Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/P0CeFT1GczJ55r_H1mFnHcihgrM.roa
File: P0CeFT1GczJ55r_H1mFnHcihgrM.roa (raw, json)
Hash identifier: JOujJ9pAMBqsJSWJ5ljDCMAzZeGt9aD/pj5/Gb6FRNg=
Subject key identifier: 3F:40:9E:15:3D:46:73:32:79:E6:BF:C7:D6:61:67:1D:C8:A1:82:B3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 34D5
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/P0CeFT1GczJ55r_H1mFnHcihgrM.roa
Signing time: Sat 30 Mar 2024 00:52:12 +0000
ROA not before: Sat 30 Mar 2024 00:52:12 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13525 (0x34d5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 30 00:52:12 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=3F409E153D46733279E6BFC7D661671DC8A182B3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:6f:0a:af:96:8e:8d:bb:30:06:db:25:d8:fb:
af:8a:88:fb:97:aa:c4:9b:6d:da:1e:0b:e7:86:b3:
a0:bb:2f:3a:3c:7a:3b:37:af:a4:1b:cb:28:ad:a1:
5e:f5:39:af:89:a4:ef:81:c5:ff:4b:a2:16:41:63:
0e:52:26:bd:79:90:dc:af:9a:6a:91:e2:1e:72:16:
3f:69:2f:cd:b9:c5:ff:19:5e:9c:bc:84:58:f2:46:
d3:93:8f:c2:d1:e9:c8:fb:2e:f0:08:7f:32:03:25:
f3:5d:fa:50:27:e1:f5:ac:04:96:64:32:40:2d:92:
b9:58:5a:02:4d:45:22:aa:15:56:72:b6:b3:7f:ed:
4b:39:73:90:14:4e:35:d9:78:9b:23:ca:2c:29:0f:
0a:c9:65:a8:46:2b:d9:45:91:49:aa:4c:8d:6d:1b:
79:d1:8f:3c:5a:1d:9f:cb:6d:87:93:15:ba:f9:a4:
cc:7f:35:88:df:3b:1c:35:23:4f:e0:f7:85:98:b5:
c9:68:67:34:ac:f2:b6:8e:89:27:5f:1d:56:9c:0f:
77:30:5f:c7:ed:2e:c7:8a:c5:12:20:0a:18:4f:14:
1b:15:c8:31:f1:a9:0f:64:ed:45:90:5d:77:ac:65:
16:2a:a7:6b:9e:12:74:c8:ae:07:0a:73:59:b1:d8:
94:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:40:9E:15:3D:46:73:32:79:E6:BF:C7:D6:61:67:1D:C8:A1:82:B3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/P0CeFT1GczJ55r_H1mFnHcihgrM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
27:6e:6e:30:ff:0c:b4:d3:e9:64:3c:0c:cb:fd:83:fb:13:bb:
16:ea:e6:9f:09:92:07:96:cc:73:b4:0d:29:9c:33:16:99:28:
6e:3e:7a:b4:59:a0:ad:46:6c:c4:aa:31:f0:73:83:fa:26:27:
54:d1:b7:73:f1:9b:0d:3b:85:3f:ab:9d:9d:ce:f7:7f:2c:3d:
96:04:29:e6:c7:a2:ce:52:b8:63:2c:2d:e1:92:d6:c4:00:13:
42:94:0a:26:2c:74:7b:fb:c0:74:b6:dc:da:bf:54:41:ae:49:
55:d3:e7:27:5d:b2:33:35:be:93:d8:41:3c:eb:08:e9:6f:04:
e5:b3:a4:c0:1d:2a:9f:39:e7:e9:ed:54:39:29:84:37:c9:69:
6d:39:ec:e7:e3:46:57:95:c4:dd:d7:eb:c4:e7:b0:8e:1b:c9:
31:65:a3:23:9a:7e:d5:78:b0:28:23:4c:f5:5c:04:c1:33:d8:
a9:b6:7e:5f:43:69:44:f7:7f:39:9e:b4:a6:97:7f:45:36:cc:
ad:c0:a4:14:47:3c:e9:32:a6:08:a2:c7:24:37:6a:90:43:9f:
14:8c:78:e4:1c:5b:01:29:a3:96:1d:81:cf:39:16:39:c7:b0:
8c:3f:2d:7a:15:8e:10:c6:54:79:40:87:12:21:79:e7:08:7c:
97:3f:df:1e
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICNNUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzAw
MDUyMTJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDNGNDA5RTE1M0Q0Njcz
MzI3OUU2QkZDN0Q2NjE2NzFEQzhBMTgyQjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9bwqvlo6NuzAG2yXY+6+KiPuXqsSbbdoeC+eGs6C7Lzo8ejs3
r6QbyyitoV71Oa+JpO+Bxf9LohZBYw5SJr15kNyvmmqR4h5yFj9pL825xf8ZXpy8
hFjyRtOTj8LR6cj7LvAIfzIDJfNd+lAn4fWsBJZkMkAtkrlYWgJNRSKqFVZytrN/
7Us5c5AUTjXZeJsjyiwpDwrJZahGK9lFkUmqTI1tG3nRjzxaHZ/LbYeTFbr5pMx/
NYjfOxw1I0/g94WYtcloZzSs8raOiSdfHVacD3cwX8ftLseKxRIgChhPFBsVyDHx
qQ9k7UWQXXesZRYqp2ueEnTIrgcKc1mx2JTzAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUP0CeFT1GczJ55r/H1mFnHcihgrMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1AwQ2VGVDFHY3pKNTVy
X0gxbUZuSGNpaGdyTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBACdubjD/DLTT6WQ8
DMv9g/sTuxbq5p8JkgeWzHO0DSmcMxaZKG4+erRZoK1GbMSqMfBzg/omJ1TRt3Px
mw07hT+rnZ3O938sPZYEKebHos5SuGMsLeGS1sQAE0KUCiYsdHv7wHS23Nq/VEGu
SVXT5yddsjM1vpPYQTzrCOlvBOWzpMAdKp855+ntVDkphDfJaW057OfjRleVxN3X
68TnsI4byTFloyOaftV4sCgjTPVcBMEz2Km2fl9DaUT3fzmetKaXf0U2zK3ApBRH
POkypgiixyQ3apBDnxSMeOQcWwEpo5Ydgc85FjnHsIw/LXoVjhDGVHlAhxIheecI
fJc/3x4=
-----END CERTIFICATE-----
Generated at Sun Jun 22 13:43:28 2025 by rpki-client