Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/RdOWmTcuNlIdqHoFicGWYDocYYk.roa
File: RdOWmTcuNlIdqHoFicGWYDocYYk.roa (raw, json)
Hash identifier: 4ToEB2Guw9eev9dll1BLlYBOwmRd4ZjA0knQKaREFa0=
Subject key identifier: 45:D3:96:99:37:2E:36:52:1D:A8:7A:05:89:C1:96:60:3A:1C:61:89
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4F1D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/RdOWmTcuNlIdqHoFicGWYDocYYk.roa
Signing time: Sat 04 May 2024 01:53:47 +0000
ROA not before: Sat 04 May 2024 01:53:47 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20253 (0x4f1d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 4 01:53:47 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=45D39699372E36521DA87A0589C196603A1C6189
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:19:17:f0:f4:e1:59:1a:75:7f:1b:75:fb:77:
8b:b7:22:eb:52:20:52:53:de:a6:6a:c3:f8:5a:77:
c7:9a:58:dd:df:85:e7:b6:e3:6f:79:c1:36:24:ba:
69:ee:f7:63:2b:94:d8:d3:0f:84:ab:f9:68:2d:dd:
f5:af:fc:8e:67:ae:95:7e:95:7b:cb:b8:f2:2d:5b:
cd:ef:82:7d:54:9c:4e:31:9e:3a:29:68:23:5b:e8:
36:0d:26:7b:40:f8:a0:ab:99:ed:e0:2c:8e:bc:60:
d8:2b:d4:4a:37:4b:3d:56:87:22:04:16:04:05:ef:
09:15:06:ea:00:f8:c3:9b:a7:84:29:dd:32:58:4a:
c0:5b:b7:a7:dc:de:45:9f:09:f3:42:13:fe:eb:f7:
1b:79:cd:7c:17:80:d7:bb:d8:a6:3d:9c:96:11:ab:
83:e9:98:f9:77:2f:d0:8c:e5:30:f0:ba:d1:19:31:
41:d1:d7:a7:41:29:0d:30:5e:7a:c6:ab:47:5b:aa:
d8:67:07:f0:66:2f:08:c7:07:32:0c:31:93:1c:9e:
90:6b:90:ce:1b:98:40:07:24:9e:51:7c:6f:02:d9:
93:3f:21:41:5a:64:7e:d6:70:f0:41:39:5d:f7:c7:
48:c5:62:6d:6e:89:29:b0:3f:98:1b:c7:d3:a3:f6:
2b:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:D3:96:99:37:2E:36:52:1D:A8:7A:05:89:C1:96:60:3A:1C:61:89
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/RdOWmTcuNlIdqHoFicGWYDocYYk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
10:c2:fb:9c:12:8b:b9:f3:c2:3f:59:6c:39:4c:b4:db:34:5b:
d6:c3:23:a0:13:2b:75:a0:f1:97:06:77:80:00:81:ce:50:ea:
fe:e1:32:67:84:2d:0e:43:20:3f:e2:d2:90:c5:b5:cf:5a:60:
37:b4:39:eb:c9:e2:cc:85:ef:66:8c:8d:da:90:67:2f:9b:35:
b7:88:9d:de:36:26:32:6b:f8:99:86:b1:a5:d0:d2:e0:2c:50:
1a:78:70:ad:5d:30:76:7d:14:05:0b:16:39:71:f8:11:b9:0c:
40:28:58:02:80:3f:c9:72:c7:fd:94:ab:c5:dc:2d:95:d4:03:
a4:80:c3:20:c0:01:a9:84:aa:70:71:0e:dc:50:1b:ef:6b:bb:
b6:49:65:bb:04:6b:ca:2a:f4:1a:68:7f:80:aa:99:1d:e0:ca:
29:9f:31:b6:01:26:bb:95:6b:3d:2f:f8:5d:65:2b:da:5a:8f:
0f:ed:63:4b:ad:ad:e7:01:05:d5:16:0c:78:10:1a:2e:b1:4e:
be:df:43:32:e7:a2:5a:8d:65:4a:48:d0:ea:90:9e:2b:8e:44:
89:a6:34:f7:5b:0c:d4:18:88:34:36:23:18:f7:ad:68:e1:c0:
41:3e:8a:e8:f5:6c:a7:dc:a9:82:ec:a1:87:78:f8:d3:ed:86:
5b:b1:58:9e
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICTx0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDQw
MTUzNDdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQ1RDM5Njk5MzcyRTM2
NTIxREE4N0EwNTg5QzE5NjYwM0ExQzYxODkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDYGRfw9OFZGnV/G3X7d4u3IutSIFJT3qZqw/had8eaWN3fhee2
4295wTYkumnu92MrlNjTD4Sr+Wgt3fWv/I5nrpV+lXvLuPItW83vgn1UnE4xnjop
aCNb6DYNJntA+KCrme3gLI68YNgr1Eo3Sz1WhyIEFgQF7wkVBuoA+MObp4Qp3TJY
SsBbt6fc3kWfCfNCE/7r9xt5zXwXgNe72KY9nJYRq4PpmPl3L9CM5TDwutEZMUHR
16dBKQ0wXnrGq0dbqthnB/BmLwjHBzIMMZMcnpBrkM4bmEAHJJ5RfG8C2ZM/IUFa
ZH7WcPBBOV33x0jFYm1uiSmwP5gbx9Oj9isDAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQURdOWmTcuNlIdqHoFicGWYDocYYkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1JkT1dtVGN1TmxJZHFI
b0ZpY0dXWURvY1lZay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBABDC+5wSi7nzwj9Z
bDlMtNs0W9bDI6ATK3Wg8ZcGd4AAgc5Q6v7hMmeELQ5DID/i0pDFtc9aYDe0OevJ
4syF72aMjdqQZy+bNbeInd42JjJr+JmGsaXQ0uAsUBp4cK1dMHZ9FAULFjlx+BG5
DEAoWAKAP8lyx/2Uq8XcLZXUA6SAwyDAAamEqnBxDtxQG+9ru7ZJZbsEa8oq9Bpo
f4CqmR3gyimfMbYBJruVaz0v+F1lK9pajw/tY0utrecBBdUWDHgQGi6xTr7fQzLn
olqNZUpI0OqQniuORImmNPdbDNQYiDQ2Ixj3rWjhwEE+iuj1bKfcqYLsoYd4+NPt
hluxWJ4=
-----END CERTIFICATE-----
Generated at Fri Jun 20 11:47:15 2025 by rpki-client