Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/k0STslYe3_XT34D98mfDT_539YY.roa
File: k0STslYe3_XT34D98mfDT_539YY.roa (raw, json)
Hash identifier: IWlPntXzYi89x2ccEO2WP+wjyBm1vh6MB271uPg9PKg=
Subject key identifier: 93:44:93:B2:56:1E:DF:F5:D3:DF:80:FD:F2:67:C3:4F:FE:77:F5:86
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 531D
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/k0STslYe3_XT34D98mfDT_539YY.roa
Signing time: Thu 09 May 2024 09:53:57 +0000
ROA not before: Thu 09 May 2024 09:53:57 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21277 (0x531d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 9 09:53:57 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=934493B2561EDFF5D3DF80FDF267C34FFE77F586
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:b7:ca:38:4a:25:98:de:13:aa:5c:62:5b:ac:
ea:bc:7c:03:aa:37:91:af:33:1e:56:d6:b2:d3:8a:
37:fc:d5:6b:78:d7:9c:cc:89:13:dd:68:3f:85:6d:
88:9a:40:45:92:f1:fa:ed:3a:10:dc:f9:da:87:a3:
1f:d9:42:79:f0:eb:8a:18:54:ed:61:6c:09:39:80:
6b:0b:2b:56:e6:84:af:3c:ce:6b:19:2b:77:bd:6d:
9e:0f:25:3f:03:00:b0:e1:d1:5c:ce:a6:c3:b1:81:
c6:a1:75:46:0b:b1:cb:25:62:06:8b:2e:f3:ab:ff:
2b:ba:de:23:6e:59:12:73:d3:a0:46:79:48:77:f3:
f5:6d:19:68:cc:3f:24:d6:45:99:e7:9c:67:45:2d:
86:fc:01:8e:7b:84:dc:7d:b7:e0:cf:c6:8e:90:0f:
2c:e3:9b:f7:f9:52:52:af:97:30:aa:9d:35:65:2f:
9d:7f:49:07:4d:05:e2:51:1d:6c:aa:0e:04:bc:c5:
1d:69:cf:fb:79:6f:30:9e:1b:6e:f7:15:2f:4e:da:
0d:0d:d9:17:06:6f:6d:9e:85:98:88:21:2e:a1:5d:
bf:71:70:c2:ee:35:df:07:f1:64:73:41:73:a0:bc:
2a:3f:fb:49:be:5b:62:88:11:f7:c1:af:b7:36:06:
4c:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:44:93:B2:56:1E:DF:F5:D3:DF:80:FD:F2:67:C3:4F:FE:77:F5:86
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/k0STslYe3_XT34D98mfDT_539YY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
3e:6a:74:dc:5e:b5:47:98:2a:f0:4f:78:3b:96:56:f0:65:60:
4e:ae:bd:ec:5a:39:bf:eb:80:3f:be:6a:da:1f:70:ce:a3:26:
08:80:70:78:b2:11:5e:91:56:d4:ea:1d:ca:8a:c5:da:f2:2c:
46:cc:05:74:9a:57:b2:44:72:c0:3c:9f:20:e0:a3:ee:08:b4:
a0:85:66:83:8f:63:48:56:e6:a9:9f:1c:1f:98:bd:02:4d:a8:
ed:77:ea:29:b7:9a:84:74:7a:dc:0e:d4:52:b2:79:47:2f:e0:
28:8f:7c:41:e9:9e:e7:28:d9:ef:2c:cd:fb:3a:9a:df:8f:f0:
81:e0:c2:ae:8e:bd:f9:e7:1e:81:13:6e:ca:20:00:de:40:8c:
b4:28:8f:0e:38:54:ea:1e:94:18:ef:b6:90:e2:b7:28:69:2c:
d6:72:99:48:39:e0:23:37:bf:13:1c:54:5b:cd:88:f8:71:e5:
d6:a3:aa:b2:9c:aa:45:e7:89:87:cd:6f:54:23:6d:5d:fd:ff:
6c:a4:61:ee:81:f6:7f:12:fe:24:5c:44:89:e3:55:56:5d:13:
00:41:66:b6:98:ce:b9:47:25:6a:40:a7:18:a0:10:97:6c:17:
dc:70:cd:05:49:43:9b:ce:7c:62:2f:65:ef:6d:55:c1:e4:05:
2a:e5:ca:83
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICUx0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MDkw
OTUzNTdaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDkzNDQ5M0IyNTYxRURG
RjVEM0RGODBGREYyNjdDMzRGRkU3N0Y1ODYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC8t8o4SiWY3hOqXGJbrOq8fAOqN5GvMx5W1rLTijf81Wt415zM
iRPdaD+FbYiaQEWS8frtOhDc+dqHox/ZQnnw64oYVO1hbAk5gGsLK1bmhK88zmsZ
K3e9bZ4PJT8DALDh0VzOpsOxgcahdUYLscslYgaLLvOr/yu63iNuWRJz06BGeUh3
8/VtGWjMPyTWRZnnnGdFLYb8AY57hNx9t+DPxo6QDyzjm/f5UlKvlzCqnTVlL51/
SQdNBeJRHWyqDgS8xR1pz/t5bzCeG273FS9O2g0N2RcGb22ehZiIIS6hXb9xcMLu
Nd8H8WRzQXOgvCo/+0m+W2KIEffBr7c2BkxNAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUk0STslYe3/XT34D98mfDT/539YYwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L2swU1RzbFllM19YVDM0
RDk4bWZEVF81MzlZWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBAD5qdNxetUeYKvBP
eDuWVvBlYE6uvexaOb/rgD++atofcM6jJgiAcHiyEV6RVtTqHcqKxdryLEbMBXSa
V7JEcsA8nyDgo+4ItKCFZoOPY0hW5qmfHB+YvQJNqO136im3moR0etwO1FKyeUcv
4CiPfEHpnuco2e8szfs6mt+P8IHgwq6OvfnnHoETbsogAN5AjLQojw44VOoelBjv
tpDityhpLNZymUg54CM3vxMcVFvNiPhx5dajqrKcqkXniYfNb1QjbV39/2ykYe6B
9n8S/iRcRInjVVZdEwBBZraYzrlHJWpApxigEJdsF9xwzQVJQ5vOfGIvZe9tVcHk
BSrlyoM=
-----END CERTIFICATE-----
Generated at Fri Jun 20 20:55:19 2025 by rpki-client