Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/hfnyGs1ejmd3SKW89bw3Ttd3rT4.roa
File: hfnyGs1ejmd3SKW89bw3Ttd3rT4.roa (raw, json)
Hash identifier: 8mlr2BS+DYRCIIdLD8Z/1kShF2qG7ggbmWHVnrchnyk=
Subject key identifier: 85:F9:F2:1A:CD:5E:8E:67:77:48:A5:BC:F5:BC:37:4E:D7:77:AD:3E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 3A71
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hfnyGs1ejmd3SKW89bw3Ttd3rT4.roa
Signing time: Sat 06 Apr 2024 12:22:30 +0000
ROA not before: Sat 06 Apr 2024 12:22:30 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14961 (0x3a71)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 6 12:22:30 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=85F9F21ACD5E8E677748A5BCF5BC374ED777AD3E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:98:79:5d:ec:98:84:df:37:78:e0:65:11:d3:
f0:a8:10:3d:4d:c4:9a:77:23:b0:fd:35:27:29:8a:
60:29:03:25:60:55:20:fa:db:77:1e:32:60:8f:3f:
17:33:32:8d:1e:4e:73:93:db:84:b6:99:61:32:0f:
05:b4:ae:9a:ca:f5:8d:91:39:d7:bb:8c:59:f9:fc:
bf:1d:f3:06:b4:5a:5b:51:eb:e5:a5:ef:b4:68:26:
33:70:aa:55:82:3d:45:68:73:d2:db:7f:c1:a7:7c:
2b:ed:31:bd:98:74:e4:fa:65:19:5b:bb:d7:64:59:
69:2a:b9:b2:2c:c5:cb:98:d0:a6:99:29:1a:1e:97:
62:e5:a9:47:3d:88:15:1e:59:87:e9:21:4d:1a:73:
20:e4:52:7b:b4:a2:e8:f6:0e:08:cc:24:e2:95:da:
0c:01:27:0c:28:23:10:3c:17:e6:e4:2b:ed:c0:ba:
15:7a:3c:57:e8:3e:47:dd:a6:29:43:58:a1:55:bd:
f2:52:9a:ae:9b:68:91:16:76:39:6b:5e:d4:11:c0:
76:be:15:89:ca:31:5e:e7:bc:2e:50:a4:46:5c:d3:
66:bb:54:78:68:c0:f8:2c:0e:71:1d:a0:22:c4:20:
9d:00:05:56:69:71:75:61:d4:e6:08:18:a2:47:a8:
bf:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:F9:F2:1A:CD:5E:8E:67:77:48:A5:BC:F5:BC:37:4E:D7:77:AD:3E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/hfnyGs1ejmd3SKW89bw3Ttd3rT4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
6b:18:8c:a3:bd:59:eb:dc:42:9b:4a:13:a6:a8:91:fe:15:65:
de:fb:c9:fd:c7:73:9e:02:8d:29:fc:e0:bf:31:20:57:fd:95:
50:be:37:df:f7:0c:a1:f2:a1:cf:c0:4f:6d:24:1d:c5:41:9a:
78:39:f9:a7:fd:5e:b3:34:59:c1:f6:0a:a7:0f:04:2c:0b:43:
12:96:d2:71:1d:fc:9b:bf:f0:27:f0:0f:ca:e7:a9:29:b2:d0:
bd:ad:65:92:b8:6c:fb:fe:46:32:cc:b8:c6:5c:c7:cb:ab:7c:
99:83:db:09:52:5d:40:cb:60:a7:f7:0d:74:ad:e3:6b:92:ab:
1c:8c:8b:b8:66:93:4c:80:fa:e5:ae:ea:3f:53:59:4a:a9:04:
6d:17:e7:12:75:25:11:47:70:07:70:fc:21:f5:e9:25:d0:5b:
05:42:10:51:3d:84:56:be:12:ff:ef:b2:ed:4f:99:c9:14:da:
ac:b7:21:a9:25:0d:58:3a:4e:8a:61:b8:cf:4e:ce:6a:68:8a:
01:18:66:80:4e:51:47:86:38:dd:cd:0f:8e:6b:70:6d:d8:09:
d4:79:53:7c:fe:ee:6a:bb:29:1f:c2:70:2c:ab:64:88:65:e6:
4e:6c:20:38:35:f3:29:55:26:29:2e:09:04:e6:9c:00:e2:b6:
3d:eb:d4:9c
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICOnEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MDYx
MjIyMzBaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDg1RjlGMjFBQ0Q1RThF
Njc3NzQ4QTVCQ0Y1QkMzNzRFRDc3N0FEM0UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6mHld7JiE3zd44GUR0/CoED1NxJp3I7D9NScpimApAyVgVSD6
23ceMmCPPxczMo0eTnOT24S2mWEyDwW0rprK9Y2ROde7jFn5/L8d8wa0WltR6+Wl
77RoJjNwqlWCPUVoc9Lbf8GnfCvtMb2YdOT6ZRlbu9dkWWkqubIsxcuY0KaZKRoe
l2LlqUc9iBUeWYfpIU0acyDkUnu0ouj2DgjMJOKV2gwBJwwoIxA8F+bkK+3AuhV6
PFfoPkfdpilDWKFVvfJSmq6baJEWdjlrXtQRwHa+FYnKMV7nvC5QpEZc02a7VHho
wPgsDnEdoCLEIJ0ABVZpcXVh1OYIGKJHqL8rAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUhfnyGs1ejmd3SKW89bw3Ttd3rT4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2hmbnlHczFlam1kM1NL
Vzg5YnczVHRkM3JUNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAGsYjKO9WevcQptK
E6aokf4VZd77yf3Hc54CjSn84L8xIFf9lVC+N9/3DKHyoc/AT20kHcVBmng5+af9
XrM0WcH2CqcPBCwLQxKW0nEd/Ju/8CfwD8rnqSmy0L2tZZK4bPv+RjLMuMZcx8ur
fJmD2wlSXUDLYKf3DXSt42uSqxyMi7hmk0yA+uWu6j9TWUqpBG0X5xJ1JRFHcAdw
/CH16SXQWwVCEFE9hFa+Ev/vsu1PmckU2qy3IaklDVg6TophuM9OzmpoigEYZoBO
UUeGON3ND45rcG3YCdR5U3z+7mq7KR/CcCyrZIhl5k5sIDg18ylVJikuCQTmnADi
tj3r1Jw=
-----END CERTIFICATE-----
Generated at Sat Jun 21 07:07:01 2025 by rpki-client