Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/igtPFxN4Re3HDMwaDFxHywFyjfY.roa
File: igtPFxN4Re3HDMwaDFxHywFyjfY.roa (raw, json)
Hash identifier: 4LzHitg1EYnkGsRciD9Zm0UObyb1likpv29nWFKuz+M=
Subject key identifier: 8A:0B:4F:17:13:78:45:ED:C7:0C:CC:1A:0C:5C:47:CB:01:72:8D:F6
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 44F9
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/igtPFxN4Re3HDMwaDFxHywFyjfY.roa
Signing time: Sat 20 Apr 2024 13:23:04 +0000
ROA not before: Sat 20 Apr 2024 13:23:04 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17657 (0x44f9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Apr 20 13:23:04 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=8A0B4F17137845EDC70CCC1A0C5C47CB01728DF6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f1:57:3a:e9:4d:82:5f:30:a5:87:e3:6d:e7:0c:
d2:69:ee:39:79:3e:3d:04:e8:52:1d:59:33:22:22:
80:87:cc:25:a2:c3:f5:bc:1c:ea:ab:e6:e0:f2:ac:
27:4d:fd:17:76:54:7b:df:3f:1e:32:5b:cd:83:12:
68:4c:c9:73:93:b3:36:0a:d7:b3:3c:ea:03:11:5e:
09:37:d0:f1:c2:a7:fd:a4:74:2e:fd:45:95:bb:4e:
5f:1c:61:6e:59:6f:5d:26:ed:c9:61:bf:4e:16:bd:
ed:e0:bf:24:db:f9:80:61:b6:cd:30:5e:3c:d9:bd:
07:44:d6:f1:e7:24:60:c2:e3:02:97:57:0b:d7:05:
a6:39:dd:83:52:1b:00:e9:a6:23:0b:f4:62:d6:03:
72:27:3c:35:50:32:d9:c2:04:5e:fc:9e:1d:a1:93:
f7:66:9a:9d:72:30:66:03:3f:74:0c:32:3a:a3:5e:
04:46:2b:b0:7f:38:64:09:ff:5a:87:ea:4b:58:89:
61:62:6d:17:38:42:0b:8d:bd:9f:6d:1e:90:c3:ed:
2a:00:2e:6e:31:d5:76:96:35:ec:a7:4a:6e:e3:a2:
28:9d:23:75:01:ad:3a:a0:f3:50:63:75:e4:4e:36:
8f:b1:5a:ca:d2:e1:4f:59:82:51:a4:db:27:2a:07:
c6:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:0B:4F:17:13:78:45:ED:C7:0C:CC:1A:0C:5C:47:CB:01:72:8D:F6
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/igtPFxN4Re3HDMwaDFxHywFyjfY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
08:e6:0a:e3:9a:d6:b3:ce:e5:ff:3f:6e:46:6f:65:30:5e:4b:
f8:04:39:19:42:3e:cc:d1:0c:ce:1e:2e:76:67:23:a5:7c:08:
d8:93:7e:2b:8a:7b:10:11:f7:57:cb:11:4e:a8:1d:82:b9:5a:
c7:f7:52:aa:89:ab:4b:18:c3:34:36:58:5e:8e:8e:37:82:a0:
a8:0a:96:ba:9f:e6:99:00:c2:09:af:f7:0c:9c:8c:c1:0f:94:
3c:61:21:35:35:1d:da:1e:7e:02:98:04:95:18:a0:3a:60:be:
2d:c9:f2:de:2b:23:2f:db:02:1f:23:92:2d:d6:7e:cc:a4:e0:
8c:c1:ec:c0:d1:27:38:3c:dd:b2:1e:1e:c6:c2:94:af:bb:7a:
0b:83:3c:ad:1b:96:02:e5:51:cd:3d:cc:3a:6b:c3:6e:e0:dd:
82:49:08:db:d8:92:8f:45:d4:14:d3:e2:64:fa:73:3a:42:b6:
1d:d5:56:e3:03:83:b1:a6:9f:8d:bd:d0:c6:01:07:ec:c7:65:
64:cc:23:f7:c0:5d:34:93:e5:2e:68:7e:d5:39:db:b0:8c:c9:
53:b0:69:5b:23:ab:52:c7:e6:07:74:69:56:5f:cf:53:a5:26:
2e:c0:fb:1f:c7:c8:a9:39:f2:42:a8:f2:2a:d4:da:b8:fe:fe:
0c:8b:50:11
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICRPkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA0MjAx
MzIzMDRaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDhBMEI0RjE3MTM3ODQ1
RURDNzBDQ0MxQTBDNUM0N0NCMDE3MjhERjYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDxVzrpTYJfMKWH423nDNJp7jl5Pj0E6FIdWTMiIoCHzCWiw/W8
HOqr5uDyrCdN/Rd2VHvfPx4yW82DEmhMyXOTszYK17M86gMRXgk30PHCp/2kdC79
RZW7Tl8cYW5Zb10m7clhv04Wve3gvyTb+YBhts0wXjzZvQdE1vHnJGDC4wKXVwvX
BaY53YNSGwDppiML9GLWA3InPDVQMtnCBF78nh2hk/dmmp1yMGYDP3QMMjqjXgRG
K7B/OGQJ/1qH6ktYiWFibRc4QguNvZ9tHpDD7SoALm4x1XaWNeynSm7joiidI3UB
rTqg81BjdeRONo+xWsrS4U9ZglGk2ycqB8brAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUigtPFxN4Re3HDMwaDFxHywFyjfYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2lndFBGeE40UmUzSERN
d2FERnhIeXdGeWpmWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAAjmCuOa1rPO5f8/
bkZvZTBeS/gEORlCPszRDM4eLnZnI6V8CNiTfiuKexAR91fLEU6oHYK5Wsf3UqqJ
q0sYwzQ2WF6OjjeCoKgKlrqf5pkAwgmv9wycjMEPlDxhITU1HdoefgKYBJUYoDpg
vi3J8t4rIy/bAh8jki3Wfsyk4IzB7MDRJzg83bIeHsbClK+7eguDPK0blgLlUc09
zDprw27g3YJJCNvYko9F1BTT4mT6czpCth3VVuMDg7Gmn4290MYBB+zHZWTMI/fA
XTST5S5oftU527CMyVOwaVsjq1LH5gd0aVZfz1OlJi7A+x/HyKk58kKo8irU2rj+
/gyLUBE=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:55:17 2025 by rpki-client