Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/gIWUgp831qIZcve4ITCcKULqtfM.roa
File: gIWUgp831qIZcve4ITCcKULqtfM.roa (raw, json)
Hash identifier: za/wZM36NkO48cjBuqMCaO8wa/3K3sztU3fKkriyJm0=
Subject key identifier: 80:85:94:82:9F:37:D6:A2:19:72:F7:B8:21:30:9C:29:42:EA:B5:F3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3B5D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/gIWUgp831qIZcve4ITCcKULqtfM.roa
Signing time: Sun 07 Apr 2024 17:52:32 +0000
ROA not before: Sun 07 Apr 2024 17:52:32 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15197 (0x3b5d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 7 17:52:32 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=808594829F37D6A21972F7B821309C2942EAB5F3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ef:5a:21:1e:0f:20:d1:ba:85:3e:24:5e:d5:06:
d9:d1:c2:76:e2:1d:da:b5:8d:80:a7:24:cd:bb:f5:
9f:c3:7b:59:93:08:c6:0e:58:66:64:aa:fb:0f:23:
7c:75:ab:cd:58:24:a7:e5:68:d4:d5:6d:57:ca:bb:
73:ea:10:89:b1:ad:76:ea:15:50:8f:6c:66:76:1a:
f0:41:1e:55:dc:6f:05:d9:94:a2:3f:eb:2f:3f:b4:
8e:f6:60:e4:3a:53:56:9e:33:73:ae:4c:54:d1:34:
c8:b8:70:00:16:e7:94:dc:0f:29:f3:1c:ca:43:29:
47:b6:df:f5:9b:7d:2e:ee:74:af:01:23:ac:c6:d8:
63:0b:fb:9b:6b:79:33:cd:bc:d9:c8:ac:34:ec:26:
04:1e:56:26:8f:a2:27:d1:8a:f4:cf:c2:25:83:00:
2a:ba:38:0b:5a:cf:42:b9:a2:c5:64:66:16:dd:36:
87:bc:7e:de:a4:01:b1:90:8f:8e:11:37:89:e1:9d:
2e:fe:7e:6c:c4:b0:a8:33:84:5d:ef:45:4a:10:5a:
d6:0f:e7:f1:7f:12:44:ae:cc:03:59:e1:1b:c0:33:
33:ee:d6:3d:d2:04:fb:65:09:e1:7a:39:79:e3:cc:
d8:29:d1:d2:de:78:d3:01:34:7c:f2:ff:91:ae:93:
2d:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:85:94:82:9F:37:D6:A2:19:72:F7:B8:21:30:9C:29:42:EA:B5:F3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/gIWUgp831qIZcve4ITCcKULqtfM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
9a:57:30:2e:af:4e:7a:d1:a2:d6:ea:4d:74:ea:32:d3:6d:68:
da:69:da:83:9c:aa:85:85:47:96:fb:2c:3c:e8:d4:5f:42:85:
d0:f1:8d:82:87:40:97:ac:81:e9:57:10:3a:79:c0:e1:fc:d9:
2e:08:11:66:fc:e3:16:06:31:06:71:33:17:ee:02:0b:63:4c:
aa:d1:95:a0:c1:21:89:de:2b:e5:3e:6b:17:dd:1d:8e:2d:9a:
3a:0a:26:a0:d1:58:92:f8:a8:81:6c:82:ac:29:34:88:db:5d:
0f:c9:49:95:26:f6:ca:e6:df:d8:af:d6:6a:7a:bf:31:e7:55:
44:1d:06:1d:f9:f5:93:55:ff:61:83:47:3d:61:e2:79:97:f0:
d7:7c:eb:db:a7:ee:c7:4a:b3:bc:b2:32:0d:a3:5c:72:fd:cb:
ff:a0:9e:59:7e:75:a9:f2:89:d8:81:f1:60:00:ab:ce:49:07:
c0:d7:7f:47:7d:ba:bd:b8:69:07:51:ac:11:16:a2:6a:f9:5e:
e7:be:d4:a5:75:ab:a7:36:61:95:f2:a0:55:02:eb:de:43:e0:
9e:77:49:23:2d:e2:8b:e0:c6:e5:6d:3b:94:7e:5b:1b:bd:ec:
03:9c:2c:be:ab:46:95:84:1e:34:1e:40:49:2d:04:2f:b7:05:
d2:b4:e5:2e
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICO10wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDcx
NzUyMzJaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDgwODU5NDgyOUYzN0Q2
QTIxOTcyRjdCODIxMzA5QzI5NDJFQUI1RjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDvWiEeDyDRuoU+JF7VBtnRwnbiHdq1jYCnJM279Z/De1mTCMYO
WGZkqvsPI3x1q81YJKflaNTVbVfKu3PqEImxrXbqFVCPbGZ2GvBBHlXcbwXZlKI/
6y8/tI72YOQ6U1aeM3OuTFTRNMi4cAAW55TcDynzHMpDKUe23/WbfS7udK8BI6zG
2GML+5treTPNvNnIrDTsJgQeViaPoifRivTPwiWDACq6OAtaz0K5osVkZhbdNoe8
ft6kAbGQj44RN4nhnS7+fmzEsKgzhF3vRUoQWtYP5/F/EkSuzANZ4RvAMzPu1j3S
BPtlCeF6OXnjzNgp0dLeeNMBNHzy/5Guky1NAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUgIWUgp831qIZcve4ITCcKULqtfMwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2dJV1VncDgzMXFJWmN2
ZTRJVENjS1VMcXRmTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAJpXMC6vTnrRotbq
TXTqMtNtaNpp2oOcqoWFR5b7LDzo1F9ChdDxjYKHQJesgelXEDp5wOH82S4IEWb8
4xYGMQZxMxfuAgtjTKrRlaDBIYneK+U+axfdHY4tmjoKJqDRWJL4qIFsgqwpNIjb
XQ/JSZUm9srm39iv1mp6vzHnVUQdBh359ZNV/2GDRz1h4nmX8Nd869un7sdKs7yy
Mg2jXHL9y/+gnll+danyidiB8WAAq85JB8DXf0d9ur24aQdRrBEWomr5Xue+1KV1
q6c2YZXyoFUC695D4J53SSMt4ovgxuVtO5R+Wxu97AOcLL6rRpWEHjQeQEktBC+3
BdK05S4=
-----END CERTIFICATE-----
Generated at Sat Jun 21 02:21:51 2025 by rpki-client