Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/c8aiR1DLTi1qfzzATOug3w6P0u4.roa
File: c8aiR1DLTi1qfzzATOug3w6P0u4.roa (raw, json)
Hash identifier: DhqsEZMyipakepk6cs9gr2H1YltPDJ5VvGOECeyftLk=
Subject key identifier: 73:C6:A2:47:50:CB:4E:2D:6A:7F:3C:C0:4C:EB:A0:DF:0E:8F:D2:EE
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5539
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/c8aiR1DLTi1qfzzATOug3w6P0u4.roa
Signing time: Sun 12 May 2024 05:24:04 +0000
ROA not before: Sun 12 May 2024 05:24:04 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21817 (0x5539)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 12 05:24:04 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=73C6A24750CB4E2D6A7F3CC04CEBA0DF0E8FD2EE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:ba:89:fb:fd:c5:71:dc:ba:fe:8d:db:6e:b5:
24:a2:0c:ce:5e:ad:c9:79:8f:07:1c:cc:0e:a0:d3:
db:c6:c3:95:40:03:c7:11:84:5b:7c:2e:1e:6c:18:
b0:8d:cd:39:09:0b:5e:1b:11:a5:97:af:5e:e3:58:
b0:c5:81:cd:93:fc:e2:7a:58:39:38:84:87:8f:29:
7c:4e:2d:f0:6d:27:8a:0b:6e:88:18:c9:0f:8b:04:
cb:e1:01:d1:43:da:7f:4a:2b:18:a5:70:11:90:35:
87:9e:dd:db:a6:69:ee:5b:bd:cd:56:da:ed:fb:42:
4b:6f:ea:18:7e:0d:b3:95:b6:dc:14:ec:a4:92:d3:
09:0e:48:e9:22:e4:6a:7c:cd:15:9e:f0:bb:a6:49:
9c:78:56:c4:43:0a:98:20:de:96:78:bd:47:f6:0c:
b6:6a:e1:5f:47:27:8a:0a:c9:bc:64:bc:2e:51:d9:
fc:4b:7b:04:45:b4:1d:19:78:41:16:6c:51:ec:95:
d1:14:ac:c8:ae:b8:18:b4:30:cf:4c:7b:81:7d:b3:
26:c9:79:10:76:21:83:c3:a0:53:6f:3d:a4:87:36:
d3:04:09:28:04:2e:2e:38:37:a0:90:19:09:91:a6:
3a:80:fc:19:ab:42:be:d5:77:ef:32:24:b4:a1:11:
fa:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:C6:A2:47:50:CB:4E:2D:6A:7F:3C:C0:4C:EB:A0:DF:0E:8F:D2:EE
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/c8aiR1DLTi1qfzzATOug3w6P0u4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
aa:1e:83:a6:0f:77:ab:47:36:8b:66:91:e3:fa:67:08:1c:9a:
e9:ff:6e:b1:33:0a:80:1e:1a:72:5c:1e:51:a1:41:04:83:eb:
d5:c1:59:ee:ea:3f:a9:64:3d:02:e3:3c:7f:0b:48:b3:bd:8b:
3d:54:3c:2e:8a:51:9e:63:0b:df:0e:fc:1f:a5:93:ca:df:1a:
54:1e:86:6f:30:d1:f2:a8:9e:29:0a:b4:d8:08:e1:2a:52:3d:
f9:45:29:69:73:a9:c0:bb:ae:d9:1b:f0:fc:3e:43:80:ad:28:
46:31:b6:03:79:d4:c4:a5:5c:99:8f:8f:34:85:a0:d2:12:72:
24:53:20:6a:6f:61:96:38:df:71:87:cd:f9:72:06:43:c9:1b:
b6:6b:df:b0:a8:0c:20:e9:0c:f1:0f:1c:b3:cb:60:3f:55:37:
f2:ba:d9:9e:aa:ff:11:ed:35:6d:04:10:1b:d4:f4:b3:cf:65:
b0:8f:5a:f8:40:48:0e:12:25:0a:04:2e:d4:99:08:4f:2b:23:
b4:4c:10:fe:e8:0a:b6:10:32:8e:08:d2:5b:c1:14:4d:f6:e3:
ce:0c:2d:61:c8:83:27:8e:77:33:de:2e:5e:c3:e8:8f:3a:7e:
06:eb:5f:d0:b0:e1:ad:a2:84:c9:66:e0:f2:bd:b9:c5:41:3c:
37:75:1d:e4
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICVTkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTIw
NTI0MDRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDczQzZBMjQ3NTBDQjRF
MkQ2QTdGM0NDMDRDRUJBMERGMEU4RkQyRUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQChuon7/cVx3Lr+jdtutSSiDM5ercl5jwcczA6g09vGw5VAA8cR
hFt8Lh5sGLCNzTkJC14bEaWXr17jWLDFgc2T/OJ6WDk4hIePKXxOLfBtJ4oLbogY
yQ+LBMvhAdFD2n9KKxilcBGQNYee3dumae5bvc1W2u37Qktv6hh+DbOVttwU7KSS
0wkOSOki5Gp8zRWe8LumSZx4VsRDCpgg3pZ4vUf2DLZq4V9HJ4oKybxkvC5R2fxL
ewRFtB0ZeEEWbFHsldEUrMiuuBi0MM9Me4F9sybJeRB2IYPDoFNvPaSHNtMECSgE
Li44N6CQGQmRpjqA/BmrQr7Vd+8yJLShEfptAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUc8aiR1DLTi1qfzzATOug3w6P0u4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2M4YWlSMURMVGkxcWZ6
ekFUT3VnM3c2UDB1NC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAKoeg6YPd6tHNotm
keP6Zwgcmun/brEzCoAeGnJcHlGhQQSD69XBWe7qP6lkPQLjPH8LSLO9iz1UPC6K
UZ5jC98O/B+lk8rfGlQehm8w0fKonikKtNgI4SpSPflFKWlzqcC7rtkb8Pw+Q4Ct
KEYxtgN51MSlXJmPjzSFoNISciRTIGpvYZY433GHzflyBkPJG7Zr37CoDCDpDPEP
HLPLYD9VN/K62Z6q/xHtNW0EEBvU9LPPZbCPWvhASA4SJQoELtSZCE8rI7RMEP7o
CrYQMo4I0lvBFE32484MLWHIgyeOdzPeLl7D6I86fgbrX9Cw4a2ihMlm4PK9ucVB
PDd1HeQ=
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:50:53 2025 by rpki-client