Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Xe_tArLG5lFuWBIkEBZyfAkhp6Q.roa
File: Xe_tArLG5lFuWBIkEBZyfAkhp6Q.roa (raw, json)
Hash identifier: /VE5EnAaVGGd4U7yAE2XQp29u14TdURjX+/5G1wAoUY=
Subject key identifier: 5D:EF:ED:02:B2:C6:E6:51:6E:58:12:24:10:16:72:7C:09:21:A7:A4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5711
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Xe_tArLG5lFuWBIkEBZyfAkhp6Q.roa
Signing time: Tue 14 May 2024 16:24:14 +0000
ROA not before: Tue 14 May 2024 16:24:14 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22289 (0x5711)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 14 16:24:14 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=5DEFED02B2C6E6516E5812241016727C0921A7A4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:f8:2c:7c:cf:75:b6:15:1b:10:c5:95:21:74:
2d:b9:c0:de:5e:f6:8d:c9:10:36:05:c0:8a:89:82:
06:90:ac:e9:64:9f:da:fa:f5:8d:6b:79:56:ef:db:
a7:10:0e:85:30:a1:ab:84:da:17:fe:31:19:ed:30:
26:74:80:c7:be:d2:b9:22:54:71:ad:c2:6a:c7:43:
26:f0:96:b6:60:99:db:6f:38:f1:1d:4b:d8:5e:57:
fd:c1:2e:27:5f:ea:47:d7:c8:b1:98:7f:0e:65:ac:
60:4a:0a:0d:52:29:e7:15:fe:5d:e3:be:dc:7c:60:
16:50:d4:f9:5a:76:0e:9c:8d:99:d7:25:8f:8c:1b:
7c:89:a4:95:34:e6:5a:ae:27:d0:9c:5a:d1:c5:f5:
fe:26:74:50:5a:a1:88:ec:f5:4b:90:14:20:c9:59:
9d:ba:db:71:47:15:ad:3a:08:ea:94:d1:41:10:25:
e2:b7:dc:01:8d:43:38:87:99:3d:e4:35:92:46:1b:
2e:ee:2a:f2:fb:4f:a9:8d:75:af:a9:ee:f9:37:fa:
73:2f:d4:ff:52:61:d9:89:f4:30:a1:b2:b5:00:f0:
04:32:87:7d:0f:83:ee:3c:53:cf:49:b2:80:f5:2d:
95:7d:56:bc:1b:93:64:2c:9a:1e:fa:76:f2:95:07:
a7:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:EF:ED:02:B2:C6:E6:51:6E:58:12:24:10:16:72:7C:09:21:A7:A4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Xe_tArLG5lFuWBIkEBZyfAkhp6Q.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
a6:d0:0b:29:b5:c1:38:ed:d1:01:f4:2c:b5:5f:8e:34:2e:82:
bb:7c:5a:c6:ff:7b:4b:98:ba:23:6a:78:9a:bc:e0:08:f0:b1:
ae:63:10:7e:a5:f8:9c:20:7e:b3:fc:0c:c4:25:7d:1b:27:df:
9d:45:d4:ae:ad:97:7e:b3:87:9f:d2:9e:e7:fd:8a:53:b1:f7:
87:b3:f3:eb:30:f0:b2:5d:75:4e:66:c2:77:9d:79:73:85:46:
59:6b:61:fd:0e:79:fe:b8:de:77:4a:e8:75:a9:21:d6:9d:f5:
18:8b:21:93:75:4b:1d:80:1c:60:d4:f4:b6:d2:9e:b4:5f:e2:
fd:b7:28:43:01:94:5b:3f:00:7e:4c:32:81:78:11:36:2a:43:
c5:09:de:21:1a:80:12:f0:c5:f6:d6:64:92:a2:2e:0c:ef:f3:
d1:12:0a:58:dd:5f:72:9c:37:a9:75:3c:b0:fd:32:4c:52:4b:
03:2b:74:04:85:38:fe:bd:d5:5d:52:8c:9b:9d:f2:f2:cd:1e:
7a:c7:12:98:6c:9a:a1:4d:b8:ef:0c:43:93:c7:8e:19:e5:df:
09:b1:8e:1a:d0:b1:d7:a5:bd:77:3c:d2:c3:4c:86:5a:f6:ae:
56:1c:5c:fd:63:71:00:77:09:ea:f2:01:87:77:63:5f:ee:e0:
89:8c:10:c7
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICVxEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTQx
NjI0MTRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDVERUZFRDAyQjJDNkU2
NTE2RTU4MTIyNDEwMTY3MjdDMDkyMUE3QTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9+Cx8z3W2FRsQxZUhdC25wN5e9o3JEDYFwIqJggaQrOlkn9r6
9Y1reVbv26cQDoUwoauE2hf+MRntMCZ0gMe+0rkiVHGtwmrHQybwlrZgmdtvOPEd
S9heV/3BLidf6kfXyLGYfw5lrGBKCg1SKecV/l3jvtx8YBZQ1Pladg6cjZnXJY+M
G3yJpJU05lquJ9CcWtHF9f4mdFBaoYjs9UuQFCDJWZ2623FHFa06COqU0UEQJeK3
3AGNQziHmT3kNZJGGy7uKvL7T6mNda+p7vk3+nMv1P9SYdmJ9DChsrUA8AQyh30P
g+48U89JsoD1LZV9Vrwbk2Qsmh76dvKVB6cDAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUXe/tArLG5lFuWBIkEBZyfAkhp6QwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1hlX3RBckxHNWxGdVdC
SWtFQlp5ZkFraHA2US5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAKbQCym1wTjt0QH0
LLVfjjQugrt8Wsb/e0uYuiNqeJq84Ajwsa5jEH6l+JwgfrP8DMQlfRsn351F1K6t
l36zh5/Snuf9ilOx94ez8+sw8LJddU5mwnedeXOFRllrYf0Oef643ndK6HWpIdad
9RiLIZN1Sx2AHGDU9LbSnrRf4v23KEMBlFs/AH5MMoF4ETYqQ8UJ3iEagBLwxfbW
ZJKiLgzv89ESCljdX3KcN6l1PLD9MkxSSwMrdASFOP691V1SjJud8vLNHnrHEphs
mqFNuO8MQ5PHjhnl3wmxjhrQsdelvXc80sNMhlr2rlYcXP1jcQB3CeryAYd3Y1/u
4ImMEMc=
-----END CERTIFICATE-----
Generated at Fri Jun 20 11:35:07 2025 by rpki-client