Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/UFbMAJ3gk-bx1UZf4P0wgaRrx3Y.roa
File: UFbMAJ3gk-bx1UZf4P0wgaRrx3Y.roa (raw, json)
Hash identifier: Giqf0913nAlC2fXEP3ueegVTzIZ47KBv0iqc5qBVfX0=
Subject key identifier: 50:56:CC:00:9D:E0:93:E6:F1:D5:46:5F:E0:FD:30:81:A4:6B:C7:76
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3A89
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/UFbMAJ3gk-bx1UZf4P0wgaRrx3Y.roa
Signing time: Sat 06 Apr 2024 15:22:29 +0000
ROA not before: Sat 06 Apr 2024 15:22:29 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14985 (0x3a89)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 6 15:22:29 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5056CC009DE093E6F1D5465FE0FD3081A46BC776
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:a7:87:b1:a4:50:d8:d9:9f:78:8a:dc:a1:ef:
d4:e5:b0:b5:2a:60:05:fa:4a:41:e5:28:b5:c2:2f:
cf:b4:23:ca:91:f0:f9:51:41:96:7d:82:ea:dd:38:
e9:13:97:b1:4c:e6:ee:f8:14:03:5e:2b:50:23:a5:
a8:c2:d0:c8:10:4c:4b:3c:d4:22:e5:bc:94:e7:88:
0a:92:32:c6:c7:69:fc:1c:6d:cb:c5:80:d0:96:1a:
0f:b5:97:9f:ef:7c:aa:0d:ba:1d:3f:45:dd:43:b0:
56:af:6b:49:69:95:b4:9e:fc:87:5b:12:94:34:d8:
bd:cc:21:e1:a8:4b:76:4a:13:bd:d5:0b:cf:a8:67:
50:ba:69:5d:67:12:e2:c8:1b:87:47:06:91:c0:8a:
a6:a7:e6:81:68:a3:7d:05:79:2d:a9:a6:92:11:13:
f3:09:a8:bf:13:7a:15:22:c8:4e:03:47:bc:b6:95:
39:ae:71:fd:2a:93:70:92:e8:02:47:a9:16:0b:4d:
44:66:fb:e9:ba:9a:67:ea:c6:29:0b:77:33:ff:42:
cd:b3:5a:6f:ec:2d:50:bd:22:2f:68:35:97:16:ae:
9d:0d:69:79:0b:bf:17:c7:43:01:9f:fd:71:aa:b7:
8f:8e:0c:db:50:87:fb:ae:f6:25:96:33:2e:15:20:
a8:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
50:56:CC:00:9D:E0:93:E6:F1:D5:46:5F:E0:FD:30:81:A4:6B:C7:76
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/UFbMAJ3gk-bx1UZf4P0wgaRrx3Y.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
6f:81:48:a8:72:72:f3:a4:89:ef:78:3f:20:36:be:a9:51:b2:
1d:69:e1:bd:93:29:96:df:4f:4f:e2:2b:c7:52:3a:f7:58:91:
f9:6c:eb:97:11:5a:2e:f5:40:2c:67:f2:20:61:0e:ef:d9:dd:
f1:e1:73:7f:c3:09:46:52:38:5c:23:06:4f:f2:55:95:ed:06:
d2:da:d5:3a:9e:e4:ec:98:da:b6:00:cf:dc:6f:a0:15:0b:bc:
30:c7:f6:30:3e:82:c2:5e:65:7b:e2:56:08:9c:d0:23:fe:d4:
e1:08:39:57:6f:2a:dd:34:9d:fd:08:ab:d0:09:a8:5f:13:e3:
82:fd:0e:a9:54:53:ec:eb:10:12:4e:84:95:67:20:ca:4c:e8:
cb:a5:df:bc:1a:83:1d:8a:54:21:b6:61:50:54:80:3f:4b:99:
4d:2a:7e:cd:25:24:2c:cf:f1:07:17:40:a4:5e:68:00:92:1e:
62:d3:ba:8d:ba:f7:f7:7b:6a:4d:96:cf:35:2c:9c:86:f2:ef:
8d:60:63:31:c9:17:d3:1a:29:47:8c:dd:0c:36:9d:fe:06:20:
79:7a:16:ff:b0:7c:24:9a:c7:91:f9:42:ea:f2:71:0c:cf:d9:
c3:da:43:94:4b:08:8c:81:f7:67:e8:49:45:66:91:d1:af:84:
11:05:52:74
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICOokwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDYx
NTIyMjlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDUwNTZDQzAwOURFMDkz
RTZGMUQ1NDY1RkUwRkQzMDgxQTQ2QkM3NzYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+p4expFDY2Z94ityh79TlsLUqYAX6SkHlKLXCL8+0I8qR8PlR
QZZ9gurdOOkTl7FM5u74FANeK1AjpajC0MgQTEs81CLlvJTniAqSMsbHafwcbcvF
gNCWGg+1l5/vfKoNuh0/Rd1DsFava0lplbSe/IdbEpQ02L3MIeGoS3ZKE73VC8+o
Z1C6aV1nEuLIG4dHBpHAiqan5oFoo30FeS2pppIRE/MJqL8TehUiyE4DR7y2lTmu
cf0qk3CS6AJHqRYLTURm++m6mmfqxikLdzP/Qs2zWm/sLVC9Ii9oNZcWrp0NaXkL
vxfHQwGf/XGqt4+ODNtQh/uu9iWWMy4VIKhNAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUUFbMAJ3gk+bx1UZf4P0wgaRrx3YwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1VGYk1BSjNnay1ieDFV
WmY0UDB3Z2FScngzWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAG+BSKhycvOkie94
PyA2vqlRsh1p4b2TKZbfT0/iK8dSOvdYkfls65cRWi71QCxn8iBhDu/Z3fHhc3/D
CUZSOFwjBk/yVZXtBtLa1Tqe5OyY2rYAz9xvoBULvDDH9jA+gsJeZXviVgic0CP+
1OEIOVdvKt00nf0Iq9AJqF8T44L9DqlUU+zrEBJOhJVnIMpM6Mul37wagx2KVCG2
YVBUgD9LmU0qfs0lJCzP8QcXQKReaACSHmLTuo269/d7ak2WzzUsnIby741gYzHJ
F9MaKUeM3Qw2nf4GIHl6Fv+wfCSax5H5QurycQzP2cPaQ5RLCIyB92foSUVmkdGv
hBEFUnQ=
-----END CERTIFICATE-----
Generated at Sun Jun 22 07:11:35 2025 by rpki-client