Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/RjHv0JvutkoVZxSjrBTySCnNhWY.roa
File: RjHv0JvutkoVZxSjrBTySCnNhWY.roa (raw, json)
Hash identifier: R79zbgIUG9p4havy1Ix5pf4n82HN5KmWuFf2j3/u50A=
Subject key identifier: 46:31:EF:D0:9B:EE:B6:4A:15:67:14:A3:AC:14:F2:48:29:CD:85:66
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4FD5
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/RjHv0JvutkoVZxSjrBTySCnNhWY.roa
Signing time: Sun 05 May 2024 00:54:00 +0000
ROA not before: Sun 05 May 2024 00:54:00 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20437 (0x4fd5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 5 00:54:00 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=4631EFD09BEEB64A156714A3AC14F24829CD8566
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:24:8a:30:fa:89:e7:d7:52:e0:b7:4c:6c:42:
f5:7b:2e:c6:bd:b8:a5:c3:4f:5e:b5:f6:86:fb:cd:
26:d5:c6:3b:b5:4b:de:dd:b9:e8:de:78:29:9d:93:
a9:3d:cd:b3:79:40:33:df:d1:f6:ff:fd:3e:31:2d:
3c:39:ed:b7:e5:ab:8d:d4:14:30:74:50:0a:62:93:
07:3d:da:29:e2:71:75:0c:c6:ca:f0:aa:01:06:df:
31:80:43:f5:c4:45:2b:b9:c1:b1:94:53:e1:81:7d:
ea:6b:39:56:bb:9b:1a:52:54:e6:ea:8c:a2:88:e2:
91:9b:84:b4:ab:e9:e9:ea:9a:08:6d:99:a4:78:c4:
84:d0:2d:12:30:b4:70:87:9d:be:70:19:9e:3a:88:
90:68:41:20:ad:a2:66:76:05:90:8f:d4:99:fe:7e:
c1:4f:95:b3:1a:75:63:d3:7e:e8:1e:1d:ed:5f:7b:
8a:76:a1:5b:ad:57:71:a0:00:7e:03:ec:3a:b6:50:
1f:91:f6:9b:53:9a:b4:93:05:4b:d9:19:10:d5:6c:
7b:54:93:e3:16:b1:32:a9:46:29:b1:55:c6:05:02:
13:48:a1:07:fc:fb:1e:5c:93:e2:06:9b:d4:27:b0:
35:10:a0:18:bb:e0:c0:d7:96:f4:bc:8e:e1:98:87:
2d:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:31:EF:D0:9B:EE:B6:4A:15:67:14:A3:AC:14:F2:48:29:CD:85:66
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/RjHv0JvutkoVZxSjrBTySCnNhWY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
95:77:7a:07:6d:45:44:35:9d:77:7d:e1:e4:7a:91:dc:23:81:
d8:4e:b4:37:1e:7e:02:41:01:01:2f:d3:19:e2:93:26:f6:49:
13:cb:3a:65:b6:b3:ab:e8:17:8b:93:69:ea:9b:67:01:61:99:
e4:ed:50:02:e7:65:c7:cd:ae:0e:2f:ee:b1:a5:84:53:b6:74:
63:d2:de:73:1d:61:22:f5:bc:f9:dc:6a:be:6d:e0:4a:e1:cc:
2e:2e:a3:ce:a2:c3:24:16:d4:dc:4c:0f:88:b6:7c:30:a6:06:
1c:af:a7:2f:a0:3c:7d:e1:c9:6a:9a:bf:47:11:7d:2f:7f:f1:
ab:6e:a0:cc:1f:d6:54:7f:7d:4c:cf:a8:8a:b8:6b:36:f9:f6:
d8:20:31:27:c7:50:96:9d:53:3c:83:71:36:c0:d0:3b:f2:2e:
e1:b1:2f:1d:6b:e8:54:d1:35:93:50:df:5b:76:ca:90:6b:39:
47:84:36:e1:e7:76:95:16:18:9e:a9:ce:1f:e7:cb:06:9b:2f:
44:84:4c:38:a0:8d:8e:c7:36:34:ce:c5:a5:03:ff:ae:1a:3d:
5b:5d:da:89:31:ad:26:50:db:95:2d:9c:cb:ee:2e:70:8a:c8:
f7:7d:2c:06:7b:5b:7f:92:37:2b:c4:be:58:23:dd:ae:86:66:
00:8c:7d:9b
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICT9UwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDUw
MDU0MDBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDQ2MzFFRkQwOUJFRUI2
NEExNTY3MTRBM0FDMTRGMjQ4MjlDRDg1NjYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDEJIow+onn11Lgt0xsQvV7Lsa9uKXDT1619ob7zSbVxju1S97d
uejeeCmdk6k9zbN5QDPf0fb//T4xLTw57bflq43UFDB0UApikwc92inicXUMxsrw
qgEG3zGAQ/XERSu5wbGUU+GBfeprOVa7mxpSVObqjKKI4pGbhLSr6enqmghtmaR4
xITQLRIwtHCHnb5wGZ46iJBoQSCtomZ2BZCP1Jn+fsFPlbMadWPTfugeHe1fe4p2
oVutV3GgAH4D7Dq2UB+R9ptTmrSTBUvZGRDVbHtUk+MWsTKpRimxVcYFAhNIoQf8
+x5ck+IGm9QnsDUQoBi74MDXlvS8juGYhy2vAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQURjHv0JvutkoVZxSjrBTySCnNhWYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1JqSHYwSnZ1dGtvVlp4
U2pyQlR5U0NuTmhXWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJV3egdtRUQ1nXd9
4eR6kdwjgdhOtDcefgJBAQEv0xnikyb2SRPLOmW2s6voF4uTaeqbZwFhmeTtUALn
ZcfNrg4v7rGlhFO2dGPS3nMdYSL1vPncar5t4ErhzC4uo86iwyQW1NxMD4i2fDCm
Bhyvpy+gPH3hyWqav0cRfS9/8atuoMwf1lR/fUzPqIq4azb59tggMSfHUJadUzyD
cTbA0DvyLuGxLx1r6FTRNZNQ31t2ypBrOUeENuHndpUWGJ6pzh/nywabL0SETDig
jY7HNjTOxaUD/64aPVtd2okxrSZQ25UtnMvuLnCKyPd9LAZ7W3+SNyvEvlgj3a6G
ZgCMfZs=
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:29:25 2025 by rpki-client