Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ax9Q8UvL24Ukidr2iSL0ESHYkN8.roa
File: ax9Q8UvL24Ukidr2iSL0ESHYkN8.roa (raw, json)
Hash identifier: bB/3khHssrl70XDetzFtiZXkRc+w/6nqHdUWjUnn72M=
Subject key identifier: 6B:1F:50:F1:4B:CB:DB:85:24:89:DA:F6:89:22:F4:11:21:D8:90:DF
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 42F5
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ax9Q8UvL24Ukidr2iSL0ESHYkN8.roa
Signing time: Wed 17 Apr 2024 20:53:08 +0000
ROA not before: Wed 17 Apr 2024 20:53:08 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17141 (0x42f5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 17 20:53:08 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=6B1F50F14BCBDB852489DAF68922F41121D890DF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:ca:59:d8:f9:28:aa:2a:20:87:d0:6e:e8:e7:
85:5a:e5:93:c5:85:60:6c:47:f5:17:14:a9:65:97:
be:5c:c0:d2:fb:dd:cb:1f:86:b6:df:6a:30:b0:2c:
52:41:e9:d6:d4:5a:f5:6d:04:dc:b6:7a:9a:a7:12:
f7:f9:a7:13:85:b5:90:83:bb:45:75:dc:6d:f0:c2:
09:5a:84:06:74:b4:2e:41:5a:10:27:51:65:7f:7d:
ca:3f:d8:ee:a4:6f:f4:28:de:2c:1a:50:46:94:2b:
4c:d8:9e:8d:f8:93:a2:f9:b0:c2:31:d4:f4:01:47:
c9:34:76:0a:46:54:18:b2:93:72:8e:51:95:3c:f0:
91:8a:d2:76:ca:e8:17:0f:42:4f:68:b5:93:7f:a8:
2f:50:9c:1d:80:09:68:4b:b8:c6:61:0c:66:7f:28:
ac:70:10:ee:a4:1e:a9:df:49:68:f9:39:1e:1f:9a:
f4:f1:82:1f:d7:f9:ea:26:8b:8e:37:b9:0e:1c:42:
9b:69:04:63:b7:c0:3a:43:8c:7f:3c:32:f9:dc:f8:
cc:dd:46:62:28:cd:bb:4f:47:59:6d:3c:7a:97:5e:
bf:58:11:55:0f:58:51:67:e7:24:72:31:12:d1:42:
3f:9b:fe:4f:44:fd:36:18:02:99:40:84:c7:48:90:
87:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:1F:50:F1:4B:CB:DB:85:24:89:DA:F6:89:22:F4:11:21:D8:90:DF
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ax9Q8UvL24Ukidr2iSL0ESHYkN8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
31:2c:82:d7:b1:07:57:f9:cb:de:f3:e8:48:67:58:f8:cb:7e:
10:47:8e:73:e3:c5:12:fb:55:fe:1d:f9:c7:5d:ab:51:c4:60:
94:e5:a9:48:1b:bd:ed:ed:fe:ac:33:01:34:5f:80:ca:c5:eb:
bb:10:b0:07:8c:ec:49:24:b3:08:ca:b9:45:a6:ff:39:e9:f4:
7d:b1:71:57:e3:55:a9:73:0d:5c:ab:c0:6d:1f:b1:ca:f0:d2:
7d:f2:88:74:9a:1c:82:df:ec:96:d4:1a:50:28:a5:18:07:af:
13:cc:25:94:c8:a3:c0:e5:8d:44:2e:b9:d2:c4:b6:4f:02:17:
25:ea:75:81:e6:b6:68:b1:b1:03:57:d2:39:5c:bd:c3:ae:6a:
26:de:15:0c:4e:64:6e:ff:a5:b3:13:ac:ad:09:d8:27:9d:ae:
1d:89:a2:3c:67:9e:d4:ef:52:0a:33:dc:2d:5b:4e:5e:27:37:
a3:90:a2:d9:98:a2:35:0d:92:2f:32:4b:fb:33:14:29:85:61:
4b:31:3c:89:50:55:ce:b4:7d:4b:9d:69:07:9c:46:d7:9d:53:
bd:05:47:d4:19:2b:66:aa:73:96:4d:b9:69:c1:ab:07:7d:87:
7a:2d:15:8e:f0:6b:e1:61:52:e8:57:19:64:21:ab:65:62:0b:
80:e6:e5:f1
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQvUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTcy
MDUzMDhaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDZCMUY1MEYxNEJDQkRC
ODUyNDg5REFGNjg5MjJGNDExMjFEODkwREYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDGylnY+SiqKiCH0G7o54Va5ZPFhWBsR/UXFKlll75cwNL73csf
hrbfajCwLFJB6dbUWvVtBNy2epqnEvf5pxOFtZCDu0V13G3wwglahAZ0tC5BWhAn
UWV/fco/2O6kb/Qo3iwaUEaUK0zYno34k6L5sMIx1PQBR8k0dgpGVBiyk3KOUZU8
8JGK0nbK6BcPQk9otZN/qC9QnB2ACWhLuMZhDGZ/KKxwEO6kHqnfSWj5OR4fmvTx
gh/X+eomi443uQ4cQptpBGO3wDpDjH88Mvnc+MzdRmIozbtPR1ltPHqXXr9YEVUP
WFFn5yRyMRLRQj+b/k9E/TYYAplAhMdIkIdtAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUax9Q8UvL24Ukidr2iSL0ESHYkN8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2F4OVE4VXZMMjRVa2lk
cjJpU0wwRVNIWWtOOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBADEsgtexB1f5y97z
6EhnWPjLfhBHjnPjxRL7Vf4d+cddq1HEYJTlqUgbve3t/qwzATRfgMrF67sQsAeM
7EkkswjKuUWm/znp9H2xcVfjValzDVyrwG0fscrw0n3yiHSaHILf7JbUGlAopRgH
rxPMJZTIo8DljUQuudLEtk8CFyXqdYHmtmixsQNX0jlcvcOuaibeFQxOZG7/pbMT
rK0J2Cedrh2JojxnntTvUgoz3C1bTl4nN6OQotmYojUNki8yS/szFCmFYUsxPIlQ
Vc60fUudaQecRtedU70FR9QZK2aqc5ZNuWnBqwd9h3otFY7wa+FhUuhXGWQhq2Vi
C4Dm5fE=
-----END CERTIFICATE-----
Generated at Sun Jun 22 08:59:40 2025 by rpki-client