Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/U4ULSGivjICSVrBvgYuhZIroS0Q.roa
File: U4ULSGivjICSVrBvgYuhZIroS0Q.roa (raw, json)
Hash identifier: S9KidvXZCcUUJPS9nfnVxuDcuJ5Z7L/lkkoWi6qFJIE=
Subject key identifier: 53:85:0B:48:68:AF:8C:80:92:56:B0:6F:81:8B:A1:64:8A:E8:4B:44
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 434D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/U4ULSGivjICSVrBvgYuhZIroS0Q.roa
Signing time: Thu 18 Apr 2024 07:53:25 +0000
ROA not before: Thu 18 Apr 2024 07:53:25 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17229 (0x434d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 18 07:53:25 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=53850B4868AF8C809256B06F818BA1648AE84B44
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:71:60:92:86:68:2f:e7:8e:ff:41:4e:32:5d:
1f:0a:1a:4f:aa:6e:b0:26:82:dc:f5:58:c1:e6:16:
0b:53:7d:d9:60:ee:b7:15:f5:5f:bb:80:1c:6a:8e:
29:21:d3:9f:66:27:6c:95:13:e0:98:af:0c:67:f1:
17:da:99:9e:84:39:f7:97:e8:84:93:06:99:d2:b9:
27:74:ca:72:ff:f5:15:8a:4e:72:d0:68:84:07:51:
08:ac:fa:e1:c3:07:01:bb:03:c2:ba:37:eb:bc:7a:
4a:35:98:fb:5d:00:c1:ca:d3:c1:1c:99:ef:ec:a6:
e5:a8:9e:04:62:f2:f3:43:46:f7:70:89:51:e1:a2:
c0:4d:a4:a8:08:bd:31:46:17:02:e2:ff:3b:61:8a:
e7:1f:03:e7:3f:26:af:ea:20:ef:09:d9:d4:8c:c7:
8c:5a:e2:fa:64:e7:6d:78:73:7a:ab:dd:b6:d9:49:
91:4e:3e:22:44:e1:14:a5:61:51:81:4a:a1:15:84:
c2:98:5e:e4:04:64:4f:f5:8c:55:ed:28:f4:3c:3d:
24:4c:9b:67:b6:75:2d:81:3f:5a:ba:24:e7:3f:1c:
6a:86:df:23:3d:53:67:2b:11:a0:66:06:20:4e:b8:
06:7a:d4:89:03:79:dd:34:7a:ac:bb:8a:2c:eb:8c:
72:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:85:0B:48:68:AF:8C:80:92:56:B0:6F:81:8B:A1:64:8A:E8:4B:44
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/U4ULSGivjICSVrBvgYuhZIroS0Q.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
0a:68:47:ea:ed:b5:98:ea:1f:8c:15:6c:2f:f5:17:d8:44:b8:
6d:9c:6d:3f:11:68:04:67:e3:94:84:d6:4d:f2:d3:35:29:2c:
01:a9:78:52:19:75:af:25:be:db:0c:92:94:51:34:d6:43:11:
c7:b6:a1:63:2e:ae:f3:cb:d8:03:e9:0e:a3:7f:80:4b:64:7f:
73:2f:16:0c:5a:ca:11:8c:50:b9:28:e5:72:b1:c7:e2:f1:7c:
3b:33:e7:55:37:7a:3c:62:63:99:24:cc:75:f3:53:75:9b:28:
11:b8:89:fc:d7:a0:53:ab:30:45:1b:c9:ff:64:97:61:ef:5f:
12:4c:e0:89:4a:5a:0d:52:83:83:67:af:e7:82:0a:c0:2a:78:
9c:e6:cd:b9:12:76:28:76:b8:32:f9:d9:5e:21:fa:a7:e3:3b:
33:9f:95:0d:38:36:47:c9:f1:cd:b7:95:89:ac:e3:9a:c1:5d:
62:f3:b3:b4:a5:dc:01:1c:0c:9c:a8:64:85:d0:0a:e3:33:5c:
43:a7:e2:94:f2:0e:12:6f:1a:9b:f0:f2:21:f4:ee:86:a2:67:
9d:48:7c:8d:2f:fa:fa:62:e3:c9:b0:f9:ec:50:83:7b:34:1d:
7f:1c:34:17:76:5f:d5:de:8c:98:88:48:e6:a2:53:83:73:f7:
3d:c4:04:99
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQ00wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTgw
NzUzMjVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDUzODUwQjQ4NjhBRjhD
ODA5MjU2QjA2RjgxOEJBMTY0OEFFODRCNDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCocWCShmgv547/QU4yXR8KGk+qbrAmgtz1WMHmFgtTfdlg7rcV
9V+7gBxqjikh059mJ2yVE+CYrwxn8RfamZ6EOfeX6ISTBpnSuSd0ynL/9RWKTnLQ
aIQHUQis+uHDBwG7A8K6N+u8eko1mPtdAMHK08Ecme/spuWongRi8vNDRvdwiVHh
osBNpKgIvTFGFwLi/zthiucfA+c/Jq/qIO8J2dSMx4xa4vpk5214c3qr3bbZSZFO
PiJE4RSlYVGBSqEVhMKYXuQEZE/1jFXtKPQ8PSRMm2e2dS2BP1q6JOc/HGqG3yM9
U2crEaBmBiBOuAZ61IkDed00eqy7iizrjHJVAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUU4ULSGivjICSVrBvgYuhZIroS0QwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1U0VUxTR2l2aklDU1Zy
QnZnWXVoWklyb1MwUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAApoR+rttZjqH4wV
bC/1F9hEuG2cbT8RaARn45SE1k3y0zUpLAGpeFIZda8lvtsMkpRRNNZDEce2oWMu
rvPL2APpDqN/gEtkf3MvFgxayhGMULko5XKxx+LxfDsz51U3ejxiY5kkzHXzU3Wb
KBG4ifzXoFOrMEUbyf9kl2HvXxJM4IlKWg1Sg4Nnr+eCCsAqeJzmzbkSdih2uDL5
2V4h+qfjOzOflQ04NkfJ8c23lYms45rBXWLzs7Sl3AEcDJyoZIXQCuMzXEOn4pTy
DhJvGpvw8iH07oaiZ51IfI0v+vpi48mw+exQg3s0HX8cNBd2X9XejJiISOaiU4Nz
9z3EBJk=
-----END CERTIFICATE-----
Generated at Sun Jun 22 02:21:27 2025 by rpki-client