCLaU31EN9Ex80VuYoKfPzuUflS4q/I
kqaqkBya6K5Kf0TgDK/5KNhztjyG+nFbxVp+yhwnPQhgF6IyqSFyn/oJNcWrnFLi
3O3SLQv18cl57PbJodFfN0bAYQBlMnsIvcw6WXaxs9LUskqGbwBg8wjl22w6+0bc
TPiJ+cpB15xg7qripKLkMqe/GflvgDtj2quivv6BAeEcog3e0WYBjcdKnViHVmMi
K0QQINI=
-----END CERTIFICATE-----
Generated at Fri Jun 20 11:42:06 2025 by rpki-client