Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/gSirvzdzPBPya6Z7wgfyNekpcOQ.roa
File: gSirvzdzPBPya6Z7wgfyNekpcOQ.roa (raw, json)
Hash identifier: rcm+K84IxkFmTUdO1OzIWvwEvUD7lEw4PnVvSKwcI70=
Subject key identifier: 81:28:AB:BF:37:73:3C:13:F2:6B:A6:7B:C2:07:F2:35:E9:29:70:E4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4C89
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/gSirvzdzPBPya6Z7wgfyNekpcOQ.roa
Signing time: Tue 30 Apr 2024 15:23:33 +0000
ROA not before: Tue 30 Apr 2024 15:23:33 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19593 (0x4c89)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 30 15:23:33 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8128ABBF37733C13F26BA67BC207F235E92970E4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:ea:14:52:c3:df:5d:9f:e5:e3:47:2a:f9:2b:
37:9a:83:ea:e5:35:29:3c:61:ae:68:9c:a2:4d:9c:
5d:c5:fe:ef:a6:0f:f0:b4:16:47:0d:d0:df:ee:68:
4b:2f:6b:4b:ea:bb:13:49:96:ac:62:08:e6:17:dc:
7a:ba:e9:cd:86:7d:8e:a7:7c:d7:42:93:5c:0d:a8:
5e:a2:7b:3c:97:53:ac:89:61:30:16:c7:f3:1d:31:
df:8f:d1:14:af:3c:99:3c:cf:bd:2f:40:6a:8e:c2:
e3:c7:b0:9b:39:80:d1:5c:61:8f:11:8a:a2:e1:29:
80:63:05:de:86:97:10:65:bf:e8:3e:74:e0:e5:65:
ed:bd:fd:e2:b6:27:e3:3e:52:9b:17:07:92:65:c6:
2d:dd:84:35:0f:87:c9:29:68:a6:1b:be:93:1d:22:
dc:37:20:65:e6:2a:cf:31:f9:8c:8e:a2:ac:23:2f:
ae:aa:2b:ae:39:5e:5c:c4:1d:68:b4:78:91:ab:6d:
a2:57:ec:10:a4:a3:5e:26:8d:ca:bf:cf:23:bf:4d:
ec:32:e7:0a:60:e6:87:a2:cf:1c:27:0d:85:9a:43:
0c:5c:aa:06:55:32:09:76:b3:cb:03:75:be:53:7b:
73:2e:bf:52:c1:d5:d3:a5:64:85:de:04:be:a1:f0:
e6:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
81:28:AB:BF:37:73:3C:13:F2:6B:A6:7B:C2:07:F2:35:E9:29:70:E4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/gSirvzdzPBPya6Z7wgfyNekpcOQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
65:4a:9c:4d:3f:08:e9:b0:7e:c6:ca:3f:22:56:af:80:4f:fa:
ab:e5:4f:d7:f4:22:8a:30:dd:e2:16:86:db:be:f0:53:9c:6a:
e3:47:6f:4f:61:3a:af:da:b5:56:b0:f1:6b:79:3b:7d:b1:de:
39:5b:85:59:0e:7e:d8:3f:35:79:77:ff:ae:97:85:a4:8e:98:
f7:6e:83:dc:8e:d9:7c:a5:ac:68:85:ac:b7:54:18:df:fa:c1:
c0:de:ac:8e:2a:83:45:fc:f5:21:b4:42:58:34:15:66:34:5e:
d3:2e:5f:3d:dc:ad:b2:e2:d2:b0:e0:5d:c0:0a:1b:15:c7:85:
b9:85:1d:7d:f8:89:ab:72:f7:e8:a8:8b:16:4d:55:c7:63:9f:
14:26:6e:c0:46:fb:e5:c2:4c:37:51:e2:29:ab:9d:f2:fc:20:
e4:aa:df:a0:ba:cd:e4:17:ec:e4:8b:62:c0:19:88:cb:1c:80:
d3:d2:f5:79:eb:1d:c7:71:78:50:cb:72:38:40:1c:ae:3e:a3:
62:86:d9:49:26:20:3a:da:89:3a:11:30:dd:4b:fa:65:e0:0e:
88:f8:08:28:1a:07:6d:f3:46:d1:80:57:eb:80:0d:2f:9d:12:
6f:b9:b3:f3:a3:0e:bc:47:fb:82:48:16:95:47:89:85:18:60:
11:27:00:06
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICTIkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MzAx
NTIzMzNaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDgxMjhBQkJGMzc3MzND
MTNGMjZCQTY3QkMyMDdGMjM1RTkyOTcwRTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC46hRSw99dn+XjRyr5Kzeag+rlNSk8Ya5onKJNnF3F/u+mD/C0
FkcN0N/uaEsva0vquxNJlqxiCOYX3Hq66c2GfY6nfNdCk1wNqF6iezyXU6yJYTAW
x/MdMd+P0RSvPJk8z70vQGqOwuPHsJs5gNFcYY8RiqLhKYBjBd6GlxBlv+g+dODl
Ze29/eK2J+M+UpsXB5Jlxi3dhDUPh8kpaKYbvpMdItw3IGXmKs8x+YyOoqwjL66q
K645XlzEHWi0eJGrbaJX7BCko14mjcq/zyO/Tewy5wpg5oeizxwnDYWaQwxcqgZV
Mgl2s8sDdb5Te3Muv1LB1dOlZIXeBL6h8OYfAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUgSirvzdzPBPya6Z7wgfyNekpcOQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2dTaXJ2emR6UEJQeWE2
Wjd3Z2Z5TmVrcGNPUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAGVKnE0/COmwfsbK
PyJWr4BP+qvlT9f0Ioow3eIWhtu+8FOcauNHb09hOq/atVaw8Wt5O32x3jlbhVkO
ftg/NXl3/66XhaSOmPdug9yO2XylrGiFrLdUGN/6wcDerI4qg0X89SG0Qlg0FWY0
XtMuXz3crbLi0rDgXcAKGxXHhbmFHX34iaty9+ioixZNVcdjnxQmbsBG++XCTDdR
4imrnfL8IOSq36C6zeQX7OSLYsAZiMscgNPS9XnrHcdxeFDLcjhAHK4+o2KG2Ukm
IDraiToRMN1L+mXgDoj4CCgaB23zRtGAV+uADS+dEm+5s/OjDrxH+4JIFpVHiYUY
YBEnAAY=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:55:18 2025 by rpki-client