Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/heolvgZDaLjf5auM89G6HlG2LvI.roa
File: heolvgZDaLjf5auM89G6HlG2LvI.roa (raw, json)
Hash identifier: ADStDF0KA9C7EPSJaO8FCNuW5RmJvWaGRIwgml8O6vo=
Subject key identifier: 85:EA:25:BE:06:43:68:B8:DF:E5:AB:8C:F3:D1:BA:1E:51:B6:2E:F2
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4B39
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/heolvgZDaLjf5auM89G6HlG2LvI.roa
Signing time: Sun 28 Apr 2024 21:23:29 +0000
ROA not before: Sun 28 Apr 2024 21:23:29 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 19257 (0x4b39)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 28 21:23:29 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=85EA25BE064368B8DFE5AB8CF3D1BA1E51B62EF2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:5f:12:e9:5f:51:91:a3:07:9a:fc:a1:67:8f:
49:f8:b3:b9:ba:4d:4c:a1:93:9d:8c:54:05:10:3f:
3c:96:c1:d1:1d:bb:9f:6a:04:31:14:13:4f:1a:01:
46:3b:fe:ba:53:cc:c3:db:ce:d2:ac:cc:11:45:ed:
66:15:7e:d2:0c:e9:07:85:11:ba:b6:e9:79:6e:d8:
fb:3f:96:3a:bf:72:05:19:90:ec:8b:00:33:f7:67:
30:bb:6f:bc:d3:c9:06:2f:20:b2:fb:c0:fb:28:f4:
66:3c:94:02:c0:e4:ec:71:0c:dc:12:3b:06:47:17:
24:7b:28:92:e8:fe:85:ed:21:36:ee:0a:f1:b3:29:
5a:c8:38:39:b6:7d:f2:29:74:22:f5:7f:57:50:fd:
0d:fe:99:bb:1b:74:66:b1:cb:92:b3:89:8e:ad:95:
a6:64:a1:e3:08:52:d5:c2:0d:4b:dc:0e:ff:dc:da:
71:7e:f9:59:76:1f:98:00:5f:74:4d:f7:13:c3:d1:
bb:8e:24:8a:9c:7e:a7:be:10:60:1e:62:67:f3:26:
ba:db:67:5a:a5:84:1a:35:66:c4:be:3c:46:39:33:
3d:fd:de:1b:54:f8:10:c5:04:9e:08:19:c4:8f:56:
86:b6:a3:b8:c2:98:2a:1f:d1:a5:dc:11:ae:eb:44:
48:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:EA:25:BE:06:43:68:B8:DF:E5:AB:8C:F3:D1:BA:1E:51:B6:2E:F2
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/heolvgZDaLjf5auM89G6HlG2LvI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
74:f9:37:e2:91:d1:65:82:d9:59:67:24:8e:fb:20:a2:dd:eb:
4f:4e:d1:18:b5:d7:ca:82:51:d1:fb:84:a0:95:6a:9d:39:5c:
83:d2:7e:8d:90:71:ae:76:3a:4c:59:a2:b7:94:fb:fd:06:c8:
13:17:37:35:e0:80:d2:52:c2:12:cd:6c:70:7c:78:4a:0f:7c:
9d:00:02:3c:7a:70:ce:3b:ce:cb:19:cd:9e:f1:97:03:0e:23:
c6:32:2b:6d:45:c2:48:f1:9f:ed:3f:ee:9b:cc:26:a8:da:e2:
11:76:82:98:b2:61:65:df:e4:75:0b:85:be:d7:fc:5a:7c:b4:
5d:d1:ef:fb:3d:08:41:2e:24:06:48:13:a3:a1:2e:91:39:3d:
73:3b:3c:80:c3:b4:c3:ad:e5:45:be:03:15:4c:c7:23:78:b3:
26:48:92:7e:f4:cf:60:7c:a7:40:c2:00:4e:be:41:9c:ba:97:
cb:f3:0b:cd:51:a0:da:e5:d8:bc:1c:a6:f4:2c:11:cb:c1:50:
30:d0:d7:d5:b4:2c:da:9d:91:7e:38:97:2a:a8:ad:70:df:4a:
d1:2f:f7:06:0b:b2:7f:6e:dc:80:6a:eb:e1:27:18:20:7f:c4:
76:7b:3d:d3:dc:3b:2e:64:e0:a5:28:ab:93:05:3d:73:e9:25:
cd:13:f3:e5
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICSzkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0Mjgy
MTIzMjlaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDg1RUEyNUJFMDY0MzY4
QjhERkU1QUI4Q0YzRDFCQTFFNTFCNjJFRjIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9XxLpX1GRowea/KFnj0n4s7m6TUyhk52MVAUQPzyWwdEdu59q
BDEUE08aAUY7/rpTzMPbztKszBFF7WYVftIM6QeFEbq26Xlu2Ps/ljq/cgUZkOyL
ADP3ZzC7b7zTyQYvILL7wPso9GY8lALA5OxxDNwSOwZHFyR7KJLo/oXtITbuCvGz
KVrIODm2ffIpdCL1f1dQ/Q3+mbsbdGaxy5KziY6tlaZkoeMIUtXCDUvcDv/c2nF+
+Vl2H5gAX3RN9xPD0buOJIqcfqe+EGAeYmfzJrrbZ1qlhBo1ZsS+PEY5Mz393htU
+BDFBJ4IGcSPVoa2o7jCmCof0aXcEa7rREjhAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUheolvgZDaLjf5auM89G6HlG2LvIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2hlb2x2Z1pEYUxqZjVh
dU04OUc2SGxHMkx2SS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAHT5N+KR0WWC2Vln
JI77IKLd609O0Ri118qCUdH7hKCVap05XIPSfo2Qca52OkxZoreU+/0GyBMXNzXg
gNJSwhLNbHB8eEoPfJ0AAjx6cM47zssZzZ7xlwMOI8YyK21Fwkjxn+0/7pvMJqja
4hF2gpiyYWXf5HULhb7X/Fp8tF3R7/s9CEEuJAZIE6OhLpE5PXM7PIDDtMOt5UW+
AxVMxyN4syZIkn70z2B8p0DCAE6+QZy6l8vzC81RoNrl2LwcpvQsEcvBUDDQ19W0
LNqdkX44lyqorXDfStEv9wYLsn9u3IBq6+EnGCB/xHZ7PdPcOy5k4KUoq5MFPXPp
Jc0T8+U=
-----END CERTIFICATE-----
Generated at Sat Jun 21 03:27:17 2025 by rpki-client