Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/VlQAkcpHTViqoD94pEAV5SBhSjE.roa
File: VlQAkcpHTViqoD94pEAV5SBhSjE.roa (raw, json)
Hash identifier: /l4JaL0UyCbT1PmRhgaVnBs1qizrHuyPsSaJK4nfjKc=
Subject key identifier: 56:54:00:91:CA:47:4D:58:AA:A0:3F:78:A4:40:15:E5:20:61:4A:31
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3F7D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/VlQAkcpHTViqoD94pEAV5SBhSjE.roa
Signing time: Sat 13 Apr 2024 05:53:19 +0000
ROA not before: Sat 13 Apr 2024 05:53:19 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16253 (0x3f7d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 13 05:53:19 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=56540091CA474D58AAA03F78A44015E520614A31
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:c6:ca:a3:b3:70:c6:de:7e:1c:ee:b8:36:30:
a7:0c:7e:25:18:b3:6b:00:e8:7c:77:a1:60:fe:70:
54:d7:cb:a4:cc:67:86:86:a7:bb:ad:a0:38:a8:25:
c4:96:fc:a0:c4:53:46:4f:68:d5:56:d5:25:19:ec:
04:81:7b:31:3a:a6:2e:dc:10:c0:e1:2e:a2:62:9d:
1b:33:31:1d:23:26:ea:d3:41:83:93:f3:24:99:f6:
83:bc:e3:5f:66:f3:bf:6e:d0:ed:be:9b:72:e1:c7:
6b:8d:03:a1:00:25:4f:1c:d7:8f:d1:fa:ef:9e:c7:
17:54:0d:be:09:7d:d6:72:12:b7:41:f4:fa:a8:97:
64:73:8d:2c:a1:f0:5d:59:2f:36:73:09:f8:bc:e6:
4c:5a:f1:12:e0:c5:34:6b:91:81:8c:5e:3a:05:c9:
23:c2:d2:c9:fc:7b:e7:05:f6:33:82:bf:de:0e:67:
6b:dd:60:14:57:98:4c:55:f6:d1:87:0e:14:4a:d9:
02:40:eb:df:fa:89:62:eb:c0:ce:74:b2:71:de:3a:
b1:8b:bf:3d:81:07:6e:c7:f4:f1:38:0e:da:7c:8a:
86:ec:a2:59:e3:86:3c:61:61:e2:10:12:af:4c:3a:
06:a6:d1:fd:b8:7e:70:66:b6:ce:3b:a7:28:74:aa:
f7:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:54:00:91:CA:47:4D:58:AA:A0:3F:78:A4:40:15:E5:20:61:4A:31
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/VlQAkcpHTViqoD94pEAV5SBhSjE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
80:df:29:5e:9d:42:e8:22:60:92:d9:bf:d5:4b:dd:e7:53:6b:
c3:a5:66:12:16:ad:9d:c4:23:e3:b9:04:e9:6c:e1:bd:12:4f:
1d:52:f9:60:33:df:50:89:c8:5a:74:62:05:28:65:77:f4:28:
50:32:63:fe:53:06:b5:35:92:8b:92:61:b2:e2:16:c0:4c:19:
d0:8e:39:b1:9e:30:6c:b7:a4:6d:ef:4d:48:c6:00:1a:16:d4:
f9:2b:02:0a:5b:cf:10:17:27:ab:81:e6:be:18:b8:9e:b3:7b:
44:41:74:8f:75:e1:5e:43:ab:da:09:3e:a6:e3:61:f0:5e:a7:
36:6a:19:24:61:84:0a:dc:73:ab:ab:6c:82:eb:c4:e6:3b:c6:
6d:6c:10:c3:60:20:24:df:95:a8:ae:de:a8:1c:56:a1:9d:4f:
70:9a:3d:1f:46:fd:38:2c:ca:f1:fe:6a:24:c2:92:14:1c:86:
94:54:a3:cc:9d:ed:fc:42:6e:d5:cf:66:eb:2d:c0:95:8f:a0:
f6:12:a5:b3:5c:1f:c5:e3:ed:75:04:84:36:f2:9b:e8:dd:be:
b4:87:63:cd:9b:12:a5:2a:3b:08:c4:30:52:bf:35:7b:26:70:
21:36:d8:d1:91:b1:db:db:f1:49:ec:31:b0:72:b6:e2:49:a7:
8f:36:71:f3
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICP30wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTMw
NTUzMTlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDU2NTQwMDkxQ0E0NzRE
NThBQUEwM0Y3OEE0NDAxNUU1MjA2MTRBMzEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDExsqjs3DG3n4c7rg2MKcMfiUYs2sA6Hx3oWD+cFTXy6TMZ4aG
p7utoDioJcSW/KDEU0ZPaNVW1SUZ7ASBezE6pi7cEMDhLqJinRszMR0jJurTQYOT
8ySZ9oO8419m879u0O2+m3Lhx2uNA6EAJU8c14/R+u+exxdUDb4JfdZyErdB9Pqo
l2RzjSyh8F1ZLzZzCfi85kxa8RLgxTRrkYGMXjoFySPC0sn8e+cF9jOCv94OZ2vd
YBRXmExV9tGHDhRK2QJA69/6iWLrwM50snHeOrGLvz2BB27H9PE4Dtp8iobsolnj
hjxhYeIQEq9MOgam0f24fnBmts47pyh0qvchAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUVlQAkcpHTViqoD94pEAV5SBhSjEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1ZsUUFrY3BIVFZpcW9E
OTRwRUFWNVNCaFNqRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAIDfKV6dQugiYJLZ
v9VL3edTa8OlZhIWrZ3EI+O5BOls4b0STx1S+WAz31CJyFp0YgUoZXf0KFAyY/5T
BrU1kouSYbLiFsBMGdCOObGeMGy3pG3vTUjGABoW1PkrAgpbzxAXJ6uB5r4YuJ6z
e0RBdI914V5Dq9oJPqbjYfBepzZqGSRhhArcc6urbILrxOY7xm1sEMNgICTflaiu
3qgcVqGdT3CaPR9G/TgsyvH+aiTCkhQchpRUo8yd7fxCbtXPZustwJWPoPYSpbNc
H8Xj7XUEhDbym+jdvrSHY82bEqUqOwjEMFK/NXsmcCE22NGRsdvb8UnsMbBytuJJ
p482cfM=
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:37:55 2025 by rpki-client