Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Nt7aq4OzbQQgA5Q5XQFSi6Ygtgw.roa
File: Nt7aq4OzbQQgA5Q5XQFSi6Ygtgw.roa (raw, json)
Hash identifier: rmYd5CLjtR/5wF/Rw8YDf7pIwA+yxa71E0c48ps7d2c=
Subject key identifier: 36:DE:DA:AB:83:B3:6D:04:20:03:94:39:5D:01:52:8B:A6:20:B6:0C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 47FD
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Nt7aq4OzbQQgA5Q5XQFSi6Ygtgw.roa
Signing time: Wed 24 Apr 2024 13:53:14 +0000
ROA not before: Wed 24 Apr 2024 13:53:14 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18429 (0x47fd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 24 13:53:14 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=36DEDAAB83B36D04200394395D01528BA620B60C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:b4:36:89:a2:23:a5:f4:52:d0:59:48:40:9e:
ca:21:d9:c6:01:3c:cd:62:b5:49:f1:cf:de:5f:2f:
38:b5:c3:9b:57:44:e2:10:9e:86:ba:fb:ed:21:77:
14:fb:d4:c8:b1:65:d5:86:89:02:83:bc:04:bd:0c:
b4:0c:1b:f0:9f:a4:84:5b:32:26:0d:11:9e:50:71:
55:dd:d7:1f:ab:69:3d:de:3d:29:b4:2e:3c:7d:03:
fc:a3:51:08:a5:86:dc:e3:7d:34:6a:80:5e:fb:03:
36:e0:c6:b5:85:12:c2:49:b0:5d:06:2d:e6:d6:ce:
87:20:8e:1c:27:2f:d8:50:45:1e:97:74:c0:5c:cd:
4c:3d:6b:77:8f:3e:57:aa:da:ef:46:a4:89:20:13:
f6:49:5a:45:10:76:f5:e5:cb:2d:cc:ec:a0:09:59:
d5:d5:0d:4f:af:34:62:6d:4e:5a:fe:49:da:da:8a:
1c:a6:ab:d5:bd:ce:87:c3:00:d9:c7:ba:b2:e0:1d:
c2:4b:23:66:11:b0:02:5c:35:2e:0a:11:1e:d0:4b:
86:87:ab:1c:ed:c9:6a:19:41:aa:a6:d4:35:45:db:
92:ce:4f:8a:2f:d8:4f:e8:49:57:a8:b7:e5:0d:53:
de:5f:b2:42:bd:24:73:f4:50:d8:bb:ce:9c:e3:77:
e1:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:DE:DA:AB:83:B3:6D:04:20:03:94:39:5D:01:52:8B:A6:20:B6:0C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Nt7aq4OzbQQgA5Q5XQFSi6Ygtgw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
94:e4:de:15:31:8d:5b:46:72:5c:a5:f8:10:9d:e4:be:a2:e9:
40:48:2c:ce:fe:e6:89:b2:d7:de:61:e8:7b:f0:c1:10:d3:36:
db:41:d7:01:d0:95:b9:4a:a7:ca:f7:52:f8:82:c4:49:c0:b6:
10:93:5b:ff:91:70:d5:42:60:34:9e:42:e6:25:6a:45:89:5e:
56:9f:96:1b:32:e7:fd:84:2c:c7:e9:2e:98:7f:a0:a1:cf:ec:
79:88:09:c6:48:28:77:53:fb:c1:0f:1f:d9:f2:58:3b:89:c4:
af:66:20:4c:53:1b:c8:63:5b:04:8c:fe:d7:37:41:25:fb:a7:
1f:1c:3d:a3:d7:0c:c8:77:d4:af:d8:0c:e7:f4:ad:ab:8e:cc:
32:08:b4:ec:4a:b3:d9:2b:de:8c:ce:db:4e:a1:b0:1f:95:10:
6a:94:cb:2d:4b:e5:8c:7c:73:77:7c:58:52:da:d3:b0:60:93:
4c:64:3a:1a:cd:ad:8a:e2:f3:6a:4c:c6:d7:a8:92:45:67:7a:
09:62:c6:a0:54:d7:3c:33:50:c7:ea:74:42:85:d9:96:02:47:
f5:67:6f:b9:b5:62:71:40:b5:e3:a6:c7:2b:6c:1c:db:ac:b3:
8c:11:e1:36:4a:81:f9:f2:01:50:9a:52:e1:4d:35:89:d1:fd:
47:90:bc:59
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICR/0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjQx
MzUzMTRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDM2REVEQUFCODNCMzZE
MDQyMDAzOTQzOTVEMDE1MjhCQTYyMEI2MEMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDFtDaJoiOl9FLQWUhAnsoh2cYBPM1itUnxz95fLzi1w5tXROIQ
noa6++0hdxT71MixZdWGiQKDvAS9DLQMG/CfpIRbMiYNEZ5QcVXd1x+raT3ePSm0
Ljx9A/yjUQilhtzjfTRqgF77AzbgxrWFEsJJsF0GLebWzocgjhwnL9hQRR6XdMBc
zUw9a3ePPleq2u9GpIkgE/ZJWkUQdvXlyy3M7KAJWdXVDU+vNGJtTlr+Sdraihym
q9W9zofDANnHurLgHcJLI2YRsAJcNS4KER7QS4aHqxztyWoZQaqm1DVF25LOT4ov
2E/oSVeot+UNU95fskK9JHP0UNi7zpzjd+FdAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUNt7aq4OzbQQgA5Q5XQFSi6YgtgwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L050N2FxNE96YlFRZ0E1
UTVYUUZTaTZZZ3Rndy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJTk3hUxjVtGclyl
+BCd5L6i6UBILM7+5omy195h6HvwwRDTNttB1wHQlblKp8r3UviCxEnAthCTW/+R
cNVCYDSeQuYlakWJXlaflhsy5/2ELMfpLph/oKHP7HmICcZIKHdT+8EPH9nyWDuJ
xK9mIExTG8hjWwSM/tc3QSX7px8cPaPXDMh31K/YDOf0rauOzDIItOxKs9kr3ozO
206hsB+VEGqUyy1L5Yx8c3d8WFLa07Bgk0xkOhrNrYri82pMxteokkVneglixqBU
1zwzUMfqdEKF2ZYCR/Vnb7m1YnFAteOmxytsHNuss4wR4TZKgfnyAVCaUuFNNYnR
/UeQvFk=
-----END CERTIFICATE-----
Generated at Sat Jun 21 03:59:12 2025 by rpki-client