Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/fNX1VUZp_T0IV3zyD7od18u0_n4.roa
File: fNX1VUZp_T0IV3zyD7od18u0_n4.roa (raw, json)
Hash identifier: +Fk83DTAOGD/h8ufR8Js2Rjdjj3ykOzfv1PYKaCDeco=
Subject key identifier: 7C:D5:F5:55:46:69:FD:3D:08:57:7C:F2:0F:BA:1D:D7:CB:B4:FE:7E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3DD9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fNX1VUZp_T0IV3zyD7od18u0_n4.roa
Signing time: Thu 11 Apr 2024 01:22:43 +0000
ROA not before: Thu 11 Apr 2024 01:22:43 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15833 (0x3dd9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 11 01:22:43 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=7CD5F5554669FD3D08577CF20FBA1DD7CBB4FE7E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:f6:8a:e4:55:87:cf:49:3d:35:a2:e9:2d:0d:
dd:6a:95:a1:33:58:7c:e8:9e:41:a2:17:9d:7e:ad:
41:ee:2a:9b:9e:7e:b1:89:41:7a:e8:a7:03:6d:95:
72:7e:b2:66:9d:15:e6:e9:fb:ac:bb:81:48:b4:cd:
8e:4b:e9:c7:b1:a8:88:16:ce:f1:9a:d1:2c:55:22:
24:b3:45:17:2d:50:fc:55:08:de:49:a3:d0:35:77:
96:0c:f1:32:f5:f0:69:6d:e3:bd:1a:f4:2a:84:87:
4d:5e:79:19:71:3f:1b:33:d7:50:cd:8b:28:2e:fc:
e0:d7:99:3d:7e:80:a1:1d:8a:15:96:6e:26:ec:a5:
23:d1:5a:dc:b6:86:27:ee:89:9f:8d:db:bb:64:91:
49:ab:7d:7a:2d:6a:7a:c4:6d:e0:36:af:fa:b2:54:
b8:13:ef:e4:59:62:de:58:3c:97:38:eb:ab:9e:1d:
8e:e1:fd:b3:ca:a9:db:70:3b:4e:a2:79:b9:3d:43:
22:b3:d4:f3:bc:6c:12:68:74:95:ad:87:9d:a1:42:
97:ab:eb:3e:38:72:78:14:3d:3f:a6:81:e0:0d:aa:
ee:f4:6c:5f:ab:e2:a8:76:b2:47:62:f0:eb:3f:f8:
f1:52:f4:39:98:77:58:75:cd:a3:cf:d9:b8:55:8a:
32:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:D5:F5:55:46:69:FD:3D:08:57:7C:F2:0F:BA:1D:D7:CB:B4:FE:7E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/fNX1VUZp_T0IV3zyD7od18u0_n4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
2a:e9:2b:48:8d:bc:8f:8e:4e:8f:c1:5b:bc:2a:61:e8:83:41:
eb:e2:00:ee:ee:e5:bc:c0:c7:9c:29:34:44:1f:24:74:9d:d1:
22:ee:c0:d0:9a:5b:ad:92:8a:c8:55:c6:80:26:72:d0:c0:83:
a7:a0:31:85:f0:19:e5:09:f3:f6:46:5b:0a:20:42:31:9f:39:
d0:7f:67:fe:fe:17:47:5c:5b:fe:4e:f4:91:6a:19:c6:b3:84:
28:5d:08:8b:11:77:71:32:83:16:54:ae:2c:c4:98:60:3d:70:
d8:95:7b:79:ae:07:13:a6:35:90:87:61:47:e1:07:74:d6:5a:
21:ea:8f:c5:89:c7:ae:4d:0d:bb:d4:f9:87:c2:8f:93:9c:61:
52:96:82:f6:2f:9b:1f:0d:a8:da:5d:86:17:5d:67:72:66:76:
90:7b:6f:35:2b:a3:4b:55:fc:c0:24:bb:0d:c9:b8:f2:c1:88:
04:78:a5:7b:4f:bd:eb:fd:fa:80:cc:f9:fd:29:01:e7:eb:33:
f1:c4:0b:c7:1b:8f:53:e7:5e:10:75:0c:90:ff:4a:ad:af:10:
4b:ae:01:a3:0c:f7:24:d8:33:5c:72:c7:a7:99:cc:86:af:ee:
84:54:0c:c5:32:86:2c:c5:41:91:bb:1f:9f:33:34:94:a9:4b:
3b:6b:9b:6e
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICPdkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTEw
MTIyNDNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDdDRDVGNTU1NDY2OUZE
M0QwODU3N0NGMjBGQkExREQ3Q0JCNEZFN0UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDK9orkVYfPST01ouktDd1qlaEzWHzonkGiF51+rUHuKpuefrGJ
QXropwNtlXJ+smadFebp+6y7gUi0zY5L6cexqIgWzvGa0SxVIiSzRRctUPxVCN5J
o9A1d5YM8TL18Glt470a9CqEh01eeRlxPxsz11DNiygu/ODXmT1+gKEdihWWbibs
pSPRWty2hifuiZ+N27tkkUmrfXotanrEbeA2r/qyVLgT7+RZYt5YPJc466ueHY7h
/bPKqdtwO06iebk9QyKz1PO8bBJodJWth52hQper6z44cngUPT+mgeANqu70bF+r
4qh2skdi8Os/+PFS9DmYd1h1zaPP2bhVijJjAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUfNX1VUZp/T0IV3zyD7od18u0/n4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2ZOWDFWVVpwX1QwSVYz
enlEN29kMTh1MF9uNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBACrpK0iNvI+OTo/B
W7wqYeiDQeviAO7u5bzAx5wpNEQfJHSd0SLuwNCaW62SishVxoAmctDAg6egMYXw
GeUJ8/ZGWwogQjGfOdB/Z/7+F0dcW/5O9JFqGcazhChdCIsRd3EygxZUrizEmGA9
cNiVe3muBxOmNZCHYUfhB3TWWiHqj8WJx65NDbvU+YfCj5OcYVKWgvYvmx8NqNpd
hhddZ3JmdpB7bzUro0tV/MAkuw3JuPLBiAR4pXtPvev9+oDM+f0pAefrM/HEC8cb
j1PnXhB1DJD/Sq2vEEuuAaMM9yTYM1xyx6eZzIav7oRUDMUyhizFQZG7H58zNJSp
Sztrm24=
-----END CERTIFICATE-----
Generated at Sat Jun 21 11:24:28 2025 by rpki-client