Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/i4cDKX9hLBopuP78kd0BkDEXTfE.roa
File: i4cDKX9hLBopuP78kd0BkDEXTfE.roa (raw, json)
Hash identifier: K7mRaxOfF3IpbwX8ohlEGYjYzBc4mieKNEd023P+k70=
Subject key identifier: 8B:87:03:29:7F:61:2C:1A:29:B8:FE:FC:91:DD:01:90:31:17:4D:F1
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 4199
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/i4cDKX9hLBopuP78kd0BkDEXTfE.roa
Signing time: Tue 16 Apr 2024 01:22:57 +0000
ROA not before: Tue 16 Apr 2024 01:22:57 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16793 (0x4199)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 16 01:22:57 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8B8703297F612C1A29B8FEFC91DD019031174DF1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:6a:cb:10:98:b5:29:7a:1e:0b:2d:38:dc:95:
25:56:9a:db:3c:28:0b:44:3f:99:2d:7a:a2:4a:c6:
e3:52:fb:13:7d:bd:82:4a:0f:56:99:76:11:94:9c:
f0:95:a1:32:49:fc:01:de:bf:ba:53:32:dd:63:0a:
c1:fa:fd:46:28:5d:f5:d3:e1:d3:5a:f6:b9:5c:71:
8c:9a:a5:5c:18:5d:24:6f:80:e8:af:9e:6f:88:da:
88:0f:4c:ed:16:24:d9:a4:ef:32:5a:e3:2c:6b:d5:
f7:75:35:46:94:7f:10:8d:3b:6f:51:0d:88:e7:a9:
29:2e:42:33:b7:76:a6:71:c6:1c:03:06:06:e0:97:
1c:6a:13:53:55:cd:d0:24:14:c4:75:ac:1d:9b:e5:
79:3d:da:90:80:40:5c:42:bb:5a:ae:e2:e2:bb:59:
a6:91:4b:72:01:68:1f:6d:69:8c:37:e6:da:99:53:
01:08:a1:40:3b:82:dc:6e:d4:8a:f9:6c:aa:e5:7b:
96:42:05:2b:c9:74:05:3e:72:56:a1:3c:5e:69:bc:
d8:24:1e:a8:5b:2e:d8:c8:2c:29:1a:5c:12:6d:2c:
6c:6b:6a:1b:bb:10:df:49:55:44:54:36:c5:2e:80:
1a:b5:f4:6f:8f:78:f7:c1:67:55:6e:22:2b:86:e7:
18:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:87:03:29:7F:61:2C:1A:29:B8:FE:FC:91:DD:01:90:31:17:4D:F1
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/i4cDKX9hLBopuP78kd0BkDEXTfE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
b4:76:97:bd:45:2c:0d:4c:87:42:c3:98:c8:71:ed:1b:00:27:
70:d2:8d:b6:af:8a:60:7c:7c:0e:0e:7f:26:c2:e8:61:51:83:
dc:b0:7f:a4:db:8e:6f:4d:f2:62:f1:1a:92:5d:ea:3a:93:f5:
a9:8c:ca:ed:04:4a:fd:ef:af:c6:a2:1a:5b:89:29:08:19:68:
3a:83:20:9d:05:c0:91:17:79:58:a4:c6:35:2d:c0:8b:88:36:
84:54:4e:51:32:42:68:ff:4c:ae:a2:6a:da:3d:ca:c6:4e:f9:
e6:aa:11:b9:2d:6d:3e:ca:c4:8c:5a:73:8d:e0:44:00:39:c2:
80:fd:5c:b5:d5:5f:6c:04:63:1c:ca:00:e0:37:82:01:e8:e9:
b5:9d:b3:bd:0f:94:e2:03:0b:6e:38:37:f1:b8:9b:81:69:5e:
13:3d:dd:9c:6c:cc:68:46:43:aa:c0:1c:83:80:bf:3e:bb:d3:
ba:ca:bd:9d:b6:02:b2:27:7e:bd:c1:30:b7:68:37:50:48:86:
a4:f3:db:10:74:e3:12:64:fd:fc:9f:f7:15:fa:e7:e3:5d:e5:
4d:79:4b:3a:10:1c:19:df:b4:7b:a1:82:21:cd:f5:f1:65:39:
60:22:0a:3b:55:47:39:d1:e6:fa:4b:73:9a:ef:47:1e:e3:08:
f8:5a:a9:ce
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICQZkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MTYw
MTIyNTdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDhCODcwMzI5N0Y2MTJD
MUEyOUI4RkVGQzkxREQwMTkwMzExNzRERjEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+assQmLUpeh4LLTjclSVWmts8KAtEP5kteqJKxuNS+xN9vYJK
D1aZdhGUnPCVoTJJ/AHev7pTMt1jCsH6/UYoXfXT4dNa9rlccYyapVwYXSRvgOiv
nm+I2ogPTO0WJNmk7zJa4yxr1fd1NUaUfxCNO29RDYjnqSkuQjO3dqZxxhwDBgbg
lxxqE1NVzdAkFMR1rB2b5Xk92pCAQFxCu1qu4uK7WaaRS3IBaB9taYw35tqZUwEI
oUA7gtxu1Ir5bKrle5ZCBSvJdAU+clahPF5pvNgkHqhbLtjILCkaXBJtLGxrahu7
EN9JVURUNsUugBq19G+PePfBZ1VuIiuG5xhDAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUi4cDKX9hLBopuP78kd0BkDEXTfEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2k0Y0RLWDloTEJvcHVQ
NzhrZDBCa0RFWFRmRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBALR2l71FLA1Mh0LD
mMhx7RsAJ3DSjbavimB8fA4OfybC6GFRg9ywf6Tbjm9N8mLxGpJd6jqT9amMyu0E
Sv3vr8aiGluJKQgZaDqDIJ0FwJEXeVikxjUtwIuINoRUTlEyQmj/TK6iato9ysZO
+eaqEbktbT7KxIxac43gRAA5woD9XLXVX2wEYxzKAOA3ggHo6bWds70PlOIDC244
N/G4m4FpXhM93ZxszGhGQ6rAHIOAvz6707rKvZ22ArInfr3BMLdoN1BIhqTz2xB0
4xJk/fyf9xX65+Nd5U15SzoQHBnftHuhgiHN9fFlOWAiCjtVRznR5vpLc5rvRx7j
CPhaqc4=
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:48:31 2025 by rpki-client