Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/bi15AawQp4O6aeVyQuSXz1d7BrQ.roa
File: bi15AawQp4O6aeVyQuSXz1d7BrQ.roa (raw, json)
Hash identifier: FZLWBm+wXuxwnYuevpJPlGuRjbyriCQo/3gMbqOblqs=
Subject key identifier: 6E:2D:79:01:AC:10:A7:83:BA:69:E5:72:42:E4:97:CF:57:7B:06:B4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3D11
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/bi15AawQp4O6aeVyQuSXz1d7BrQ.roa
Signing time: Wed 10 Apr 2024 00:22:37 +0000
ROA not before: Wed 10 Apr 2024 00:22:37 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15633 (0x3d11)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 10 00:22:37 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=6E2D7901AC10A783BA69E57242E497CF577B06B4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:e7:58:47:b9:2f:4f:33:08:aa:14:12:5e:bb:
92:fe:c0:3a:23:cd:f8:c9:1f:f6:17:00:a2:90:9c:
71:7c:c7:52:70:0e:60:7a:cd:a2:fe:6f:bc:cc:43:
bf:dd:fe:2a:9a:d7:b9:50:62:df:96:87:82:56:7d:
f8:88:29:7d:ef:f2:7a:6a:98:0a:cd:59:a2:41:69:
8d:50:dd:33:77:0c:ff:77:e6:83:9b:79:a8:17:c0:
c4:d4:1c:c8:6d:d1:d8:f1:de:26:3f:4f:b3:5a:fa:
77:74:6b:d5:2e:fe:12:4a:ee:4b:9a:ea:6d:e2:11:
5d:79:23:86:66:0d:ed:5d:0a:44:4a:63:53:23:e0:
37:7a:81:0d:40:bf:8c:bd:d6:b7:06:95:47:71:39:
5d:1a:32:91:82:68:9e:f2:2f:67:55:2c:c1:f0:50:
0d:b5:e6:f3:0f:10:18:6b:2a:70:33:b4:1e:30:6e:
e3:6d:32:1b:21:31:9e:92:69:6a:bc:63:1e:fb:c2:
9f:dd:25:ed:50:c8:25:4a:f8:64:0f:b5:a4:7a:2c:
1e:07:c8:99:0b:8e:10:60:b6:70:c9:bc:f2:8c:75:
94:8a:79:97:c8:1e:de:b6:64:df:07:52:b0:88:73:
90:08:8e:ce:15:c4:2c:a2:28:ba:b3:72:90:c9:f7:
d3:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:2D:79:01:AC:10:A7:83:BA:69:E5:72:42:E4:97:CF:57:7B:06:B4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/bi15AawQp4O6aeVyQuSXz1d7BrQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
7d:25:e4:d4:b0:24:1b:d6:2d:ec:87:e9:ab:39:19:26:e0:a0:
a2:61:b2:dd:cb:09:97:3c:e8:3a:99:3a:79:11:15:17:e6:e2:
87:fd:68:5d:6e:63:4b:e5:1a:fb:5c:3a:82:2b:c3:6c:8a:59:
e7:e1:fd:b5:e0:82:fd:b6:7f:96:63:e4:40:92:f0:65:b7:a0:
dd:68:21:6d:45:74:f5:08:44:11:43:d4:9a:5d:78:b5:70:83:
62:15:e8:b8:4e:95:fe:48:1d:0a:48:c3:9f:16:12:99:1b:11:
9b:84:0c:0a:f5:7c:9e:a8:45:83:85:e3:b3:fe:02:2e:ae:5d:
86:3b:d0:fc:9f:78:a5:23:38:72:b5:fa:2a:e7:ea:c5:a7:89:
ab:65:17:b0:23:2d:47:94:f7:b5:95:84:5e:6f:7f:a8:c5:00:
fd:a1:7a:a9:2c:b2:ea:e7:fa:f8:11:f2:e2:15:6e:1b:9d:6f:
ec:f5:58:66:24:60:89:01:86:5e:a7:e9:01:c9:0e:62:0e:15:
09:f5:72:c8:f9:6f:90:1b:4e:a8:83:1b:8b:ad:19:0e:70:86:
fe:8e:0a:25:d7:a1:94:50:5b:b3:77:2b:ca:d0:9f:dd:b7:a2:
d3:48:68:17:e4:a4:16:8d:dc:e6:f9:c9:73:02:60:ef:73:b4:
e0:8b:ab:2f
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICPREwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTAw
MDIyMzdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDZFMkQ3OTAxQUMxMEE3
ODNCQTY5RTU3MjQyRTQ5N0NGNTc3QjA2QjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC551hHuS9PMwiqFBJeu5L+wDojzfjJH/YXAKKQnHF8x1JwDmB6
zaL+b7zMQ7/d/iqa17lQYt+Wh4JWffiIKX3v8npqmArNWaJBaY1Q3TN3DP935oOb
eagXwMTUHMht0djx3iY/T7Na+nd0a9Uu/hJK7kua6m3iEV15I4ZmDe1dCkRKY1Mj
4Dd6gQ1Av4y91rcGlUdxOV0aMpGCaJ7yL2dVLMHwUA215vMPEBhrKnAztB4wbuNt
MhshMZ6SaWq8Yx77wp/dJe1QyCVK+GQPtaR6LB4HyJkLjhBgtnDJvPKMdZSKeZfI
Ht62ZN8HUrCIc5AIjs4VxCyiKLqzcpDJ99NPAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUbi15AawQp4O6aeVyQuSXz1d7BrQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2JpMTVBYXdRcDRPNmFl
VnlRdVNYejFkN0JyUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAH0l5NSwJBvWLeyH
6as5GSbgoKJhst3LCZc86DqZOnkRFRfm4of9aF1uY0vlGvtcOoIrw2yKWefh/bXg
gv22f5Zj5ECS8GW3oN1oIW1FdPUIRBFD1JpdeLVwg2IV6LhOlf5IHQpIw58WEpkb
EZuEDAr1fJ6oRYOF47P+Ai6uXYY70PyfeKUjOHK1+irn6sWniatlF7AjLUeU97WV
hF5vf6jFAP2heqkssurn+vgR8uIVbhudb+z1WGYkYIkBhl6n6QHJDmIOFQn1csj5
b5AbTqiDG4utGQ5whv6OCiXXoZRQW7N3K8rQn923otNIaBfkpBaN3Ob5yXMCYO9z
tOCLqy8=
-----END CERTIFICATE-----
Generated at Sat Jun 21 23:25:05 2025 by rpki-client