Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/SmAuE2zp8B-DKCHeYvs0PgPwbq4.roa
File: SmAuE2zp8B-DKCHeYvs0PgPwbq4.roa (raw, json)
Hash identifier: TJUNoO49zMfPH8XeLXytId7q4rXZILIndRZKJ8/nhN0=
Subject key identifier: 4A:60:2E:13:6C:E9:F0:1F:83:28:21:DE:62:FB:34:3E:03:F0:6E:AE
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3F41
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/SmAuE2zp8B-DKCHeYvs0PgPwbq4.roa
Signing time: Fri 12 Apr 2024 22:22:50 +0000
ROA not before: Fri 12 Apr 2024 22:22:50 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16193 (0x3f41)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 12 22:22:50 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=4A602E136CE9F01F832821DE62FB343E03F06EAE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:4f:ac:48:51:73:15:fd:b5:6a:4b:18:f7:62:
f2:4c:d7:66:51:87:bb:98:ab:17:27:29:51:82:c5:
7f:7a:4c:0b:08:3e:90:bf:90:99:8f:d5:b3:58:a1:
6c:ea:4c:1e:c2:ec:1a:b6:4f:4d:58:38:24:4b:f8:
ae:fa:ab:ad:cb:68:1b:62:7f:e2:70:db:dd:8d:cf:
89:7a:45:69:bd:0f:53:45:ae:66:8a:b5:3b:70:7c:
03:de:ab:88:bd:7a:ef:40:c0:cf:ec:83:8c:ff:2d:
3e:10:52:f0:a3:aa:3f:64:8a:a6:43:52:eb:41:05:
93:8c:1b:34:3e:28:cf:9f:8c:63:10:98:0c:44:a5:
aa:15:2f:af:97:f7:28:a0:b0:fd:47:5f:81:cd:c2:
64:20:0e:51:4c:62:fd:00:b4:00:c5:fd:56:f1:f0:
36:e5:01:ae:f8:81:ce:77:87:c1:a3:5a:ec:c5:70:
84:ed:dd:4e:1e:e4:d0:10:3d:47:18:9b:80:98:be:
cf:34:14:c9:1f:7c:38:64:10:94:50:8e:ee:27:cb:
f6:b5:e3:35:74:bf:b6:77:ba:36:21:8e:ad:b3:60:
a7:e0:da:d8:5e:bb:d2:6a:ab:7a:d1:2e:48:c7:db:
79:25:b5:04:e7:ec:c2:eb:8f:90:5b:c6:f0:f9:d6:
83:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:60:2E:13:6C:E9:F0:1F:83:28:21:DE:62:FB:34:3E:03:F0:6E:AE
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/SmAuE2zp8B-DKCHeYvs0PgPwbq4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
98:5f:90:04:7d:a7:82:cf:28:1e:da:c8:71:89:95:6e:38:3f:
75:5f:6f:66:45:32:65:a4:57:4d:be:08:d1:cf:2d:4c:df:94:
14:ce:f8:71:95:01:96:78:97:c2:2f:6d:31:96:b8:ea:61:75:
d5:e5:a9:92:e2:f6:cc:22:5b:0e:1d:f2:1e:58:8f:45:fd:d3:
64:9d:ae:b5:fa:66:d2:4a:b8:d2:49:1b:6a:21:f8:c6:ee:81:
b8:2d:2a:2c:19:20:6a:2f:69:cc:97:31:6b:82:27:8f:a7:44:
08:a1:bf:bf:e4:b2:d7:01:e3:1b:33:6b:96:80:32:e4:a6:35:
72:df:dd:fd:98:92:fe:2e:d1:1b:7e:87:0b:8b:3f:95:75:45:
6e:d5:97:05:dc:b5:04:dd:70:09:67:dc:82:cd:48:fc:4e:45:
3f:84:27:46:b7:cf:12:e7:4c:63:13:93:76:ae:60:8a:59:ed:
b6:e7:be:c6:9a:c4:9a:50:57:3a:da:38:7f:0c:79:67:62:0c:
93:d4:b6:a8:fc:65:a0:86:90:6b:39:9f:f2:e1:e4:d9:aa:ab:
9b:6b:d9:7a:76:fd:1a:98:bc:dd:75:7f:b6:48:47:56:12:b0:
03:6c:e1:59:3d:68:26:6d:f9:9a:10:71:6c:74:c0:e3:a9:63:
ae:5d:ab:89
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICP0EwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTIy
MjIyNTBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDRBNjAyRTEzNkNFOUYw
MUY4MzI4MjFERTYyRkIzNDNFMDNGMDZFQUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDUT6xIUXMV/bVqSxj3YvJM12ZRh7uYqxcnKVGCxX96TAsIPpC/
kJmP1bNYoWzqTB7C7Bq2T01YOCRL+K76q63LaBtif+Jw292Nz4l6RWm9D1NFrmaK
tTtwfAPeq4i9eu9AwM/sg4z/LT4QUvCjqj9kiqZDUutBBZOMGzQ+KM+fjGMQmAxE
paoVL6+X9yigsP1HX4HNwmQgDlFMYv0AtADF/Vbx8DblAa74gc53h8GjWuzFcITt
3U4e5NAQPUcYm4CYvs80FMkffDhkEJRQju4ny/a14zV0v7Z3ujYhjq2zYKfg2the
u9Jqq3rRLkjH23kltQTn7MLrj5BbxvD51oPHAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUSmAuE2zp8B+DKCHeYvs0PgPwbq4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1NtQXVFMnpwOEItREtD
SGVZdnMwUGdQd2JxNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJhfkAR9p4LPKB7a
yHGJlW44P3Vfb2ZFMmWkV02+CNHPLUzflBTO+HGVAZZ4l8IvbTGWuOphddXlqZLi
9swiWw4d8h5Yj0X902SdrrX6ZtJKuNJJG2oh+MbugbgtKiwZIGovacyXMWuCJ4+n
RAihv7/kstcB4xsza5aAMuSmNXLf3f2Ykv4u0Rt+hwuLP5V1RW7VlwXctQTdcAln
3ILNSPxORT+EJ0a3zxLnTGMTk3auYIpZ7bbnvsaaxJpQVzraOH8MeWdiDJPUtqj8
ZaCGkGs5n/Lh5Nmqq5tr2Xp2/RqYvN11f7ZIR1YSsANs4Vk9aCZt+ZoQcWx0wOOp
Y65dq4k=
-----END CERTIFICATE-----
Generated at Sat Jun 21 20:05:57 2025 by rpki-client