Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/TXHlC7vbog05kN9cmrIv_hhVAGU.roa
File: TXHlC7vbog05kN9cmrIv_hhVAGU.roa (raw, json)
Hash identifier: 9/Kk716R653A2SfGadgzaktPNcHKokEwyHf7OISIEXQ=
Subject key identifier: 4D:71:E5:0B:BB:DB:A2:0D:39:90:DF:5C:9A:B2:2F:FE:18:55:00:65
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 35D5
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/TXHlC7vbog05kN9cmrIv_hhVAGU.roa
Signing time: Sun 31 Mar 2024 08:52:14 +0000
ROA not before: Sun 31 Mar 2024 08:52:14 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13781 (0x35d5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Mar 31 08:52:14 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=4D71E50BBBDBA20D3990DF5C9AB22FFE18550065
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:ce:42:c3:8d:1a:58:e6:b5:93:55:8a:be:51:
c7:74:c0:5c:41:29:18:26:d4:9b:3c:2a:21:6d:2d:
a6:1a:c5:04:7e:0f:92:4b:83:98:97:84:0c:cf:74:
a9:a2:f8:71:bb:52:57:07:b2:ed:b7:d7:82:32:97:
39:53:36:af:3f:69:32:52:c2:a3:fa:26:13:59:f4:
54:bc:4d:63:d2:4a:d3:a1:5d:82:e2:d5:28:80:63:
dd:c0:06:40:e0:24:19:37:00:f0:26:44:0d:32:64:
12:50:83:ba:e2:bd:03:16:a0:7b:c8:79:82:6e:28:
37:33:ee:66:cd:6c:61:36:97:9e:18:12:21:0d:a8:
20:ad:3b:a1:3c:14:13:f7:50:b8:13:ae:38:68:2d:
52:3e:d2:80:db:7b:7f:3a:3f:23:04:ce:6b:b2:22:
b2:11:fa:84:6f:35:93:16:2f:70:92:45:82:7a:84:
18:b5:f2:b7:a4:c9:bd:dd:b5:e6:98:58:65:94:7c:
dc:97:0e:a8:4e:9f:20:3d:8e:6c:6a:70:cc:57:bb:
ef:22:04:1d:ef:03:ac:a2:e7:a6:bd:e5:be:57:a7:
81:00:c4:d7:82:39:fc:81:85:31:ff:89:df:ea:f8:
ad:8f:83:18:a2:7c:7d:d8:37:ad:2d:13:39:d5:7a:
20:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:71:E5:0B:BB:DB:A2:0D:39:90:DF:5C:9A:B2:2F:FE:18:55:00:65
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/TXHlC7vbog05kN9cmrIv_hhVAGU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
32:35:06:7e:4c:c6:ba:dd:ac:ed:26:af:fb:a4:b3:eb:2d:35:
ff:48:24:00:54:12:8a:3f:3a:02:06:c1:33:52:e1:0a:8b:73:
38:65:f2:ac:f6:db:80:3b:1d:aa:f4:8a:5b:f5:4d:3e:7d:1a:
09:b6:38:52:41:8f:ad:e9:8a:35:dd:74:97:a2:4a:97:69:96:
aa:17:8c:ed:2f:5d:b2:55:d5:1c:f3:24:7d:ac:f1:df:9d:28:
f4:4a:07:98:7a:5e:51:fd:1b:c4:b2:07:0d:3b:de:63:c0:f2:
09:12:85:b7:5a:5e:c2:ce:d1:94:80:c5:40:87:89:d7:ba:b6:
2b:9a:b2:b8:47:2b:40:45:05:3b:4f:84:c0:26:a8:62:7e:82:
69:33:9e:f0:12:2d:ee:b0:99:24:32:e0:94:0d:f5:bd:71:90:
1d:b9:bd:f8:30:28:9a:b8:45:d0:29:01:36:b6:71:a4:54:37:
2c:d7:6c:bb:c7:65:61:1d:1b:71:7c:1a:05:3f:43:df:88:93:
0a:24:5d:71:b7:12:00:5c:5c:4a:f1:12:aa:7f:a0:fc:6d:85:
d2:f3:9e:93:2b:2f:c1:6f:2f:60:38:00:28:b9:26:6f:ee:fc:
f2:15:9f:65:b6:90:e8:0c:44:0a:dd:a8:96:30:2e:1a:8a:08:
4c:f1:00:88
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICNdUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDAzMzEw
ODUyMTRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDRENzFFNTBCQkJEQkEy
MEQzOTkwREY1QzlBQjIyRkZFMTg1NTAwNjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7zkLDjRpY5rWTVYq+Ucd0wFxBKRgm1Js8KiFtLaYaxQR+D5JL
g5iXhAzPdKmi+HG7UlcHsu2314IylzlTNq8/aTJSwqP6JhNZ9FS8TWPSStOhXYLi
1SiAY93ABkDgJBk3APAmRA0yZBJQg7rivQMWoHvIeYJuKDcz7mbNbGE2l54YEiEN
qCCtO6E8FBP3ULgTrjhoLVI+0oDbe386PyMEzmuyIrIR+oRvNZMWL3CSRYJ6hBi1
8rekyb3dteaYWGWUfNyXDqhOnyA9jmxqcMxXu+8iBB3vA6yi56a95b5Xp4EAxNeC
OfyBhTH/id/q+K2PgxiifH3YN60tEznVeiBxAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUTXHlC7vbog05kN9cmrIv/hhVAGUwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1RYSGxDN3Zib2cwNWtO
OWNtckl2X2hoVkFHVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBADI1Bn5MxrrdrO0m
r/uks+stNf9IJABUEoo/OgIGwTNS4QqLczhl8qz224A7Har0ilv1TT59Ggm2OFJB
j63pijXddJeiSpdplqoXjO0vXbJV1RzzJH2s8d+dKPRKB5h6XlH9G8SyBw073mPA
8gkShbdaXsLO0ZSAxUCHide6tiuasrhHK0BFBTtPhMAmqGJ+gmkznvASLe6wmSQy
4JQN9b1xkB25vfgwKJq4RdApATa2caRUNyzXbLvHZWEdG3F8GgU/Q9+IkwokXXG3
EgBcXErxEqp/oPxthdLznpMrL8FvL2A4ACi5Jm/u/PIVn2W2kOgMRArdqJYwLhqK
CEzxAIg=
-----END CERTIFICATE-----
Generated at Sat Jun 21 03:26:28 2025 by rpki-client